[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop

Fri, 26 Aug 2022 12:21:35 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|                            |2022-08-26
             Blocks|                            |88443
                 CC|                            |msebor at gcc dot gnu.org
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW
            Summary|[12/13 Regression]          |[12/13 Regression]
                   |Incorrect "writing 1 byte   |Incorrect "writing 1 byte
                   |into a region of size 0"    |into a region of size 0" on
                   |warning                     |a vectorized loop

--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
GCC unrolls the loop, and GCC 12 also vectorizes it.  The combination of the
two isolates stores from the loop that are out of bounds but that GCC cannot
prove cannot happen: it has no insight into what value pqr_mbc_len() might
return and if it's 5 or more the code would indeed write past the end.  The
warning just points it out.  To "fix" this the unroller could use the bounds of
the destination array to avoid emitting code for iterations of the loop that
end up accessing objects outside their bounds (there already is logic that does
that, controlled by the -faggressive-loop-optimizations option).  Until then,
if the function is guaranteed to return a value between 0 and 4 then adding the
following assertion both avoids the warning and improves the emitted code.

        if (len < 0 || MBC_MAX < len)
          __builtin_unreachable ();

The invalid stores can be seen in the IL output by the
-fdump-tree-strlen=/dev/stdout developer option:

  <bb 7> [local count: 76354976]:
  bnd.6_47 = _26 >> 2;
  vect__3.11_53 = MEM <vector(4) char> [(char *)mbs_22];
  MEM <vector(4) char> [(char *)&tmpchar] = vect__3.11_53;
  vectp_mbs.9_52 = mbs_22 + 4;
  niters_vector_mult_vf.7_48 = bnd.6_47 << 2;
  tmp.8_49 = (int) niters_vector_mult_vf.7_48;
  if (_26 == niters_vector_mult_vf.7_48)
    goto <bb 15>; [25.00%]
  else
    goto <bb 8>; [75.00%]

  <bb 8> [local count: 57266232]:
  _75 = (sizetype) tmp.8_49;
  _76 = vectp_mbs.9_52;
  _77 = MEM[(char *)vectp_mbs.9_52];
  tmpchar[tmp.8_49] = _77;   <<< -Wstringop-overflow
  k_79 = tmp.8_49 + 1;
  if (len_12 > 5)
    goto <bb 9>; [80.00%]
  else
    goto <bb 15>; [20.00%]

  <bb 9> [local count: 45812986]:
  _82 = 5;
  _83 = mbs_22 + 5;
  _84 = *_83;
  tmpchar[5] = _84;          <<< -Wstringop-overflow
  k_86 = tmp.8_49 + 2;
  if (len_12 > k_86)
    goto <bb 10>; [80.00%]
  else
    goto <bb 15>; [20.00%]


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88443
[Bug 88443] [meta-bug] bogus/missing -Wstringop-overflow warnings

Reply via email to