From patchwork Thu Sep 1 09:25:38 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prathamesh Kulkarni X-Patchwork-Id: 75181 Delivered-To: patch@linaro.org Received: by 10.140.29.8 with SMTP id a8csp189226qga; Thu, 1 Sep 2016 02:26:06 -0700 (PDT) X-Received: by 10.66.139.227 with SMTP id rb3mr24694924pab.26.1472721966138; Thu, 01 Sep 2016 02:26:06 -0700 (PDT) Return-Path: Received: from sourceware.org (server1.sourceware.org. [209.132.180.131]) by mx.google.com with ESMTPS id o3si4756842pab.114.2016.09.01.02.26.05 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 01 Sep 2016 02:26:06 -0700 (PDT) Received-SPF: pass (google.com: domain of gcc-patches-return-435064-patch=linaro.org@gcc.gnu.org designates 209.132.180.131 as permitted sender) client-ip=209.132.180.131; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org; spf=pass (google.com: domain of gcc-patches-return-435064-patch=linaro.org@gcc.gnu.org designates 209.132.180.131 as permitted sender) smtp.mailfrom=gcc-patches-return-435064-patch=linaro.org@gcc.gnu.org; dmarc=fail (p=NONE dis=NONE) header.from=linaro.org DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :mime-version:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; q=dns; s=default; b=hWY3pqxbtjuheUX EEBCwIBiN0juPdn2OqQ4B4T9ODWy624mNOjQ3R66GeWPNFhz2BQNEaiqnCAgqw+S IutzwP5I2ahqnm48XIoDTjC5AiAMAsVQNyYC8wlehmaYh7dlZDZI0HGxLRI2wZ7x aZK8ifN1E9WftFjfljw0+c/KEsf8= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :mime-version:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; s=default; bh=1hoXpkJL0lh6lIffJAYvx uKaRkc=; b=wTsDKc+dS+M64VEA3SWUp5Mw8QzF25C5+UZLddQeSGUcAf1tpyzHi 7OgGm2V0QfCYbTkM5NpPeGRG3DVom4rUWLJV9Fo75XCMrYQPfboVL67exiDFHwsQ rCnelHAYZRzE8vkvV+5mKcLshn/QxFFY3aSptAMjcd5jjTCmhqcGvE= Received: (qmail 80261 invoked by alias); 1 Sep 2016 09:25:52 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 77857 invoked by uid 89); 1 Sep 2016 09:25:51 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.5 required=5.0 tests=AWL, BAYES_00, RCVD_IN_DNSWL_LOW, SPF_PASS autolearn=ham version=3.3.2 spammy=deleting, our X-HELO: mail-it0-f52.google.com Received: from mail-it0-f52.google.com (HELO mail-it0-f52.google.com) (209.85.214.52) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 01 Sep 2016 09:25:40 +0000 Received: by mail-it0-f52.google.com with SMTP id i184so2357296itf.1 for ; Thu, 01 Sep 2016 02:25:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=aagAb2U0kukrg+H9Wvb5oisRjfN+tFJFgEQw2PnhPUc=; b=Ka8lTYev/iVDXrXE2+tOr7attMdeQ9rJTe50BLH7eJBjfy9hqNdMAOPEGm10a9Ik6l aNIhPJ5NNLqLI+/6naW0U4Bc/AMNyS9M3kPpE6caQ/JHqjaZ9MOjDICY4g7JWYhagvI1 Qb3uFOaKYOz70U8WiFfZYnB3GI+X8b29F9t1RdhFevPVYwyl4HZiFHrHnFk4wlaycfU0 1PYa41pHPGyRP+wYpVRiYL+BE8kRiB8dEcRcTmSA9jbz7pfIa2C57B+/quMGohg84JaJ /lF/c9cme/cmwgo3/iaoOFL5Qcy/loSlTuehlxna3dsFZNRCT6dK4RMqR3B7QXyC6EIR 53Xg== X-Gm-Message-State: AE9vXwOG1P9yX1T9OFf1h2lwPGTd6i+7pLN4rpETjSHEghgMA8LfIsR4IV1Qy/t1x1YBRT2eTiLbvi44Pz25/fFW X-Received: by 10.36.219.138 with SMTP id c132mr18526574itg.16.1472721939064; Thu, 01 Sep 2016 02:25:39 -0700 (PDT) MIME-Version: 1.0 Received: by 10.36.81.85 with HTTP; Thu, 1 Sep 2016 02:25:38 -0700 (PDT) In-Reply-To: References: <181560f0-c738-cff9-9002-101686da4c14@mentor.com> From: Prathamesh Kulkarni Date: Thu, 1 Sep 2016 14:55:38 +0530 Message-ID: Subject: Re: PR35503 - warn for restrict pointer To: Richard Biener Cc: Tom de Vries , gcc Patches , Marek Polacek , "Joseph S. Myers" , Jason Merrill X-IsSubscribed: yes On 1 September 2016 at 12:25, Richard Biener wrote: > On Tue, 30 Aug 2016, Tom de Vries wrote: > >> On 30/08/16 17:34, Prathamesh Kulkarni wrote: >> > On 30 August 2016 at 20:24, Tom de Vries wrote: >> > > On 26/08/16 13:39, Prathamesh Kulkarni wrote: >> > > > >> > > > Hi, >> > > > The following patch adds option -Wrestrict that warns when an argument >> > > > is passed to a restrict qualified parameter and it aliases with >> > > > another argument. >> > > > >> > > > eg: >> > > > int foo (const char *__restrict buf, const char *__restrict fmt, ...); >> > > > >> > > > void f(void) >> > > > { >> > > > char buf[100] = "hello"; >> > > > foo (buf, "%s-%s", buf, "world"); >> > > > } >> > > >> > > >> > > Does -Wrestrict generate a warning for this example? >> > > >> > > ... >> > > void h(int n, int * restrict p, int * restrict q, int * restrict r) >> > > { >> > > int i; >> > > for (i = 0; i < n; i++) >> > > p[i] = q[i] + r[i]; >> > > } >> > > >> > > h (100, a, b, b) >> > > ... >> > > >> > > [ Note that this is valid C, and does not violate the restrict definition. >> > > ] >> > > >> > > If -Wrestrict indeed generates a warning, then we should be explicit in >> > > the >> > > documentation that while the warning triggers on this type of example, the >> > > code is correct. >> > I am afraid it would warn for the above case. The patch just checks if >> > the parameter is qualified >> > with restrict, and if the corresponding argument has aliases in the >> > call (by calling operand_equal_p). >> >> > Is such code common in practice ? >> >> [ The example is from the definition of restrict in the c99 standard. ] >> >> According to the definition of restrict, only the restrict on p is required to >> know that p doesn't alias with q and that p doesn't alias with r. >> >> AFAIK the current implementation of gcc already generates optimal code if >> restrict is only on p. But earlier versions (and possibly other compilers as >> well?) need the restrict on q and r as well. >> >> So I expect this code to occur. >> >> > If it is, I wonder if we should keep >> > the warning in -Wall ? >> > >> >> Hmm, I wonder if we can use the const keyword to silence the warning. >> >> So if we generate a warning for: >> ... >> void h(int n, int * restrict p, int * restrict q, int * restrict r) >> { >> int i; >> for (i = 0; i < n; i++) >> p[i] = q[i] + r[i]; >> } >> h (100, a, b, b) >> ... >> >> but not for: >> ... >> void h(int n, int * restrict p, const int * restrict q, const int * restrict >> r) >> { >> int i; >> for (i = 0; i < n; i++) >> p[i] = q[i] + r[i]; >> } >> h (100, a, b, b) >> ... >> >> Then there's an easy way to rewrite the example such that the warning doesn't >> trigger, without having to remove the restrict. > > Note that I've seen restrict being used even for > > void h(int n, int * restrict p, int * restrict q) > { > int i; > for (i = 0; i < n; i++) > p[2*i] = p[2*i] + q[2*i + 1]; > } > > thus where the actual accesses do not alias (the pointers are used > to access every other element). I think the definition of "object" > (based on accessed lvalues) makes this example valid. So we > shouldn't warn about > > h (n, p, p) > > but we could warn about > > h (n, p, p + 1) > > and yes, only one of the pointers need to be restrict qualified. > > Note that as with all other alias warnings if you want to avoid > false positives and rely on conservative analysis then you can > as well simply avoid taking advantate of the bug in the code > (as we do for TBAA and trivial must-alias cases). If you allow > false positives then you ultimatively end up with a mess like > our existing -Wstrict-aliasing warnings (which are IMHO quite > useless). > > Note that nowhere in GCC we implement anything closely matching > the formal definition of restrict as writte in the C standard -- > only in fronted code could we properly derive the 'based-on' > property and note lvalues affected by restrict. Currently we > are restricted to looking at restrict qualified parameters > because of this. Hi, The attached version passes bootstrap+test on ppc64le-linux-gnu. Given that it only looks if parameters are restrict qualified and not how they're used inside the callee, this can have false positives as in above test-cases. Should the warning be put in Wextra rather than Wall (I have left it in Wall in the patch) or only enabled with -Wrestrict ? Thanks, Prathamesh > > Richard. diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c index 3feb910..a3dae34 100644 --- a/gcc/c-family/c-common.c +++ b/gcc/c-family/c-common.c @@ -47,6 +47,7 @@ along with GCC; see the file COPYING3. If not see #include "gimplify.h" #include "substring-locations.h" #include "spellcheck.h" +#include "gcc-rich-location.h" cpp_reader *parse_in; /* Declared in c-pragma.h. */ @@ -13057,4 +13058,76 @@ diagnose_mismatched_attributes (tree olddecl, tree newdecl) return warned; } +/* Warn if an argument at position param_pos is passed to a + restrict-qualified param, and it aliases with another argument. */ + +void +warn_for_restrict (unsigned param_pos, vec *args) +{ + tree arg = (*args)[param_pos]; + if (TREE_VISITED (arg) || operand_equal_p (arg, null_pointer_node, 0)) + return; + + location_t loc = EXPR_LOC_OR_LOC (arg, input_location); + gcc_rich_location richloc (loc); + + unsigned i; + tree current_arg; + auto_vec arg_positions; + + FOR_EACH_VEC_ELT (*args, i, current_arg) + { + if (i == param_pos) + continue; + + tree current_arg = (*args)[i]; + if (operand_equal_p (arg, current_arg, 0)) + { + TREE_VISITED (current_arg) = 1; + arg_positions.safe_push (i); + } + } + + if (arg_positions.is_empty ()) + return; + + struct obstack fmt_obstack; + gcc_obstack_init (&fmt_obstack); + char *fmt = (char *) obstack_alloc (&fmt_obstack, 0); + + char num[32]; + sprintf (num, "%u", param_pos + 1); + + obstack_grow (&fmt_obstack, "passing argument ", + strlen ("passing argument ")); + obstack_grow (&fmt_obstack, num, strlen (num)); + obstack_grow (&fmt_obstack, + " to restrict-qualified parameter aliases with argument", + strlen (" to restrict-qualified parameter " + "aliases with argument")); + + /* make argument plural and append space. */ + if (arg_positions.length () > 1) + obstack_1grow (&fmt_obstack, 's'); + obstack_1grow (&fmt_obstack, ' '); + + unsigned pos; + FOR_EACH_VEC_ELT (arg_positions, i, pos) + { + tree arg = (*args)[pos]; + if (EXPR_HAS_LOCATION (arg)) + richloc.add_range (EXPR_LOCATION (arg), false); + + sprintf (num, "%u", pos + 1); + obstack_grow (&fmt_obstack, num, strlen (num)); + + if (i < arg_positions.length () - 1) + obstack_grow (&fmt_obstack, ", ", strlen (", ")); + } + + obstack_1grow (&fmt_obstack, 0); + warning_at_rich_loc (&richloc, OPT_Wrestrict, fmt); + obstack_free (&fmt_obstack, fmt); +} + #include "gt-c-family-c-common.h" diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h index bc22baa..cdb762e 100644 --- a/gcc/c-family/c-common.h +++ b/gcc/c-family/c-common.h @@ -920,6 +920,7 @@ extern void c_parse_final_cleanups (void); extern void warn_for_omitted_condop (location_t, tree); extern void warn_for_memset (location_t, tree, tree, int); +extern void warn_for_restrict (unsigned, vec *); /* These macros provide convenient access to the various _STMT nodes. */ diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt index a5358ed..5ec3a25 100644 --- a/gcc/c-family/c.opt +++ b/gcc/c-family/c.opt @@ -1012,6 +1012,11 @@ Wduplicate-decl-specifier C ObjC Var(warn_duplicate_decl_specifier) Warning LangEnabledBy(C ObjC,Wall) Warn when a declaration has duplicate const, volatile, restrict or _Atomic specifier. +Wrestrict +C ObjC C++ ObjC++ Var(warn_restrict) Warning LangEnabledBy(C ObjC C++ ObjC++,Wall) +Warn when an argument passed to a restrict-qualified parameter aliases with +another argument. + ansi C ObjC C++ ObjC++ A synonym for -std=c89 (for C) or -std=c++98 (for C++). diff --git a/gcc/c/c-parser.c b/gcc/c/c-parser.c index fe0c95f..05510f6 100644 --- a/gcc/c/c-parser.c +++ b/gcc/c/c-parser.c @@ -8369,6 +8369,25 @@ c_parser_postfix_expression_after_primary (c_parser *parser, warn_for_memset (expr_loc, arg0, arg2, literal_zero_mask); } + if (TREE_CODE (expr.value) == FUNCTION_DECL && warn_restrict) + { + unsigned i; + tree arg; + FOR_EACH_VEC_SAFE_ELT (exprlist, i, arg) + TREE_VISITED (arg) = 0; + + unsigned param_pos = 0; + function_args_iterator iter; + tree t; + FOREACH_FUNCTION_ARGS (TREE_TYPE (expr.value), t, iter) + { + if (POINTER_TYPE_P (t) && TYPE_RESTRICT (t) + && !TYPE_READONLY (TREE_TYPE (t))) + warn_for_restrict (param_pos, exprlist); + param_pos++; + } + } + start = expr.get_start (); finish = parser->tokens_buf[0].get_finish (); expr.value diff --git a/gcc/cp/parser.c b/gcc/cp/parser.c index 690e928..ab73655 100644 --- a/gcc/cp/parser.c +++ b/gcc/cp/parser.c @@ -6878,6 +6878,26 @@ cp_parser_postfix_expression (cp_parser *parser, bool address_p, bool cast_p, warn_for_memset (input_location, arg0, arg2, literal_mask); } + if (TREE_CODE (postfix_expression) == FUNCTION_DECL + && warn_restrict) + { + unsigned i; + tree arg; + FOR_EACH_VEC_SAFE_ELT (args, i, arg) + TREE_VISITED (arg) = 0; + + unsigned param_pos = 0; + for (tree decl = DECL_ARGUMENTS (postfix_expression); + decl != NULL_TREE; + decl = DECL_CHAIN (decl), param_pos++) + { + tree type = TREE_TYPE (decl); + if (POINTER_TYPE_P (type) && TYPE_RESTRICT (type) + && !TYPE_READONLY (TREE_TYPE (type))) + warn_for_restrict (param_pos, args); + } + } + if (TREE_CODE (postfix_expression) == COMPONENT_REF) { tree instance = TREE_OPERAND (postfix_expression, 0); diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index 1f04501..869bf07 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -288,7 +288,7 @@ Objective-C and Objective-C++ Dialects}. -Wparentheses -Wno-pedantic-ms-format @gol -Wplacement-new -Wplacement-new=@var{n} @gol -Wpointer-arith -Wno-pointer-to-int-cast @gol --Wno-pragmas -Wredundant-decls -Wno-return-local-addr @gol +-Wno-pragmas -Wredundant-decls -Wrestrict -Wno-return-local-addr @gol -Wreturn-type -Wsequence-point -Wshadow -Wno-shadow-ivar @gol -Wshift-overflow -Wshift-overflow=@var{n} @gol -Wshift-count-negative -Wshift-count-overflow -Wshift-negative-value @gol @@ -5274,6 +5274,12 @@ compilations. Warn when deleting a pointer to incomplete type, which may cause undefined behavior at runtime. This warning is enabled by default. +@item -Wrestrict +@opindex Wrestrict +@opindex Wno-restrict +Warn when an argument passed to a restrict-qualified parameter +aliases with another argument + @item -Wuseless-cast @r{(C++ and Objective-C++ only)} @opindex Wuseless-cast @opindex Wno-useless-cast diff --git a/gcc/testsuite/c-c++-common/pr35503-1.c b/gcc/testsuite/c-c++-common/pr35503-1.c new file mode 100644 index 0000000..25e3721 --- /dev/null +++ b/gcc/testsuite/c-c++-common/pr35503-1.c @@ -0,0 +1,10 @@ +/* { dg-do compile } */ +/* { dg-options "-Wrestrict" } */ + +int foo (char *__restrict buf, const char *__restrict fmt, ...); + +void f(void) +{ + char buf[100] = "hello"; + foo (buf, "%s-%s", buf, "world"); /* { dg-warning "passing argument 1 to restrict-qualified parameter aliases with argument 3" } */ +} diff --git a/gcc/testsuite/c-c++-common/pr35503-2.c b/gcc/testsuite/c-c++-common/pr35503-2.c new file mode 100644 index 0000000..bfcd944 --- /dev/null +++ b/gcc/testsuite/c-c++-common/pr35503-2.c @@ -0,0 +1,14 @@ +/* { dg-do compile } */ +/* { dg-options "-fdiagnostics-show-caret -Wrestrict" } */ + +void f(int *__restrict x, int *y, int *__restrict z, int *w); + +void foo(int alpha, int beta) +{ + f (&alpha, &beta, &alpha, &alpha); /* { dg-warning "passing argument 1 to restrict-qualified parameter aliases with arguments 3, 4" } */ + +/* { dg-begin-multiline-output "" } + f (&alpha, &beta, &alpha, &alpha); + ^~~~~~ ~~~~~~ ~~~~~~ + { dg-end-multiline-output "" } */ +} diff --git a/gcc/testsuite/c-c++-common/pr35503-3.c b/gcc/testsuite/c-c++-common/pr35503-3.c new file mode 100644 index 0000000..8cbacab --- /dev/null +++ b/gcc/testsuite/c-c++-common/pr35503-3.c @@ -0,0 +1,9 @@ +/* { dg-do compile } */ +/* { dg-options "-Wrestrict" } */ + +void f(int *x, int *__restrict y); + +void foo(int a) +{ + f (&a, &a); /* { dg-warning "passing argument 2 to restrict-qualified parameter aliases with argument 1" } */ +}