Age | Commit message (Collapse) | Author | Files | Lines |
|
gcc/analyzer/ChangeLog:
* analyzer.opt (Wanalyzer-use-of-closed-file): New option.
* sm-file.cc (class use_of_closed_file): New file_diagnostic subclass.
(find_file_param): New function.
(fileptr_state_machine::on_stmt): Complain about operations on
closed files.
gcc/ChangeLog:
* doc/invoke.texi (-Wanalyzer-use-of-closed-file): Document new
option.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/file-1.c (test_5): New test.
|
|
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/analyzer-verbosity-0.c: Update expected
output to remove source code from diagnostic locus, made redundant
by path. Remove interprocedural margin and event-run header from
purely intraprocedural case.
* gcc.dg/analyzer/analyzer-verbosity-1.c: Likewise.
* gcc.dg/analyzer/analyzer-verbosity-2.c: Likewise.
* gcc.dg/analyzer/malloc-ipa-11.c: Update to remove source code
for diagnostic locus.
* gcc.dg/analyzer/malloc-ipa-8-double-free.c: Likewise.
* gcc.dg/analyzer/malloc-ipa-8-unchecked.c: Likewise.
* gcc.dg/analyzer/malloc-macro-inline-events.c: Likewise, also to
remove function names from event-run headers and remove
interprocedural margin.
* gcc.dg/analyzer/malloc-paths-9.c: Update to remove source code
for diagnostic locus, event-run header, and interprocedural margin.
* gcc.dg/analyzer/setjmp-2.c: Update to remove source code for
diagnostic locus, function name from event-run headers, and
interprocedural margin.
* gcc.dg/analyzer/setjmp-3.c: Update to remove source code for
diagnostic locus.
* gcc.dg/analyzer/setjmp-4.c: Likewise.
* gcc.dg/analyzer/setjmp-5.c: Likewise.
* gcc.dg/analyzer/setjmp-7a.c: Likewise.
* gcc.dg/analyzer/setjmp-8.c: Likewise.
* gcc.dg/analyzer/setjmp-9.c: Likewise.
* gcc.dg/analyzer/signal-4a.c: Likewise.
* gcc.dg/analyzer/signal-4b.c: Likewise.
|
|
This patch tweaks the default implementation of diagnostic_path
printing (-fdiagnostics-path-format=inline-events) to be less verbose
for various common cases.
Consider this synthetic diagnostic from the test plugin:
test.c: In function 'test':
test.c:29:5: error: passing NULL as argument 1 to 'PyList_Append' which
requires a non-NULL parameter
29 | PyList_Append(list, item);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
'test': events 1-3
|
| 25 | list = PyList_New(0);
| | ^~~~~~~~~~~~~
| | |
| | (1) when 'PyList_New' fails, returning NULL
| 26 |
| 27 | for (i = 0; i < count; i++) {
| | ~~~
| | |
| | (2) when 'i < count'
| 28 | item = PyLong_FromLong(random());
| 29 | PyList_Append(list, item);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) when calling 'PyList_Append', passing NULL from (1) as argument 1
|
The diagnostic's primary location_t is contained within the path, so
printing the source code for it at the top before the path is redundant.
Also, this path is purely intraprocedural, so there's no point in
printing the "interprocedural margin" on the left-hand side, and there's
a single event run, so there's no point in printing the header for the
run.
This patch simplifies the output for the above to:
test.c: In function 'test':
test.c:29:5: error: passing NULL as argument 1 to 'PyList_Append' which
requires a non-NULL parameter
25 | list = PyList_New(0);
| ^~~~~~~~~~~~~
| |
| (1) when 'PyList_New' fails, returning NULL
26 |
27 | for (i = 0; i < count; i++) {
| ~~~
| |
| (2) when 'i < count'
28 | item = PyLong_FromLong(random());
29 | PyList_Append(list, item);
| ~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| (3) when calling 'PyList_Append', passing NULL from (1) as argument 1
The patch replaces the diagnostic_context's print_path callback with an
object with two vfuncs, allowing for eliding diagnostic_show_locus for
the rich_location in favor of just printing the path for the common case
of a single location_t that's within the path, no fix-it hints or
labels, and -fdiagnostics-path-format=inline-events.
This went through several iterations; in one iteration I attempted to
use a small class hierarchy of per enum diagnostics_output_format
path_printer subclasses; this didn't work because the option-handling
is done in opts.o:common_handle_option, which is in
OBJS-libcommon-target, which isn't "tree-ish". So this version has
a single implementation subclass in tree-diagnostic-path.cc.
This patch contains the non-analyzer changes; a follow-up updates the
expected output for the analyzer testsuite.
gcc/ChangeLog:
* diagnostic-format-json.cc (diagnostic_output_format_init): For
the JSON case, update for conversion from a print_path callback to
a m_path_printer object, deleting any such object.
* diagnostic-show-locus.c (diagnostic_show_locus): Call any
path_printer's maybe_print_path_rather_than_richloc and
potentially bail out early.
* diagnostic.c (diagnostic_initialize): Initializer m_path_printer
and make_json_for_path.
(diagnostic_finish): Delete any m_path_printer.
(diagnostic_show_any_path): Update to call any m_path_printer's
print_path vfunc.
(rich_location::path_makes_location_redundant_p): New function.
* diagnostic.h (class path_printer): New class.
(diagnostic_context::print_path): Replace this callback with...
(diagnostic_context::m_path_printer): ...this object pointer.
(diagnostic_context::make_json_for_path): Fix overlong line.
* doc/invoke.texi (-fdiagnostics-path-format=inline-events):
Update intraprocedural example to reflect removal of event run
header and interprocedural margin. Add sentence describing
how source code for location can be elided.
(-fdiagnostics-show-path-depths): Fix reference to pertinent
option.
* tree-diagnostic-path.cc: (path_summary::m_path): New field.
(path_summary::path_summary): Initialize it.
(print_fndecl): Likewise.
(path_summary::print): Add param "need_event_header". Determine
if the path is interprocedural vs purely intraprocedural. Only
print headers for event-runs if we need to, or if there's more
than one event-run. Only print the "interprocedural border" for
interprocedural paths. Only print the function name in event-run
headers for interprocedural paths.
(default_tree_diagnostic_path_printer): Replace with...
(class impl_path_printer): ...this class.
(path_printer::make_tree_default): New function.
(selftest::test_intraprocedural_path): Update expected result for
above changes; do with and without requiring event headers.
* tree-diagnostic.c (tree_diagnostics_defaults): Replace
initialization of print_path with that for m_path_printer.
* tree-diagnostic.h (default_tree_diagnostic_path_printer): Delete decl.
gcc/testsuite/ChangeLog:
* gcc.dg/plugin/diagnostic-path-format-default.c: Update expected
output to remove source code from diagnostic locus, made redundant
by path.
* gcc.dg/plugin/diagnostic-path-format-inline-events-1.c:
Likewise.
* gcc.dg/plugin/diagnostic-path-format-inline-events-2.c:
Likewise.
* gcc.dg/plugin/diagnostic-path-format-inline-events-3.c:
Likewise.
* gcc.dg/plugin/diagnostic-test-paths-2.c: Likewise; also
remove redundant event run header and interprocedual margin.
* gcc.dg/plugin/diagnostic-test-paths-2a.c: New test.
* gcc.dg/plugin/diagnostic-test-paths-4.c: Update expected output
to remove source code from diagnostic locus, made redundant by
path.
* gcc.dg/plugin/diagnostic_plugin_test_paths.c
(class pass_test_show_path): Add an m_dummy_label field and
initialize it in the ctor.
(example_1): Add a "dummy_label" param. Use it to optionally add
a labelled to the rich_location.
(pass_test_show_path::execute): Pass m_dummy_label to the call to
example_1.
(make_pass_test_show_path): Delete.
(plugin_init): Look for a "dummy_label" plugin argument and use
it to initialize the pass's m_dummy_label field. Call new directly
to avoid passing around such params.
* gcc.dg/plugin/plugin.exp (plugin_test_list): Add new test.
libcpp/ChangeLog:
* include/line-map.h
(rich_location::path_makes_location_redundant_p): New decl.
|
|
gcc/ChangeLog:
* doc/invoke.texi (-fdiagnostics-show-cwe): Add note that some of
the analyzer options provide CWE identifiers.
|
|
PR analyzer/93212 reports an ICE when attempting to use -fanalyzer
on a C++ source file. That isn't supported yet, but the fix is
trivial (handling METHOD_TYPE as well as FUNCTION_TYPE).
gcc/analyzer/ChangeLog:
PR analyzer/93212
* region-model.cc (make_region_for_type): Use
FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
* region-model.h (function_region::function_region): Likewise.
|
|
sm-signal.cc was failing to warn about the use of an fprintf call in a
signal handler when the signal handler function was non-static.
The root cause was a failure to copy global sm-state within
sm_state_map::clone_with_remapping as called by
program_state::can_merge_with_p, which led to the exploded node for
the entrypoint to the handler in the "normal" state being erroneously
reused for the "in_signal_handler" state, thus losing the global state,
and thus failing to warn.
This patch fixes the above, so that non-equal global sm-state values
prevent merger of program_state, thus requiring separate exploded nodes
for the "normal" and "in signal handler" states, and thus triggering
the warning for the reproducer.
gcc/analyzer/ChangeLog:
* program-state.cc (sm_state_map::clone_with_remapping): Copy
m_global_state.
(selftest::test_program_state_merging_2): New selftest.
(selftest::analyzer_program_state_cc_tests): Call it.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/signal-6.c: New test.
|
|
This patch adds DISABLE_COPY_AND_ASSIGN to checker_path, and makes its
fields private.
gcc/analyzer/ChangeLog:
* checker-path.h (checker_path::get_checker_event): New function.
(checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
* diagnostic-manager.cc
(diagnostic_manager::prune_for_sm_diagnostic): Replace direct
access to checker_path::m_events with accessor functions. Fix
overlong line.
(diagnostic_manager::prune_interproc_events): Replace direct
access to checker_path::m_events with accessor functions.
(diagnostic_manager::finish_pruning): Likewise.
|
|
checker_event has a clone vfunc implemented by all the concrete
subclasses, but this is never used (a holdover from a very early
implementation). This patch deletes it.
gcc/analyzer/ChangeLog:
* checker-path.h (checker_event::clone): Delete vfunc decl.
(debug_event::clone): Delete vfunc impl.
(custom_event::clone): Delete vfunc impl.
(statement_event::clone): Delete vfunc impl.
(function_entry_event::clone): Delete vfunc impl.
(state_change_event::clone): Delete vfunc impl.
(start_cfg_edge_event::clone): Delete vfunc impl.
(end_cfg_edge_event::clone): Delete vfunc impl.
(call_event::clone): Delete vfunc impl.
(return_event::clone): Delete vfunc impl.
(setjmp_event::clone): Delete vfunc impl.
(rewind_from_longjmp_event::clone): Delete vfunc impl.
(rewind_to_setjmp_event::clone): Delete vfunc impl.
(warning_event::clone): Delete vfunc impl.
|
|
This patch fixes an issue with the output of -fdump-analyzer-supergraph
on BBs with no statements, where the resulting files were unreadable by
dot e.g.:
Error: syntax error in line 1
... <TABLE BORDER="0"></TABLE> ...
in label of node node_10
gcc/analyzer/ChangeLog:
* supergraph.cc (supernode::dump_dot): Ensure that the TABLE
element has at least one TR.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/dot-output.c: Add test coverage for a BB with
no statements.
|
|
In the reproducer for PR analyzer/58237 I noticed that some events were
missing locations (and text); for example event 3 here:
| 15 | while (fgets(buf, 10, fp) != NULL)
| | ~
| | |
| | (2) following 'false' branch...
|
'f1': event 3
|
|cc1:
|
'f1': event 4
|
|<source>:19:1:
| 19 | }
| | ^
| | |
| | (4) 'fp' leaks here; was opened at (1)
|
The root cause is that various places in the analyzer compare locations
against UNKNOWN_LOCATION, which fails to detect an unknown location for
the case where an unknown_location has been wrapped into an ad-hoc
location to record a block.
This patch fixes the issue by using get_pure_location whenever testing
against UNKNOWN_LOCATION to look through ad-hoc wrappers.
For the case above, it thus picks a better location in
supernode::get_start_location for event (3) above, improving it to:
| 15 | while (fgets(buf, 10, fp) != NULL)
| | ~
| | |
| | (2) following 'false' branch...
|......
| 19 | }
| | ~
| | |
| | (3) ...to here
| | (4) 'fp' leaks here; was opened at (1)
|
gcc/analyzer/ChangeLog:
PR analyzer/58237
* engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
when comparing against UNKNOWN_LOCATION.
(stmt_requires_new_enode_p): Likewise.
(exploded_graph::dump_exploded_nodes): Likewise.
* supergraph.cc (supernode::get_start_location): Likewise.
(supernode::get_end_location): Likewise.
gcc/testsuite/ChangeLog:
PR analyzer/58237
* gcc.dg/analyzer/file-paths-1.c: New test.
|
|
In the reproducer for PR analyzer/58237 I noticed that some events that
were missing locations were also missing text; for example event 3 here:
| 15 | while (fgets(buf, 10, fp) != NULL)
| | ~
| | |
| | (2) following 'false' branch...
|
'f1': event 3
|
|cc1:
|
The root cause is that the path_summary-printing code doesn't consider
ad-hoc locations when looking for reserved locations, and so fails to
detect an unknown location for the case where an unknown location has
been wrapped into an ad-hoc location to record a block.
This patch fixes the issue by using get_pure_location, thus looking
through ad-hoc wrappers, improving the result to:
| 15 | while (fgets(buf, 10, fp) != NULL)
| | ~
| | |
| | (2) following 'false' branch...
|
'f1': event 3
|
|cc1:
| (3): ...to here
|
gcc/ChangeLog:
* tree-diagnostic-path.cc (path_summary::event_range::print):
When testing for UNKNOWN_LOCATION, look through ad-hoc wrappers
using get_pure_location.
|
|
The analyzer ought to report various file leaks for the reproducer in
PR analyzer/58237, such as:
void f1(const char *str)
{
FILE * fp = fopen(str, "r");
char buf[10];
while (fgets(buf, 10, fp) != NULL)
{
/* Do something with buf */
}
/* Missing call to fclose. Need warning here for resource leak */
}
but fails to do so, due to not recognizing fgets, and thus
conservatively assuming that it could close "fp".
This patch adds a function_set to sm-file.cc of numerous stdio.h
functions that are known to not close the file (and which require a
valid FILE *, but that's a matter for a followup), fixing the issue.
gcc/analyzer/ChangeLog:
PR analyzer/58237
* analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
selftest::analyzer_sm_file_cc_tests.
* analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
decl.
* sm-file.cc: Include "analyzer/function-set.h" and
"analyzer/analyzer-selftests.h".
(get_file_using_fns): New function.
(is_file_using_fn_p): New function.
(fileptr_state_machine::on_stmt): Return true for known functions.
(selftest::analyzer_sm_file_cc_tests): New function.
gcc/testsuite/ChangeLog:
PR analyzer/58237
* gcc.dg/analyzer/file-1.c (test_4): New.
* gcc.dg/analyzer/file-pr58237.c: New test.
|
|
The following testcase shows that GCC trunk mishandles DSE of __*_chk
calls. Tail trimming of the calls is fine, we want to just decrease the
third argument and keep the first two and last arguments unmodified.
But for head trimming, we currently increment the two by head_trim and
decrease the third by head_trim, so
__builtin___memcpy_chk (&a, b_2(D), 48, 32);
__builtin_memset (&a, 32, 16);
into:
_5 = b_2(D) + 16;
__builtin___memcpy_chk (&MEM <char> [(void *)&a + 16B], _5, 32, 32);
__builtin_memset (&a, 32, 16);
This is wrong, because the 32 was the determined (maximum) size of the
destination (char a[32]), but &a[16] has maximum size of 16, not 32.
The __builtin___memcpy_chk (&MEM <char> [(void *)&a + 16B], _5, 32, 32);
call is just folded later into
__builtin_memcpy (&MEM <char> [(void *)&a + 16B], _5, 32);
because it says that it copies as many bytes into destination as the
destination has. We need:
__builtin___memcpy_chk (&MEM <char> [(void *)&a + 16B], _5, 32, 16);
instead, which will terminate the program instead of letting it silently
overflow the buffer.
The patch just punts if we'd need to decrease the last argument below 0.
Fortunately, release branches are unaffected.
P.S. it was quite hard to make the runtime test working, in builtins.exp
neither dg-options nor dg-additional-options work and builtins.exp adds
-fno-tree-dse among several other -fno-* options. Fortunately optimize
attribute works.
2020-01-15 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/93262
* tree-ssa-dse.c (maybe_trim_memstar_call): For *_chk builtins,
perform head trimming only if the last argument is constant,
either all ones, or larger or equal to head trim, in the latter
case decrease the last argument by head_trim.
* gcc.c-torture/execute/builtins/pr93262-chk.c: New test.
* gcc.c-torture/execute/builtins/pr93262-chk-lib.c: New file.
* gcc.c-torture/execute/builtins/pr93262-chk.x: New file.
|
|
As the testcase shows, tail trimming of strncpy in tree-ssa-dse.c is fine,
we just copy or clear fewer bytes in the destination, but unlike
memcpy/memset etc., head trimming is problematic in certain cases.
If we can prove that there are no zero bytes among initial head_trim bytes,
it is ok to trim it, if we can prove there is at least one zero byte among
initial head_trim bytes, we could (not implemented in the patch) turn
the strncpy into memset 0, but otherwise we need to avoid the head trimming,
because the presence or absence of NUL byte there changes the behavior for
subsequent bytes, whether further bytes from src are copied or if further
bytes are cleared.
2020-01-15 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/93249
* tree-ssa-dse.c: Include builtins.h and gimple-fold.h.
(maybe_trim_memstar_call): Move head_trim and tail_trim vars to
function body scope, reindent. For BUILTIN_IN_STRNCPY*, don't
perform head trim unless we can prove there are no '\0' chars
from the source among the first head_trim chars.
* gcc.c-torture/execute/pr93249.c: New test.
|
|
|
|
This patch uses the class function_set from the previous patch to
generalize the test for an fprintf inside a signal handler to
check for a set of known async-signal-unsafe functions.
gcc/analyzer/ChangeLog:
* analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
selftest::analyzer_sm_signal_cc_tests.
* analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
New decl.
* sm-signal.cc: Include "analyzer/function-set.h" and
"analyzer/analyzer-selftests.h".
(get_async_signal_unsafe_fns): New function.
(signal_unsafe_p): Reimplement in terms of the above.
(selftest::analyzer_sm_signal_cc_tests): New function.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/signal-5.c: New test.
|
|
This patch adds a simple mechanism for tracking sets of functions
for which a particular property holds, as a pragmatic way to build
knowledge about important APIs into the analyzer without requiring
markup of the user's libc.
gcc/ChangeLog:
* Makefile.in (ANALYZER_OBJS): Add analyzer/function-set.o.
gcc/analyzer/ChangeLog:
* analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
selftest::analyzer_function_set_cc_tests.
* analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
New decl.
* function-set.cc: New file.
* function-set.h: New file.
|
|
Whilst analyzing the reproducer for detecting CVE-2005-1689
(krb5-1.4.1's src/lib/krb5/krb/recvauth.c), the analyzer reports
a false double-free of the form:
krb5_xfree(inbuf.data);
krb5_read_message(..., &inbuf);
krb5_xfree(inbuf.data); /* false diagnostic here. */
where the call to krb5_read_message overwrites inbuf.data with
a freshly-malloced buffer.
This patch fixes the issue by purging state more thorougly when
handling a call with unknown behavior, by walking the graph of
memory regions that are reachable from the call.
gcc/analyzer/ChangeLog:
* analyzer.h (fndecl_has_gimple_body_p): New decl.
* engine.cc (impl_region_model_context::on_unknown_change): New
function.
(fndecl_has_gimple_body_p): Make non-static.
(exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
known. Track whether we have a call with unknown side-effects and
pass it to on_call_post.
* exploded-graph.h (impl_region_model_context::on_unknown_change):
New decl.
* program-state.cc (sm_state_map::on_unknown_change): New function.
* program-state.h (sm_state_map::on_unknown_change): New decl.
* region-model.cc: Include "bitmap.h".
(region_model::on_call_pre): Return a bool, capturing whether the
call has unknown side effects.
(region_model::on_call_post): Add arg "bool unknown_side_effects"
and if true, call handle_unrecognized_call.
(class reachable_regions): New class.
(region_model::handle_unrecognized_call): New function.
* region-model.h (region_model::on_call_pre): Return a bool.
(region_model::on_call_post): Add arg "bool unknown_side_effects".
(region_model::handle_unrecognized_call): New decl.
(region_model_context::on_unknown_change): New vfunc.
(test_region_model_context::on_unknown_change): New function.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/data-model-1.c: Remove xfail.
* gcc.dg/analyzer/data-model-5b.c: Likewise.
* gcc.dg/analyzer/data-model-5c.c: Likewise.
* gcc.dg/analyzer/setjmp-3.c: Mark "foo" as pure.
* gcc.dg/analyzer/setjmp-4.c: Likewise.
* gcc.dg/analyzer/setjmp-6.c: Likewise.
* gcc.dg/analyzer/setjmp-7.c: Likewise.
* gcc.dg/analyzer/setjmp-7a.c: Likewise.
* gcc.dg/analyzer/setjmp-8.c: Likewise.
* gcc.dg/analyzer/setjmp-9.c: Likewise.
* gcc.dg/analyzer/unknown-fns.c: New test.
|
|
Whilst analyzing the reproducer for detecting CVE-2005-1689
(krb5-1.4.1's src/lib/krb5/krb/recvauth.c), the analyzer reported
11 double-free diagnostics on lines of the form:
krb5_xfree(inbuf.data);
with no deduplication occcurring.
The root cause is that the diagnostics each have a COMPONENT_REF for
the inbuf.data, but they are different trees, and the de-duplication
logic was using pointer equality.
This patch replaces the pointer equality tests with calls to a new
pending_diagnostic::same_tree_p, implemented using simple_cst_equal.
With this patch, de-duplication occurs, and only 3 diagnostics are
reported. The 11 diagnostics are partitioned into 3 dedupe keys,
2 with 2 duplicates and 1 with 7 duplicates.
gcc/analyzer/ChangeLog:
* diagnostic-manager.cc (saved_diagnostic::operator==): Move here
from header. Replace pointer equality test on m_var with call to
pending_diagnostic::same_tree_p.
* diagnostic-manager.h (saved_diagnostic::operator==): Move to
diagnostic-manager.cc.
* pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
* pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
* sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
equality on m_arg with call to pending_diagnostic::same_tree_p.
* sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
(possible_null_arg::subclass_equal_p): Likewise.
(null_arg::subclass_equal_p): Likewise.
(free_of_non_heap::subclass_equal_p): Likewise.
* sm-pattern-test.cc (pattern_match::operator==): Likewise.
* sm-sensitive.cc (exposure_through_output_file::operator==):
Likewise.
* sm-taint.cc (tainted_array_index::operator==): Likewise.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/CVE-2005-1689-dedupe-issue.c: New test.
|
|
2020-01-15 Jakub Jelinek <jakub@redhat.com>
PR lto/91576
* g++.dg/lto/odr-8_1.C: Remove bogus initial lines.
|
|
As mentioned in the PR, the following testcase is miscompiled with avx512vl.
The reason is that the fma *_bcst_1 define_insns have two alternatives:
"=v,v" "0,v" "v,0" "m,m" and use the same
vfmadd213* %3<avx512bcst>, %2, %0<sd_mask_op4>
pattern. If the first alternative is chosen, everything is ok, but if the
second alternative is chosen, %2 and %0 are the same register, so instead
of doing dest=dest*another+membcst we do dest=dest*dest+membcst.
Now, to fix this, either we'd need separate:
"vfmadd213<ssemodesuffix>\t{%3<avx512bcst>, %2, %0<sd_mask_op4>|%0<sd_mask_op4>, %2, %3<avx512bcst>}
vfmadd213<ssemodesuffix>\t{%3<avx512bcst>, %1, %0<sd_mask_op4>|%0<sd_mask_op4>, %1, %3<avx512bcst>}"
where for the second alternative, we'd just use %1 instead of %2, but
what I think is actually cleaner is just use a single alternative and
make the two multiplication operands commutative, which they really are.
2020-01-15 Jakub Jelinek <jakub@redhat.com>
PR target/93009
* config/i386/sse.md
(*<sd_mask_codefor>fma_fmadd_<mode><sd_maskz_name>_bcst_1,
*<sd_mask_codefor>fma_fmsub_<mode><sd_maskz_name>_bcst_1,
*<sd_mask_codefor>fma_fnmadd_<mode><sd_maskz_name>_bcst_1,
*<sd_mask_codefor>fma_fnmsub_<mode><sd_maskz_name>_bcst_1): Use
just a single alternative instead of two, make operands 1 and 2
commutative.
* gcc.target/i386/avx512vl-pr93009.c: New test.
|
|
gcc/analyzer/ChangeLog:
* diagnostic-manager.cc (dedupe_winners::add): Add logging
of deduplication decisions made.
|
|
PR c++/90916
* pt.c (retrieve_specialization): Use get_template_info, not open
coding access.
|
|
PR lto/91576
* ipa-devirt.c (odr_types_equivalent_p): Compare TREE_ADDRESSABLE and
TYPE_MODE.
* testsuite/g++.dg/lto/odr-8_0.C: New testcase.
* testsuite/g++.dg/lto/odr-8_1.C: New testcase.
|
|
This patch adds a static analysis pass to the middle-end, focusing
for this release on C code, and malloc/free issues in particular.
See:
https://gcc.gnu.org/wiki/DavidMalcolm/StaticAnalyzer
gcc/ChangeLog:
* Makefile.in (lang_opt_files): Add analyzer.opt.
(ANALYZER_OBJS): New.
(OBJS): Add digraph.o, graphviz.o, ordered-hash-map-tests.o,
tristate.o and ANALYZER_OBJS.
(TEXI_GCCINT_FILES): Add analyzer.texi.
* common.opt (-fanalyzer): New driver option.
* config.in: Regenerate.
* configure: Regenerate.
* configure.ac (--disable-analyzer, ENABLE_ANALYZER): New option.
(gccdepdir): Also create depdir for "analyzer" subdir.
* digraph.cc: New file.
* digraph.h: New file.
* doc/analyzer.texi: New file.
* doc/gccint.texi ("Static Analyzer") New menu item.
(analyzer.texi): Include it.
* doc/invoke.texi ("Static Analyzer Options"): New list and new section.
("Warning Options"): Add static analysis warnings to the list.
(-Wno-analyzer-double-fclose): New option.
(-Wno-analyzer-double-free): New option.
(-Wno-analyzer-exposure-through-output-file): New option.
(-Wno-analyzer-file-leak): New option.
(-Wno-analyzer-free-of-non-heap): New option.
(-Wno-analyzer-malloc-leak): New option.
(-Wno-analyzer-possible-null-argument): New option.
(-Wno-analyzer-possible-null-dereference): New option.
(-Wno-analyzer-null-argument): New option.
(-Wno-analyzer-null-dereference): New option.
(-Wno-analyzer-stale-setjmp-buffer): New option.
(-Wno-analyzer-tainted-array-index): New option.
(-Wno-analyzer-use-after-free): New option.
(-Wno-analyzer-use-of-pointer-in-stale-stack-frame): New option.
(-Wno-analyzer-use-of-uninitialized-value): New option.
(-Wanalyzer-too-complex): New option.
(-fanalyzer-call-summaries): New warning.
(-fanalyzer-checker=): New warning.
(-fanalyzer-fine-grained): New warning.
(-fno-analyzer-state-merge): New warning.
(-fno-analyzer-state-purge): New warning.
(-fanalyzer-transitivity): New warning.
(-fanalyzer-verbose-edges): New warning.
(-fanalyzer-verbose-state-changes): New warning.
(-fanalyzer-verbosity=): New warning.
(-fdump-analyzer): New warning.
(-fdump-analyzer-callgraph): New warning.
(-fdump-analyzer-exploded-graph): New warning.
(-fdump-analyzer-exploded-nodes): New warning.
(-fdump-analyzer-exploded-nodes-2): New warning.
(-fdump-analyzer-exploded-nodes-3): New warning.
(-fdump-analyzer-supergraph): New warning.
* doc/sourcebuild.texi (dg-require-dot): New.
(dg-check-dot): New.
* gdbinit.in (break-on-saved-diagnostic): New command.
* graphviz.cc: New file.
* graphviz.h: New file.
* ordered-hash-map-tests.cc: New file.
* ordered-hash-map.h: New file.
* passes.def (pass_analyzer): Add before
pass_ipa_whole_program_visibility.
* selftest-run-tests.c (selftest::run_tests): Call
selftest::ordered_hash_map_tests_cc_tests.
* selftest.h (selftest::ordered_hash_map_tests_cc_tests): New
decl.
* shortest-paths.h: New file.
* timevar.def (TV_ANALYZER): New timevar.
(TV_ANALYZER_SUPERGRAPH): Likewise.
(TV_ANALYZER_STATE_PURGE): Likewise.
(TV_ANALYZER_PLAN): Likewise.
(TV_ANALYZER_SCC): Likewise.
(TV_ANALYZER_WORKLIST): Likewise.
(TV_ANALYZER_DUMP): Likewise.
(TV_ANALYZER_DIAGNOSTICS): Likewise.
(TV_ANALYZER_SHORTEST_PATHS): Likewise.
* tree-pass.h (make_pass_analyzer): New decl.
* tristate.cc: New file.
* tristate.h: New file.
gcc/analyzer/ChangeLog:
* ChangeLog: New file.
* analyzer-selftests.cc: New file.
* analyzer-selftests.h: New file.
* analyzer.opt: New file.
* analysis-plan.cc: New file.
* analysis-plan.h: New file.
* analyzer-logging.cc: New file.
* analyzer-logging.h: New file.
* analyzer-pass.cc: New file.
* analyzer.cc: New file.
* analyzer.h: New file.
* call-string.cc: New file.
* call-string.h: New file.
* checker-path.cc: New file.
* checker-path.h: New file.
* constraint-manager.cc: New file.
* constraint-manager.h: New file.
* diagnostic-manager.cc: New file.
* diagnostic-manager.h: New file.
* engine.cc: New file.
* engine.h: New file.
* exploded-graph.h: New file.
* pending-diagnostic.cc: New file.
* pending-diagnostic.h: New file.
* program-point.cc: New file.
* program-point.h: New file.
* program-state.cc: New file.
* program-state.h: New file.
* region-model.cc: New file.
* region-model.h: New file.
* sm-file.cc: New file.
* sm-malloc.cc: New file.
* sm-malloc.dot: New file.
* sm-pattern-test.cc: New file.
* sm-sensitive.cc: New file.
* sm-signal.cc: New file.
* sm-taint.cc: New file.
* sm.cc: New file.
* sm.h: New file.
* state-purge.cc: New file.
* state-purge.h: New file.
* supergraph.cc: New file.
* supergraph.h: New file.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/CVE-2005-1689-minimal.c: New test.
* gcc.dg/analyzer/abort.c: New test.
* gcc.dg/analyzer/alloca-leak.c: New test.
* gcc.dg/analyzer/analyzer-decls.h: New header.
* gcc.dg/analyzer/analyzer-verbosity-0.c: New test.
* gcc.dg/analyzer/analyzer-verbosity-1.c: New test.
* gcc.dg/analyzer/analyzer-verbosity-2.c: New test.
* gcc.dg/analyzer/analyzer.exp: New suite.
* gcc.dg/analyzer/attribute-nonnull.c: New test.
* gcc.dg/analyzer/call-summaries-1.c: New test.
* gcc.dg/analyzer/conditionals-2.c: New test.
* gcc.dg/analyzer/conditionals-3.c: New test.
* gcc.dg/analyzer/conditionals-notrans.c: New test.
* gcc.dg/analyzer/conditionals-trans.c: New test.
* gcc.dg/analyzer/data-model-1.c: New test.
* gcc.dg/analyzer/data-model-2.c: New test.
* gcc.dg/analyzer/data-model-3.c: New test.
* gcc.dg/analyzer/data-model-4.c: New test.
* gcc.dg/analyzer/data-model-5.c: New test.
* gcc.dg/analyzer/data-model-5b.c: New test.
* gcc.dg/analyzer/data-model-5c.c: New test.
* gcc.dg/analyzer/data-model-5d.c: New test.
* gcc.dg/analyzer/data-model-6.c: New test.
* gcc.dg/analyzer/data-model-7.c: New test.
* gcc.dg/analyzer/data-model-8.c: New test.
* gcc.dg/analyzer/data-model-9.c: New test.
* gcc.dg/analyzer/data-model-11.c: New test.
* gcc.dg/analyzer/data-model-12.c: New test.
* gcc.dg/analyzer/data-model-13.c: New test.
* gcc.dg/analyzer/data-model-14.c: New test.
* gcc.dg/analyzer/data-model-15.c: New test.
* gcc.dg/analyzer/data-model-16.c: New test.
* gcc.dg/analyzer/data-model-17.c: New test.
* gcc.dg/analyzer/data-model-18.c: New test.
* gcc.dg/analyzer/data-model-19.c: New test.
* gcc.dg/analyzer/data-model-path-1.c: New test.
* gcc.dg/analyzer/disabling.c: New test.
* gcc.dg/analyzer/dot-output.c: New test.
* gcc.dg/analyzer/double-free-lto-1-a.c: New test.
* gcc.dg/analyzer/double-free-lto-1-b.c: New test.
* gcc.dg/analyzer/double-free-lto-1.h: New header.
* gcc.dg/analyzer/equivalence.c: New test.
* gcc.dg/analyzer/explode-1.c: New test.
* gcc.dg/analyzer/explode-2.c: New test.
* gcc.dg/analyzer/factorial.c: New test.
* gcc.dg/analyzer/fibonacci.c: New test.
* gcc.dg/analyzer/fields.c: New test.
* gcc.dg/analyzer/file-1.c: New test.
* gcc.dg/analyzer/file-2.c: New test.
* gcc.dg/analyzer/function-ptr-1.c: New test.
* gcc.dg/analyzer/function-ptr-2.c: New test.
* gcc.dg/analyzer/function-ptr-3.c: New test.
* gcc.dg/analyzer/gzio-2.c: New test.
* gcc.dg/analyzer/gzio-3.c: New test.
* gcc.dg/analyzer/gzio-3a.c: New test.
* gcc.dg/analyzer/gzio.c: New test.
* gcc.dg/analyzer/infinite-recursion.c: New test.
* gcc.dg/analyzer/loop-2.c: New test.
* gcc.dg/analyzer/loop-2a.c: New test.
* gcc.dg/analyzer/loop-3.c: New test.
* gcc.dg/analyzer/loop-4.c: New test.
* gcc.dg/analyzer/loop.c: New test.
* gcc.dg/analyzer/malloc-1.c: New test.
* gcc.dg/analyzer/malloc-2.c: New test.
* gcc.dg/analyzer/malloc-3.c: New test.
* gcc.dg/analyzer/malloc-callbacks.c: New test.
* gcc.dg/analyzer/malloc-dce.c: New test.
* gcc.dg/analyzer/malloc-dedupe-1.c: New test.
* gcc.dg/analyzer/malloc-ipa-1.c: New test.
* gcc.dg/analyzer/malloc-ipa-10.c: New test.
* gcc.dg/analyzer/malloc-ipa-11.c: New test.
* gcc.dg/analyzer/malloc-ipa-12.c: New test.
* gcc.dg/analyzer/malloc-ipa-13.c: New test.
* gcc.dg/analyzer/malloc-ipa-2.c: New test.
* gcc.dg/analyzer/malloc-ipa-3.c: New test.
* gcc.dg/analyzer/malloc-ipa-4.c: New test.
* gcc.dg/analyzer/malloc-ipa-5.c: New test.
* gcc.dg/analyzer/malloc-ipa-6.c: New test.
* gcc.dg/analyzer/malloc-ipa-7.c: New test.
* gcc.dg/analyzer/malloc-ipa-8-double-free.c: New test.
* gcc.dg/analyzer/malloc-ipa-8-lto-a.c: New test.
* gcc.dg/analyzer/malloc-ipa-8-lto-b.c: New test.
* gcc.dg/analyzer/malloc-ipa-8-lto-c.c: New test.
* gcc.dg/analyzer/malloc-ipa-8-lto.h: New test.
* gcc.dg/analyzer/malloc-ipa-8-unchecked.c: New test.
* gcc.dg/analyzer/malloc-ipa-9.c: New test.
* gcc.dg/analyzer/malloc-macro-inline-events.c: New test.
* gcc.dg/analyzer/malloc-macro-separate-events.c: New test.
* gcc.dg/analyzer/malloc-macro.h: New header.
* gcc.dg/analyzer/malloc-many-paths-1.c: New test.
* gcc.dg/analyzer/malloc-many-paths-2.c: New test.
* gcc.dg/analyzer/malloc-many-paths-3.c: New test.
* gcc.dg/analyzer/malloc-paths-1.c: New test.
* gcc.dg/analyzer/malloc-paths-10.c: New test.
* gcc.dg/analyzer/malloc-paths-2.c: New test.
* gcc.dg/analyzer/malloc-paths-3.c: New test.
* gcc.dg/analyzer/malloc-paths-4.c: New test.
* gcc.dg/analyzer/malloc-paths-5.c: New test.
* gcc.dg/analyzer/malloc-paths-6.c: New test.
* gcc.dg/analyzer/malloc-paths-7.c: New test.
* gcc.dg/analyzer/malloc-paths-8.c: New test.
* gcc.dg/analyzer/malloc-paths-9.c: New test.
* gcc.dg/analyzer/malloc-vs-local-1a.c: New test.
* gcc.dg/analyzer/malloc-vs-local-1b.c: New test.
* gcc.dg/analyzer/malloc-vs-local-2.c: New test.
* gcc.dg/analyzer/malloc-vs-local-3.c: New test.
* gcc.dg/analyzer/malloc-vs-local-4.c: New test.
* gcc.dg/analyzer/operations.c: New test.
* gcc.dg/analyzer/params-2.c: New test.
* gcc.dg/analyzer/params.c: New test.
* gcc.dg/analyzer/paths-1.c: New test.
* gcc.dg/analyzer/paths-1a.c: New test.
* gcc.dg/analyzer/paths-2.c: New test.
* gcc.dg/analyzer/paths-3.c: New test.
* gcc.dg/analyzer/paths-4.c: New test.
* gcc.dg/analyzer/paths-5.c: New test.
* gcc.dg/analyzer/paths-6.c: New test.
* gcc.dg/analyzer/paths-7.c: New test.
* gcc.dg/analyzer/pattern-test-1.c: New test.
* gcc.dg/analyzer/pattern-test-2.c: New test.
* gcc.dg/analyzer/pointer-merging.c: New test.
* gcc.dg/analyzer/pr61861.c: New test.
* gcc.dg/analyzer/pragma-1.c: New test.
* gcc.dg/analyzer/scope-1.c: New test.
* gcc.dg/analyzer/sensitive-1.c: New test.
* gcc.dg/analyzer/setjmp-1.c: New test.
* gcc.dg/analyzer/setjmp-2.c: New test.
* gcc.dg/analyzer/setjmp-3.c: New test.
* gcc.dg/analyzer/setjmp-4.c: New test.
* gcc.dg/analyzer/setjmp-5.c: New test.
* gcc.dg/analyzer/setjmp-6.c: New test.
* gcc.dg/analyzer/setjmp-7.c: New test.
* gcc.dg/analyzer/setjmp-7a.c: New test.
* gcc.dg/analyzer/setjmp-8.c: New test.
* gcc.dg/analyzer/setjmp-9.c: New test.
* gcc.dg/analyzer/signal-1.c: New test.
* gcc.dg/analyzer/signal-2.c: New test.
* gcc.dg/analyzer/signal-3.c: New test.
* gcc.dg/analyzer/signal-4a.c: New test.
* gcc.dg/analyzer/signal-4b.c: New test.
* gcc.dg/analyzer/strcmp-1.c: New test.
* gcc.dg/analyzer/switch.c: New test.
* gcc.dg/analyzer/taint-1.c: New test.
* gcc.dg/analyzer/zlib-1.c: New test.
* gcc.dg/analyzer/zlib-2.c: New test.
* gcc.dg/analyzer/zlib-3.c: New test.
* gcc.dg/analyzer/zlib-4.c: New test.
* gcc.dg/analyzer/zlib-5.c: New test.
* gcc.dg/analyzer/zlib-6.c: New test.
* lib/gcc-defs.exp (dg-check-dot): New procedure.
* lib/target-supports.exp (check_dot_available): New procedure.
(check_effective_target_analyzer): New.
* lib/target-supports-dg.exp (dg-require-dot): New procedure.
|
|
I thought my earlier fix for 91930 was an obvious bug fix, but apparently an
inherited constructor does not count as user-declared. So this patch
reverts that change and the other follow-on patches, and fixes 91930
differently, by not letting the inherited default constructor hide the
implicitly-declared default constructor.
* class.c (add_method): A constrained inherited ctor doesn't hide an
implicit derived ctor.
Revert:
PR c++/91930 - ICE with constrained inherited default ctor.
* name-lookup.c (do_class_using_decl): Set TYPE_HAS_USER_CONSTRUCTOR
for inherited constructor.
PR c++/92552 - ICE with inherited constrained default ctor.
* pt.c (instantiate_class_template_1): Copy
TYPE_HAS_USER_CONSTRUCTOR.
PR c++/92594 - ICE with inherited trivial default ctor.
* method.c (trivial_fn_p): Treat an inherited default constructor
like a normal default constructor.
|
|
https://gcc.gnu.org/ml/gcc-patches/2020-01/msg00809.html
PR c++/90916
* pt.c (retrieve_specialization): Get the TI from the decl or the
classtype as appropriate.
|
|
* config/i386/i386.md (*movsf_internal): Require SSE2 ISA for
alternatives 9 and 10.
|
|
gcc/cp/ChangeLog:
* cp-gimplify.c (source_location_table_entry_hash::empty_zero_p):
New static constant.
* cp-tree.h (named_decl_hash::empty_zero_p): Likewise.
(struct named_label_hash::empty_zero_p): Likewise.
* decl2.c (mangled_decl_hash::empty_zero_p): Likewise.
gcc/ChangeLog:
* attribs.c (excl_hash_traits::empty_zero_p): New static constant.
* gcov.c (function_start_pair_hash::empty_zero_p): Likewise.
* graphite.c (struct sese_scev_hash::empty_zero_p): Likewise.
* hash-map-tests.c (selftest::test_nonzero_empty_key): New selftest.
(selftest::hash_map_tests_c_tests): Call it.
* hash-map-traits.h (simple_hashmap_traits::empty_zero_p):
New static constant, using the value of = H::empty_zero_p.
(unbounded_hashmap_traits::empty_zero_p): Likewise, using the value
from default_hash_traits <Value>.
* hash-map.h (hash_map::empty_zero_p): Likewise, using the value
from Traits.
* hash-set-tests.c (value_hash_traits::empty_zero_p): Likewise.
* hash-table.h (hash_table::alloc_entries): Guard the loop of
calls to mark_empty with !Descriptor::empty_zero_p.
(hash_table::empty_slow): Conditionalize the memset call with a
check that Descriptor::empty_zero_p; otherwise, loop through the
entries calling mark_empty on them.
* hash-traits.h (int_hash::empty_zero_p): New static constant.
(pointer_hash::empty_zero_p): Likewise.
(pair_hash::empty_zero_p): Likewise.
* ipa-devirt.c (default_hash_traits <type_pair>::empty_zero_p):
Likewise.
* ipa-prop.c (ipa_bit_ggc_hash_traits::empty_zero_p): Likewise.
(ipa_vr_ggc_hash_traits::empty_zero_p): Likewise.
* profile.c (location_triplet_hash::empty_zero_p): Likewise.
* sanopt.c (sanopt_tree_triplet_hash::empty_zero_p): Likewise.
(sanopt_tree_couple_hash::empty_zero_p): Likewise.
* tree-hasher.h (int_tree_hasher::empty_zero_p): Likewise.
* tree-ssa-sccvn.c (vn_ssa_aux_hasher::empty_zero_p): Likewise.
* tree-vect-slp.c (bst_traits::empty_zero_p): Likewise.
* tree-vectorizer.h
(default_hash_traits<scalar_cond_masked_key>::empty_zero_p):
Likewise.
|
|
Here we were getting confused about whether or not pod_tuple has a trivial
default constructor. bar inherits the trivial e default constructor; the
effect of calling that inherited constructor is equivalent to calling a
defaulted default constructor in bar, so let's treat it as such.
* method.c (trivial_fn_p): Treat an inherited default constructor
like a normal default constructor.
|
|
There were two issues in this PR:
1) We were crashing in is_really_empty_class because we say that the
internal RTTI types are classes, but never gave them TYPE_BINFO.
2) We were allowing the cast to a different pointer type because STRIP_NOPS
in cxx_fold_indirect_ref ignored REINTERPRET_CAST_P.
* rtti.c (get_tinfo_desc): Call xref_basetypes.
* constexpr.c (cxx_fold_indirect_ref): Don't strip
REINTERPRET_CAST_P.
|
|
I wonder why nobody fixed this until now; it's been two years since the
diagnostic context output was changed.
* lib/prune.exp (prune_gcc_output): Adjust constexpr pattern.
|
|
GCC sources, it's auto-generated in $(builddir) during build.
PR target/92055
* contrib/gcc_update (files_and_dependencies): Remove
entry for gcc/config/avr/t-multilib.
|
|
libgcc/
* config/avr/lib1funcs.S (skip): Simplify.
|
|
Starting with the introduction of TYPE_TYPELESS_STORAGE the situation
of having a alias-set zero aggregate field became more common which
prevents recording alias-sets of fields of said aggregate as subset
of the outer aggregate. component_uses_parent_alias_set_from in the
past fended off some of the issues with that but the alias oracles
use of the alias set of the base of an access path never appropriately
handled it.
The following makes it so that alias-sets of fields of alias-set zero
aggregate fields are still recorded as subset of the container.
2020-01-14 Richard Biener <rguenther@suse.de>
PR middle-end/93246
* alias.c (record_component_aliases): Take superset to record
into, recurse for alias-set zero fields.
(record_component_aliases): New oveerload wrapping around the above.
* g++.dg/torture/pr93246.C: New testcase.
|
|
Function average_num_loop_insns forgets to free loop body in early
return. Besides, overflow comparison checks 1000000 (e6) but the
return value is 100000 (e5), fix this typo.
gcc/ChangeLog
2020-01-14 Kewen Lin <linkw@gcc.gnu.org>
* cfgloopanal.c (average_num_loop_insns): Free bbs when early
return, fix typo on return value.
|
|
Another place that needs to specially handle Concepts TS function-style
concepts.
* except.c (check_noexcept_r): Handle concept-check.
|
|
Here, we weren't recognizing that the template parameter of A is used by the
reference to d in the requires-clause of f. Fixed by passing down the
active template parameters in the context of normalization, and adding to
the mapping any such parameters shared by a member template used in the
constraint-expression.
* pt.c (struct find_template_parameter_info): Add ctx_parms.
(any_template_parm_r): Handle TEMPLATE_DECL.
(find_template_parameters): Take parms instead of their depth.
* constraint.cc (build_parameter_mapping): Pass them.
|
|
v8:
1. Rebase to master with Martin's static function (r280043) comments merge.
Boostrap/testsuite/SPEC2017 tested pass on Power8-LE.
2. TODO:
2.1. C++ devirt for multiple speculative call targets.
2.2. ipa-icf ipa_merge_profiles refine with COMDAT inline testcase.
This patch aims to fix PR69678 caused by PGO indirect call profiling
performance issues.
The bug that profiling data is never working was fixed by Martin's pull
back of topN patches, performance got GEOMEAN ~1% improvement(+24% for
511.povray_r specifically).
Still, currently the default profile only generates SINGLE indirect target
that called more than 75%. This patch leverages MULTIPLE indirect
targets use in LTO-WPA and LTO-LTRANS stage, as a result, function
specialization, profiling, partial devirtualization, inlining and
cloning could be done successfully based on it.
Performance can get improved from 0.70 sec to 0.38 sec on simple tests.
Details are:
1. PGO with topn is enabled by default now, but only one indirect
target edge will be generated in ipa-profile pass, so add variables to enable
multiple speculative edges through passes, speculative_id will record the
direct edge index bind to the indirect edge, indirect_call_targets length
records how many direct edges owned by the indirect edge, postpone gimple_ic
to ipa-profile like default as inline pass will decide whether it is benefit
to transform indirect call.
2. Use speculative_id to track and search the reference node matched
with the direct edge's callee for multiple targets. Actually, it is the
caller's responsibility to handle the direct edges mapped to same indirect
edge. speculative_call_info will return one of the direct edge specified,
this will leverage current IPA edge process framework mostly.
3. Enable LTO WPA/LTRANS stage multiple indirect call targets analysis for
profile full support in ipa passes and cgraph_edge functions. speculative_id
can be set by make_speculative id when multiple targets are binded to
one indirect edge, and cloned if new edge is cloned. speculative_id
is streamed out and stream int by lto like lto_stmt_uid.
4. Create and duplicate all speculative direct edge's call summary
in ipa-fnsummary.c with auto_vec.
5. Add 1 in module testcase and 2 cross module testcases.
6. Bootstrap and regression test passed on Power8-LE. No function
and performance regression for SPEC2017.
gcc/ChangeLog
2020-01-14 Xiong Hu Luo <luoxhu@linux.ibm.com>
PR ipa/69678
* cgraph.c (symbol_table::create_edge): Init speculative_id and
target_prob.
(cgraph_edge::make_speculative): Add param for setting speculative_id
and target_prob.
(cgraph_edge::speculative_call_info): Update comments and find reference
by speculative_id for multiple indirect targets.
(cgraph_edge::resolve_speculation): Decrease the speculations
for indirect edge, drop it's speculative if not direct target
left. Update comments.
(cgraph_edge::redirect_call_stmt_to_callee): Likewise.
(cgraph_node::dump): Print num_speculative_call_targets.
(cgraph_node::verify_node): Don't report error if speculative
edge not include statement.
(cgraph_edge::num_speculative_call_targets_p): New function.
* cgraph.h (int common_target_id): Remove.
(int common_target_probability): Remove.
(num_speculative_call_targets): New variable.
(make_speculative): Add param for setting speculative_id.
(cgraph_edge::num_speculative_call_targets_p): New declare.
(target_prob): New variable.
(speculative_id): New variable.
* ipa-fnsummary.c (analyze_function_body): Create and duplicate
call summaries for multiple speculative call targets.
* cgraphclones.c (cgraph_node::create_clone): Clone speculative_id.
* ipa-profile.c (struct speculative_call_target): New struct.
(class speculative_call_summary): New class.
(class speculative_call_summaries): New class.
(call_sums): New variable.
(ipa_profile_generate_summary): Generate indirect multiple targets summaries.
(ipa_profile_write_edge_summary): New function.
(ipa_profile_write_summary): Stream out indirect multiple targets summaries.
(ipa_profile_dump_all_summaries): New function.
(ipa_profile_read_edge_summary): New function.
(ipa_profile_read_summary_section): New function.
(ipa_profile_read_summary): Stream in indirect multiple targets summaries.
(ipa_profile): Generate num_speculative_call_targets from
profile summaries.
* ipa-ref.h (speculative_id): New variable.
* ipa-utils.c (ipa_merge_profiles): Update with target_prob.
* lto-cgraph.c (lto_output_edge): Remove indirect common_target_id and
common_target_probability. Stream out speculative_id and
num_speculative_call_targets.
(input_edge): Likewise.
* predict.c (dump_prediction): Remove edges count assert to be
precise.
* symtab.c (symtab_node::create_reference): Init speculative_id.
(symtab_node::clone_references): Clone speculative_id.
(symtab_node::clone_referring): Clone speculative_id.
(symtab_node::clone_reference): Clone speculative_id.
(symtab_node::clear_stmts_in_references): Clear speculative_id.
* tree-inline.c (copy_bb): Duplicate all the speculative edges
if indirect call contains multiple speculative targets.
* value-prof.h (check_ic_target): Remove.
* value-prof.c (gimple_value_profile_transformations):
Use void function gimple_ic_transform.
* value-prof.c (gimple_ic_transform): Handle topn case.
Fix comment typos. Change it to a void function.
gcc/testsuite/ChangeLog
2020-01-14 Xiong Hu Luo <luoxhu@linux.ibm.com>
PR ipa/69678
* gcc.dg/tree-prof/indir-call-prof-topn.c: New testcase.
* gcc.dg/tree-prof/crossmodule-indir-call-topn-1.c: New testcase.
* gcc.dg/tree-prof/crossmodule-indir-call-topn-1a.c: New testcase.
* gcc.dg/tree-prof/crossmodule-indir-call-topn-2.c: New testcase.
* lib/scandump.exp: Dump executable file name.
* lib/scanwpaipa.exp: New scan-pgo-wap-ipa-dump.
|
|
|
|
This adds octeontx2 naming. It currently uses the cortexa57
cost model and schedule model until I submit this. This is
more a place holder to get the naming of the cores in GCC 10.
I will submit the cost model in the next couple of days.
ChangeLog:
* config/aarch64/aarch64-cores.def (octeontx2): New define.
(octeontx2t98): New define.
(octeontx2t96): New define.
(octeontx2t93): New define.
(octeontx2f95): New define.
(octeontx2f95n): New define.
(octeontx2f95mm): New define.
* config/aarch64/aarch64-tune.md: Regenerate.
* doc/invoke.texi (-mcpu=): Document the new cpu types.
|
|
This patch replaces the update_web_docs_libstdcxx_svn script, that
updates online documentation from its sources in the GCC repository, run
once a day from cron, with update_web_docs_libstdcxx_git.
* update_web_docs_libstdcxx_git: New file.
* update_web_docs_libstdcxx_svn: Remove.
* crontab: Use update_web_docs_libstdcxx_git.
|
|
gcc/testsuite/ChangeLog:
* gcc.dg/plugin/diagnostic-test-paths-2.c: Remove unused dg-line
directive.
|
|
|
|
This reverts commit b60563a8bf18b5a49431b5913f32f5c5ff8319d9.
Doesn't work as expected.
|
|
When we add a push rule, the default rule gets removed, so add that in
explicitly. This needs to come last since otherwise it would match
the custom redirecting rules we have for personal and vendor
sub-spaces.
I also noticed that the push rule for the vendor subspace still had
a force push default. We don't want that so remove it.
* gcc-git-customization.sh: Add back the default rule that
is lost by adding a custom push rule.
* git-fetch-vendor.sh: Likewise, also remove '+' from push specs.
|
|
2020-01-13 Martin Jambor <mjambor@suse.cz>
PR ipa/93223
* ipa-cp.c (devirtualization_time_bonus): Check whether isummary is
NULL.
testsuite/
* g++.dg/ipa/pr93223.C: New test.
|
|
The library has already worked around this issue, but I was curious about
why it wasn't working. The answer: because we were passing &var to fold,
which doesn't know about the constexpr values hash table. Fixed by passing
&"str" instead.
* constexpr.c (cxx_eval_builtin_function_call): Expose STRING_CST
to str/mem builtins.
|
|
This is a pretty rare situation since the C++11 change to make all
destructors default to noexcept, but it is still possible to define throwing
destructors, and if a destructor for a local variable throws during the
return, we've already constructed the return value, so now we need to
destroy it. I handled this somewhat like the new-expression cleanup; as in
that case, this cleanup can't properly nest with the cleanups for local
variables, so I introduce a cleanup region around the whole function and a
flag variable to indicate whether the return value actually needs to be
destroyed.
Setting the flag requires giving a COMPOUND_EXPR as the operand of a
RETURN_EXPR, so I adjust gimplify_return_expr to handle that.
This doesn't currently work with deduced return type because we don't know
the type when we're deciding whether to introduce the cleanup region.
gcc/
* gimplify.c (gimplify_return_expr): Handle COMPOUND_EXPR.
gcc/cp/
* cp-tree.h (current_retval_sentinel): New macro.
* decl.c (start_preparsed_function): Set up cleanup for retval.
* typeck.c (check_return_expr): Set current_retval_sentinel.
|
|
My earlier patch to reintroduce short_shift failed to adjust for the C++
front end use of const_op1 rather than op1.
* typeck.c (cp_build_binary_op): Use folded op1 for short_shift.
|