public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/101600] New: Spurious -Warray-bounds
@ 2021-07-23 13:55 sbergman at redhat dot com
2021-07-23 21:11 ` [Bug middle-end/101600] [12 Regression] Spurious -Warray-bounds downcasting a polymorphic pointer msebor at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: sbergman at redhat dot com @ 2021-07-23 13:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101600
Bug ID: 101600
Summary: Spurious -Warray-bounds
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: sbergman at redhat dot com
Target Milestone: ---
With recent GCC 12 trunk (but not with e.g. gcc-c++-11.1.1-3.fc34.x86_64):
> $ cat test.cc
> struct S1 { virtual ~S1(); };
> struct S2 { int m; };
> struct S3 { virtual ~S3(); };
> struct S4: S1, S2, S3 {};
> int f1();
> void f2(S3 *);
> void f3(S2 * p) {
> for (int i = f1(); f1();) {
> if (i == 0) {
> p = nullptr;
> break;
> }
> }
> f2(static_cast<S4 *>(p));
> }
> $ g++ -c -O2 -Warray-bounds -O2 test.cc
> test.cc: In function ‘void f3(S2*)’:
> test.cc:14:7: warning: array subscript 0 is outside array bounds of ‘S2 [2305843009213693951]’ [-Warray-bounds]
> 14 | f2(static_cast<S4 *>(p));
> | ~~^~~~~~~~~~~~~~~~~~~~~~
> test.cc:7:14: note: at offset -8 into object ‘p’ of size [0, 9223372036854775807]
> 7 | void f3(S2 * p) {
> | ~~~~~^
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug middle-end/101600] [12 Regression] Spurious -Warray-bounds downcasting a polymorphic pointer
2021-07-23 13:55 [Bug c++/101600] New: Spurious -Warray-bounds sbergman at redhat dot com
@ 2021-07-23 21:11 ` msebor at gcc dot gnu.org
2021-07-23 21:34 ` msebor at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-07-23 21:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101600
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |56456
Target Milestone|--- |12.0
Ever confirmed|0 |1
CC| |msebor at gcc dot gnu.org
Last reconfirmed| |2021-07-23
Summary|Spurious -Warray-bounds |[12 Regression] Spurious
| |-Warray-bounds downcasting
| |a polymorphic pointer
Known to work| |11.1.0
Assignee|unassigned at gcc dot gnu.org |msebor at gcc dot gnu.org
Status|UNCONFIRMED |ASSIGNED
Known to fail| |12.0
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Thanks for the small test case! I can confirm the false positive. The IL
looks (close to) the following:
<bb 5> [local count: 80404472]:
# p_1 = PHI <p_9(D)(4)>
if (p_1 != 0B)
goto <bb 6>; [100.00%]
else
goto <bb 7>; [0.00%]
<bb 6> [local count: 80404472]:
iftmp.1_11 = &MEM[(struct S4 *)p_1 + -8B].D.2419; <<< -Warray-bounds
except that p_1 is:
p_1 = PHI <0B(3), p_9(D)(4)>
The bug is in access_ref::get_ref () in not clearing the base0 flag, making
-Warray-bounds think the pointer points to the first byte of a declared object.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456
[Bug 56456] [meta-bug] bogus/missing -Warray-bounds
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug middle-end/101600] [12 Regression] Spurious -Warray-bounds downcasting a polymorphic pointer
2021-07-23 13:55 [Bug c++/101600] New: Spurious -Warray-bounds sbergman at redhat dot com
2021-07-23 21:11 ` [Bug middle-end/101600] [12 Regression] Spurious -Warray-bounds downcasting a polymorphic pointer msebor at gcc dot gnu.org
@ 2021-07-23 21:34 ` msebor at gcc dot gnu.org
2021-08-23 23:42 ` msebor at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-07-23 21:34 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101600
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
There's another bug here that can be reproduced with the following slightly
modified version of the original test case:
$ cat pr101600-c2.C && /build/gcc-master/gcc/xgcc -B /build/gcc-master/gcc -O2
-S -Wall pr101600-c2.C
struct S1 { virtual ~S1(); };
struct S2 { int m; };
struct S3 { virtual ~S3(); };
struct S4: S1, S2, S3 {};
int f1();
void f2 (S3 *);
S4 s4;
void f3 (void)
{
S2 *p = &s4;
for (int i = f1(); f1();)
{
if (i == 0)
{
p = nullptr;
break;
}
}
f2 (static_cast<S4 *>(p));
}
pr101600-c2.C: In function ‘void f3()’:
pr101600-c2.C:25:6: warning: array subscript 0 is outside array bounds of ‘S2
[2305843009213693951]’ [-Warray-bounds]
25 | f2 (static_cast<S4 *>(p));
| ~~~^~~~~~~~~~~~~~~~~~~~~~
pr101600-c2.C:4:8: note: at offset -8 into object ‘S4::<anonymous>’ of size 4
4 | struct S4: S1, S2, S3 {};
| ^~
A simpler (but contrived) C test case goes something like this:
$ cat u.c && gcc -O2 -S -Wall u.c
struct A { int i, j; } a;
int f (void);
void g (int);
void h (void)
{
void *p = &a.j;
for (int i = f (); f (); )
if (!i)
{
p = 0;
break;
}
int o = __builtin_offsetof (struct A, j);
struct A *q = (struct A*)((char*)p - o);
g (q->i);
}
u.c: In function ‘h’:
u.c:20:7: warning: array subscript 0 is outside array bounds of
‘void[9223372036854775807]’ [-Warray-bounds]
20 | g (q->i);
| ^~
u.c:1:19: note: at offset -4 into object ‘j’ of size 4
1 | struct A { int i, j; } a;
| ^
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug middle-end/101600] [12 Regression] Spurious -Warray-bounds downcasting a polymorphic pointer
2021-07-23 13:55 [Bug c++/101600] New: Spurious -Warray-bounds sbergman at redhat dot com
2021-07-23 21:11 ` [Bug middle-end/101600] [12 Regression] Spurious -Warray-bounds downcasting a polymorphic pointer msebor at gcc dot gnu.org
2021-07-23 21:34 ` msebor at gcc dot gnu.org
@ 2021-08-23 23:42 ` msebor at gcc dot gnu.org
2021-08-24 16:49 ` cvs-commit at gcc dot gnu.org
2021-08-24 16:50 ` msebor at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-08-23 23:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101600
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |patch
--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
Patch: https://gcc.gnu.org/pipermail/gcc-patches/2021-August/577985.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug middle-end/101600] [12 Regression] Spurious -Warray-bounds downcasting a polymorphic pointer
2021-07-23 13:55 [Bug c++/101600] New: Spurious -Warray-bounds sbergman at redhat dot com
` (2 preceding siblings ...)
2021-08-23 23:42 ` msebor at gcc dot gnu.org
@ 2021-08-24 16:49 ` cvs-commit at gcc dot gnu.org
2021-08-24 16:50 ` msebor at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-08-24 16:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101600
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>:
https://gcc.gnu.org/g:820f0940d7ace1306430a9dcf1bd9577508a7a7e
commit r12-3124-g820f0940d7ace1306430a9dcf1bd9577508a7a7e
Author: Martin Sebor <msebor@redhat.com>
Date: Tue Aug 24 10:49:11 2021 -0600
Reset PHI base0 flag if it's clear in any argument [PR101977, ...]
Resolves:
PR middle-end/101600 - Spurious -Warray-bounds downcasting a polymorphic
pointer
PR middle-end/101977 - bogus -Warray-bounds on a negative index into a
parameter in conditional with null
gcc/ChangeLog:
PR middle-end/101600
PR middle-end/101977
* gimple-ssa-warn-access.cc (maybe_warn_for_bound): Tighten up
the phrasing of a warning.
(check_access): Use the remaining size after subtracting any offset
rather than the whole object size.
* pointer-query.cc (access_ref::get_ref): Clear BASE0 flag if it's
clear for any nonnull PHI argument.
(compute_objsize): Clear argument.
gcc/testsuite/ChangeLog:
PR middle-end/101600
PR middle-end/101977
* g++.dg/pr100574.C: Prune out valid warning.
* gcc.dg/pr20126.c: Same.
* gcc.dg/Wstringop-overread.c: Adjust text of expected warnings.
Add new instances.
* gcc.dg/warn-strnlen-no-nul.c: Same.
* g++.dg/warn/Warray-bounds-26.C: New test.
* gcc.dg/Warray-bounds-88.c: New test.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug middle-end/101600] [12 Regression] Spurious -Warray-bounds downcasting a polymorphic pointer
2021-07-23 13:55 [Bug c++/101600] New: Spurious -Warray-bounds sbergman at redhat dot com
` (3 preceding siblings ...)
2021-08-24 16:49 ` cvs-commit at gcc dot gnu.org
@ 2021-08-24 16:50 ` msebor at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-08-24 16:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101600
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #5 from Martin Sebor <msebor at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-08-24 16:50 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-23 13:55 [Bug c++/101600] New: Spurious -Warray-bounds sbergman at redhat dot com
2021-07-23 21:11 ` [Bug middle-end/101600] [12 Regression] Spurious -Warray-bounds downcasting a polymorphic pointer msebor at gcc dot gnu.org
2021-07-23 21:34 ` msebor at gcc dot gnu.org
2021-08-23 23:42 ` msebor at gcc dot gnu.org
2021-08-24 16:49 ` cvs-commit at gcc dot gnu.org
2021-08-24 16:50 ` msebor at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).