re PR c/41935 (ICE : tree check: expected integer_cst, have nop_expr in int_cst_value, at tree.c:8301)

	PR middle-end/41935
	* c-common.c (fold_offsetof_1) <case ARRAY_REF>: Don't crash for VLAs
	or non-constant index, allow index one past the last element and
	allow exceeding array bound in arrays that might be used as flexible
	array members.

	* gcc.dg/pr41935.c: New test.
	* c-c++-common/pr41935.c: New test.
	* c-c++-common/builtin-offsetof.c (f0): Allow index one past the last
	element.
	* gcc.c-torture/execute/pr41935.c: New test.

From-SVN: r153962

7 files changed, 179 insertions, 10 deletions

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index a39ecba..70ed436 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,11 @@
+2009-11-06  Jakub Jelinek  <jakub@redhat.com>
+
+	PR middle-end/41935
+	* c-common.c (fold_offsetof_1) <case ARRAY_REF>: Don't crash for VLAs
+	or non-constant index, allow index one past the last element and
+	allow exceeding array bound in arrays that might be used as flexible
+	array members.
+
 2009-11-05  Richard Henderson  <rth@redhat.com>
 
 	* config/i386/ia32intrin.h: Protect CRC32 builtins with __SSE4_2__.
diff --git a/gcc/c-common.c b/gcc/c-common.c
index a9ca960..20b24f0 100644
--- a/gcc/c-common.c
+++ b/gcc/c-common.c
@@ -8398,14 +8398,46 @@ fold_offsetof_1 (tree expr, tree stop_ref)
       off = size_binop (MULT_EXPR, TYPE_SIZE_UNIT (TREE_TYPE (expr)), t);
 
       /* Check if the offset goes beyond the upper bound of the array.  */
-      {
-	tree nelts = array_type_nelts (TREE_TYPE (TREE_OPERAND (expr, 0)));
-        HOST_WIDE_INT index = int_cst_value (t);
-	if (index > int_cst_value (nelts))
-	  warning (OPT_Warray_bounds,
-		   "index %wd denotes an offset greater than size of %qT",
-		   index, TREE_TYPE (TREE_OPERAND (expr, 0)));
-      }
+      if (code == PLUS_EXPR && TREE_CODE (t) == INTEGER_CST)
+	{
+	  tree upbound = array_ref_up_bound (expr);
+	  if (upbound != NULL_TREE
+	      && TREE_CODE (upbound) == INTEGER_CST
+	      && !tree_int_cst_equal (upbound,
+				      TYPE_MAX_VALUE (TREE_TYPE (upbound))))
+	    {
+	      upbound = size_binop (PLUS_EXPR, upbound,
+				    build_int_cst (TREE_TYPE (upbound), 1));
+	      if (tree_int_cst_lt (upbound, t))
+		{
+		  tree v;
+
+		  for (v = TREE_OPERAND (expr, 0);
+		       TREE_CODE (v) == COMPONENT_REF;
+		       v = TREE_OPERAND (v, 0))
+		    if (TREE_CODE (TREE_TYPE (TREE_OPERAND (v, 0)))
+			== RECORD_TYPE)
+		      {
+			tree fld_chain = TREE_CHAIN (TREE_OPERAND (v, 1));
+			for (; fld_chain; fld_chain = TREE_CHAIN (fld_chain))
+			  if (TREE_CODE (fld_chain) == FIELD_DECL)
+			    break;
+
+			if (fld_chain)
+			  break;
+		      }
+		  /* Don't warn if the array might be considered a poor
+		     man's flexible array member with a very permissive
+		     definition thereof.  */
+		  if (TREE_CODE (v) == ARRAY_REF
+		      || TREE_CODE (v) == COMPONENT_REF)
+		    warning (OPT_Warray_bounds,
+			     "index %E denotes an offset "
+			     "greater than size of %qT",
+			     t, TREE_TYPE (TREE_OPERAND (expr, 0)));
+		}
+	    }
+	}
       break;
 
     case COMPOUND_EXPR:
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 2aba607..04ce939 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,12 @@
+2009-11-06  Jakub Jelinek  <jakub@redhat.com>
+
+	PR middle-end/41935
+	* gcc.dg/pr41935.c: New test.
+	* c-c++-common/pr41935.c: New test.
+	* c-c++-common/builtin-offsetof.c (f0): Allow index one past the last
+	element.
+	* gcc.c-torture/execute/pr41935.c: New test.
+
 2009-11-05  Jason Merrill  <jason@redhat.com>
 
 	PR c++/34180
diff --git a/gcc/testsuite/c-c++-common/builtin-offsetof.c b/gcc/testsuite/c-c++-common/builtin-offsetof.c
index 0ab498a..6d97775 100644
--- a/gcc/testsuite/c-c++-common/builtin-offsetof.c
+++ b/gcc/testsuite/c-c++-common/builtin-offsetof.c
@@ -21,9 +21,9 @@ f0 ()
   __builtin_offsetof(struct A, p[0]); // { dg-error "non constant address" }
   __builtin_offsetof(struct B, p[0]); // OK
   __builtin_offsetof(struct B, p[9]); // OK
-  __builtin_offsetof(struct B, p[10]); // { dg-warning "greater than size" }
+  __builtin_offsetof(struct B, p[10]); // OK
+  __builtin_offsetof(struct B, p[11]); // { dg-warning "greater than size" }
   __builtin_offsetof(struct B, a.p); // OK
   __builtin_offsetof(struct B, p[0]); // OK
   __builtin_offsetof(struct B, a.p[0]); // { dg-error "non constant address" }
 }
-
diff --git a/gcc/testsuite/c-c++-common/pr41935.c b/gcc/testsuite/c-c++-common/pr41935.c
new file mode 100644
index 0000000..3279e75
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/pr41935.c
@@ -0,0 +1,70 @@
+/* { dg-options "-Warray-bounds" } */
+/* { dg-do compile } */
+
+struct A
+{
+  int i;
+  char p[1];
+};
+
+struct B
+{
+  struct A a;
+  int i;
+};
+
+struct C
+{
+  int i;
+  struct A a;
+};
+
+union D
+{
+  char p[1];
+  struct A a;
+  struct B b;
+  struct C c;
+};
+
+struct E
+{
+  int i;
+  union D d;
+};
+
+struct F
+{
+  union D d;
+  int i;
+};
+
+union G
+{
+  int i;
+  union D d;
+};
+
+void
+f0 ()
+{
+  __builtin_offsetof (struct A, p[4]); /* OK */
+  __builtin_offsetof (struct B, a.p[4]); /* { dg-warning "greater than size" } */
+  __builtin_offsetof (struct C, a.p[4]); /* OK */
+  __builtin_offsetof (union D, p[4]); /* OK */
+  __builtin_offsetof (union D, a.p[4]); /* OK */
+  __builtin_offsetof (union D, b.a.p[4]); /* { dg-warning "greater than size" } */
+  __builtin_offsetof (union D, c.a.p[4]); /* OK */
+  __builtin_offsetof (struct E, d.p[4]); /* OK */
+  __builtin_offsetof (struct E, d.a.p[4]); /* OK */
+  __builtin_offsetof (struct E, d.b.a.p[4]); /* { dg-warning "greater than size" } */
+  __builtin_offsetof (struct E, d.c.a.p[4]); /* OK */
+  __builtin_offsetof (struct F, d.p[4]); /* { dg-warning "greater than size" } */
+  __builtin_offsetof (struct F, d.a.p[4]); /* { dg-warning "greater than size" } */
+  __builtin_offsetof (struct F, d.b.a.p[4]); /* { dg-warning "greater than size" } */
+  __builtin_offsetof (struct F, d.c.a.p[4]); /* { dg-warning "greater than size" } */
+  __builtin_offsetof (union G, d.p[4]); /* OK */
+  __builtin_offsetof (union G, d.a.p[4]); /* OK */
+  __builtin_offsetof (union G, d.b.a.p[4]); /* { dg-warning "greater than size" } */
+  __builtin_offsetof (union G, d.c.a.p[4]); /* OK */
+}
diff --git a/gcc/testsuite/gcc.c-torture/execute/pr41935.c b/gcc/testsuite/gcc.c-torture/execute/pr41935.c
new file mode 100644
index 0000000..ef8d08c
--- /dev/null
+++ b/gcc/testsuite/gcc.c-torture/execute/pr41935.c
@@ -0,0 +1,25 @@
+/* PR middle-end/41935 */
+
+extern void abort (void);
+
+long int
+foo (int n, int i, int j)
+{
+  typedef int T[n];
+  struct S { int a; T b[n]; };
+  return __builtin_offsetof (struct S, b[i][j]);
+}
+
+int
+main (void)
+{
+  typedef int T[5];
+  struct S { int a; T b[5]; };
+  if (foo (5, 2, 3)
+      != __builtin_offsetof (struct S, b) + (5 * 2 + 3) * sizeof (int))
+    abort ();
+  if (foo (5, 5, 5)
+      != __builtin_offsetof (struct S, b) + (5 * 5 + 5) * sizeof (int))
+    abort ();
+  return 0;
+}
diff --git a/gcc/testsuite/gcc.dg/pr41935.c b/gcc/testsuite/gcc.dg/pr41935.c
new file mode 100644
index 0000000..e6a1b28
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/pr41935.c
@@ -0,0 +1,25 @@
+/* PR middle-end/41935 */
+/* { dg-do run } */
+/* { dg-options "-O2" } */
+
+extern void abort (void);
+struct A { int a; int b[10]; };
+
+int
+foo (struct A *p)
+{
+  return __builtin_offsetof (struct A, b[p->a]);
+}
+
+int
+main ()
+{
+  struct A a;
+  a.a = 7;
+  if (foo (&a) != 7 * sizeof (int) + __builtin_offsetof (struct A, b))
+    abort ();
+  a.a = 2;
+  if (foo (&a) != 2 * sizeof (int) + __builtin_offsetof (struct A, b))
+    abort ();
+  return 0;
+}