[Bug tree-optimization/104789] [12 Regression] New -Wstringop-overflow false positive since r12-5863-g9354a7d70caef1c9

msebor at gcc dot gnu.org via Gcc-bugs Mon, 07 Mar 2022 10:10:21 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104789


--- Comment #8 from Martin Sebor <msebor at gcc dot gnu.org> ---
Created attachment 52574
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52574&action=edit
Output of debug_ranger() for the affected function.

The IL the first warning triggers for in the test case in comment #7 is below. 
The access to header[header_bytes_152] where header_bytes_152's value is in [8,
8][10, 10] is out of bounds for unsigned char[8].  So the warning is correctly
pointing out the invalid store.  The store is the result of GCC unrolling the
first six iterations of the while loop, starting with index 4 (stores at index
2 and 3 are hoisted above the unrolled loop).  The last two iterations store
past the end of the header array.  GCC 11 also unrolls six iterations of the
loop but it starts with index 2 (it doesn't hoist the first two stores above
it).  The attachment shows the full output of calling debug_ranger() on the
function.

=========== BB 13 ============
Imports: header_bytes_192  
Exports: _147  header_bytes_152  header_bytes_192  
         _147 : header_bytes_152  header_bytes_192(I)  
         header_bytes_152 : header_bytes_192(I)  
header_bytes_192        unsigned int [4, 4][6, 6]
Relational : (header_bytes_152 > header_bytes_192)
    <bb 13> [local count: 21246984]:
    header_bytes_152 = header_bytes_192 + 4;
    header[header_bytes_65] = 0;
    _147 = header_bytes_152 & 3;
    if (_147 != 0)
      goto <bb 14>; [85.71%]
    else
      goto <bb 20>; [14.29%]

_147 : unsigned int [0, 0][2, 2]
header_bytes_152 : uint32_t [8, 8][10, 10]
13->14  (T) _147 :      unsigned int [2, 2]
13->14  (T) header_bytes_152 :  uint32_t [8, 8][10, 10]
13->14  (T) header_bytes_192 :  unsigned int [4, 4][6, 6]
13->20  (F) _147 :      unsigned int [0, 0]
13->20  (F) header_bytes_152 :  uint32_t [8, 8][10, 10]
13->20  (F) header_bytes_192 :  unsigned int [4, 4][6, 6]

=========== BB 14 ============
Imports: header_bytes_192  
Exports: _131  header_bytes_133  header_bytes_192  
         _131 : header_bytes_133  header_bytes_192(I)  
         header_bytes_133 : header_bytes_192(I)  
header_bytes_192        unsigned int [4, 4][6, 6]
Relational : (header_bytes_133 > header_bytes_192)
    <bb 14> [local count: 18210790]:
    header_bytes_133 = header_bytes_192 + 5;
    header[header_bytes_152] = 0;    <<< -Wstringop-overflow
    _131 = header_bytes_133 & 3;
    if (_131 != 0)
      goto <bb 15>; [85.71%]
    else
      goto <bb 21>; [14.29%]

_131 : unsigned int [1, 1][3, 3]
header_bytes_133 : uint32_t [9, 9][11, 11]
14->15  (T) _131 :      unsigned int [1, 1][3, 3]
14->15  (T) header_bytes_133 :  uint32_t [9, 9][11, 11]
14->15  (T) header_bytes_192 :  unsigned int [4, 4][6, 6]
14->21  (F) _131 :      UNDEFINED
14->21  (F) header_bytes_133 :  UNDEFINED
14->21  (F) header_bytes_192 :  UNDEFINED

[Bug tree-optimization/104789] [12 Regression] New -Wstringop-overflow false positive since r12-5863-g9354a7d70caef1c9

Reply via email to