https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86611
Bug ID: 86611
Summary: missing -Warray-bounds on a large negative index into
a string in lp64
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
With bug 84047 fixed, the out-of-bounds index in the following test case is
still diagnosed in ilp32 but not in lp64. In ilp32 the MEM_REF makes it all
the way to VRP where it's diagnosed, but in lp64 it's folded in fre1:
$ cat c.c && gcc -O2 -S -Warray-bounds -Wno-stringop-overflow
-fdump-tree-ealias=/dev/stdout -fdump-tree-fre1=/dev/stdout c.c
void f (int);
void g (void)
{
const char *p = "123";
__PTRDIFF_TYPE__ i = -__PTRDIFF_MAX__ - 1;
f (p[i + 1]);
}
;; Function g (g, funcdef_no=0, decl_uid=1900, cgraph_uid=1, symbol_order=0)
Points-to analysis
Constraints:
ANYTHING = &ANYTHING
ESCAPED = *ESCAPED
ESCAPED = ESCAPED + UNKNOWN
*ESCAPED = NONLOCAL
NONLOCAL = &NONLOCAL
NONLOCAL = &ESCAPED
INTEGER = &ANYTHING
_5 = _4
ESCAPED = _5
Collapsing static cycles and doing variable substitution
Building predecessor graph
Detecting pointer and location equivalences
Rewriting constraints and unifying variables
Uniting pointer but not location equivalent variables
Finding indirect cycles
Solving graph
Points-to sets
ANYTHING = { ANYTHING }
ESCAPED = { }
NONLOCAL = { ESCAPED NONLOCAL }
STOREDANYTHING = { }
INTEGER = { ANYTHING }
f = { }
_4 = { }
_5 = { }
Alias information for g
Aliased symbols
Call clobber information
ESCAPED, points-to vars: { }
Flow-insensitive points-to information
g ()
{
long int i;
const char * p;
char _4;
int _5;
<bb 2> :
_4 = MEM[(const char *)"123" + -9223372036854775807B];
_5 = (int) _4;
f (_5);
return;
}
;; Function g (g, funcdef_no=0, decl_uid=1900, cgraph_uid=1, symbol_order=0)
g ()
{
long int i;
const char * p;
<bb 2> :
f (50);
return;
}
