From 68aea7801848f978f8b5461807dfd3b7a504da1e Mon Sep 17 00:00:00 2001 From: Richard Biener Date: Tue, 18 Apr 2023 11:49:48 +0200 Subject: [PATCH] tree-optimization/109539 - restrict PHI handling in access diagnostics Access diagnostics visits the SSA def-use chains to diagnose things like dangling pointer uses. When that runs into PHIs it tries to prove all incoming pointers of which one is the currently visited use are related to decide whether to keep looking for the PHI def uses. That turns out to be overly optimistic and thus costly. The following scraps the existing handling for simply requiring that we eventually visit all incoming pointers of the PHI during the def-use chain analysis and only then process uses of the PHI def. Note this handles backedges of natural loops optimistically, diagnosing the first iteration. There's gcc.dg/Wuse-after-free-2.c containing a testcase requiring this. PR tree-optimization/109539 * gimple-ssa-warn-access.cc (pass_waccess::check_pointer_uses): Re-implement pointer relatedness for PHIs. (cherry picked from commit fdbaab2dc886f78a1e75512eeee0faa17e77c862) --- gcc/gimple-ssa-warn-access.cc | 56 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 45 insertions(+), 11 deletions(-) diff --git a/gcc/gimple-ssa-warn-access.cc b/gcc/gimple-ssa-warn-access.cc index d0d2148..48e85e9 100644 --- a/gcc/gimple-ssa-warn-access.cc +++ b/gcc/gimple-ssa-warn-access.cc @@ -4173,8 +4173,9 @@ pass_waccess::check_pointer_uses (gimple *stmt, tree ptr, auto_bitmap visited; - auto_vec pointers; - pointers.safe_push (ptr); + auto_vec pointers; + pointers.quick_push (ptr); + hash_map *phi_map = nullptr; /* Starting with PTR, iterate over POINTERS added by the loop, and either warn for their uses in basic blocks dominated by the STMT @@ -4241,19 +4242,49 @@ pass_waccess::check_pointer_uses (gimple *stmt, tree ptr, tree_code code = gimple_cond_code (cond); equality = code == EQ_EXPR || code == NE_EXPR; } - else if (gimple_code (use_stmt) == GIMPLE_PHI) + else if (gphi *phi = dyn_cast (use_stmt)) { /* Only add a PHI result to POINTERS if all its - operands are related to PTR, otherwise continue. */ - tree lhs = gimple_phi_result (use_stmt); - if (!pointers_related_p (stmt, lhs, ptr, m_ptr_qry)) - continue; - - if (TREE_CODE (lhs) == SSA_NAME) + operands are related to PTR, otherwise continue. The + PHI result is related once we've reached all arguments + through this iteration. That also means any invariant + argument will make the PHI not related. For arguments + flowing over natural loop backedges we are optimistic + (and diagnose the first iteration). */ + tree lhs = gimple_phi_result (phi); + if (!phi_map) + phi_map = new hash_map; + bool existed_p; + int &related = phi_map->get_or_insert (lhs, &existed_p); + if (!existed_p) { - pointers.safe_push (lhs); - continue; + related = gimple_phi_num_args (phi) - 1; + for (unsigned j = 0; j < gimple_phi_num_args (phi); ++j) + { + if ((unsigned) phi_arg_index_from_use (use_p) == j) + continue; + tree arg = gimple_phi_arg_def (phi, j); + edge e = gimple_phi_arg_edge (phi, j); + basic_block arg_bb; + if (dominated_by_p (CDI_DOMINATORS, e->src, e->dest) + /* Make sure we are not forward visiting a + backedge argument. */ + && (TREE_CODE (arg) != SSA_NAME + || (!SSA_NAME_IS_DEFAULT_DEF (arg) + && ((arg_bb + = gimple_bb (SSA_NAME_DEF_STMT (arg))) + != e->dest) + && !dominated_by_p (CDI_DOMINATORS, + e->dest, arg_bb)))) + related--; + } } + else + related--; + + if (related == 0) + pointers.safe_push (lhs); + continue; } /* Warn if USE_STMT is dominated by the deallocation STMT. @@ -4292,6 +4323,9 @@ pass_waccess::check_pointer_uses (gimple *stmt, tree ptr, } } } + + if (phi_map) + delete phi_map; } /* Check call STMT for invalid accesses. */ -- 2.7.4