[Bug fortran/101919] New: Inconsistent -Wstringop-overread warning with -flto

[Bug fortran/101919] New: Inconsistent -Wstringop-overread warning with -flto

[rimvydas.jas at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101919

            Bug ID: 101919
           Summary: Inconsistent -Wstringop-overread warning with -flto
           Product: gcc
           Version: 11.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: fortran
          Assignee: unassigned at gcc dot gnu.org
          Reporter: rimvydas.jas at gmail dot com
  Target Milestone: ---

$ cat gl_test.f90
program foo
implicit none
character(len=100) :: c =' '
if (c(1:12) == 'Accumulated ') c = c(13:len_trim(c))
end program

$ gfortran -Wall -Wextra gl_test.f90
$ gfortran -Wall -Wextra -flto gl_test.f90
gl_test.f90: In function 'foo':
gl_test.f90:4:52: warning: '__builtin_memmove' reading 100 bytes from a region
of size 88 [-Wstringop-overread]
    4 | if (c(1:12) == 'Accumulated ') c = c(13:len_trim(c))
      |                                                    ^
gl_test.f90:3:23: note: at offset 12 into source object 'c' of size 100
    3 | character(len=100) :: c =' '
      |                       ^

[Bug fortran/101919] Inconsistent -Wstringop-overread warning with -flto

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101919

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |97048
                 CC|                            |msebor at gcc dot gnu.org
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1
      Known to fail|                            |11.2.0, 12.0
   Last reconfirmed|                            |2021-11-09

--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Confirmed with 11 and top of trunk.  I think there are two problems: 1)
-Wstringop-overread is a C/C++ only option that shouldn't be issued for FORTRAN
code, and 2) the code the warning triggers for in the IL does look invalid:

  <bb 3> [local count: 536870913]:
  _8 = _gfortran_string_len_trim (100, &c);
  _9 = (integer(kind=4)) _8;
  _10 = (integer(kind=8)) _9;
  if (_10 <= 111)
    goto <bb 4>; [50.00%]
  else
    goto <bb 5>; [50.00%]

  <bb 5> [local count: 268435456]:
  __builtin_memmove (&c, &c[13]{lb: 1 sz: 1}, 100);   <<< warning here

If I'm reading the FORTRAN code right, c is an array of 100 characters.  The
memmove call copies 100 characters from &c[13], which would make the copy out
of bounds.

(1) is a known problem.  We don't have a way to describe language-specific
options at the LTO level.  They're either LTO options ore they're not, so we
either enable them for all languages or for none.

(2) is an optimizer problem.  It should not be emitting clearly invalid code.


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97048
[Bug 97048] [meta-bug] bogus/missing -Wstringop-overread warnings

[Bug fortran/101919] Inconsistent -Wstringop-overread warning with -flto

[anlauf at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101919

anlauf at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |anlauf at gcc dot gnu.org

--- Comment #2 from anlauf at gcc dot gnu.org ---
Further reduced:

program foo
  implicit none
  character(len=100) :: c = ' ', d = ' '
  integer            :: i
  i = len_trim (c)
  d = c(13:i)
end program

We do not get a warning if the initialization of 'd' is removed,
i.e. it is changed from static to automatic.  The above gives:

pr101919.f90: In function 'foo':
pr101919.f90:6:13: warning: '__builtin_memcpy' reading 100 bytes from a region
of size 88 [-Wstringop-overread]
    6 |   d = c(13:i)
      |             ^
pr101919.f90:3:25: note: at offset 12 into source object 'c' of size 100
    3 |   character(len=100) :: c = ' ', d = ' '
      |                         ^

[Bug fortran/101919] Inconsistent -Wstringop-overread warning with -flto

[aldot at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101919

Bernhard Reutner-Fischer <aldot at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |aldot at gcc dot gnu.org

--- Comment #3 from Bernhard Reutner-Fischer <aldot at gcc dot gnu.org> ---
if c does not contain trailing blank characters then
len_trim(c) can return up to 100, yes.
So the warning would be correct in this case as it would read beyond c (at
least in C).

Coding error?

if (c(1:12) == 'Accumulated ') c = c(13:len_trim(c))
should maybe subtract about 13 from the upper bound of the right hand side?

[Bug fortran/101919] Inconsistent -Wstringop-overread warning with -flto

[anlauf at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101919

--- Comment #4 from anlauf at gcc dot gnu.org ---
This fixes comment#2:

diff --git a/gcc/fortran/trans-expr.c b/gcc/fortran/trans-expr.c
index e7aec3845d3..f7e2a0dba57 100644
--- a/gcc/fortran/trans-expr.c
+++ b/gcc/fortran/trans-expr.c
@@ -8102,10 +8102,12 @@ gfc_trans_string_copy (stmtblock_t * block, tree
dlength, tree dest,
   tmp3 = gfc_finish_block (&tempblock);

   /* The truncated memmove if the slen >= dlen.  */
+  tmp2 = fold_build2_loc (input_location, MIN_EXPR,
+                         TREE_TYPE (slen), slen, dlen);
   tmp2 = build_call_expr_loc (input_location,
                              builtin_decl_explicit (BUILT_IN_MEMMOVE),
                              3, dest, src,
-                             fold_convert (size_type_node, dlen));
+                             fold_convert (size_type_node, tmp2));

   /* The whole copy_string function is there.  */
   tmp = fold_build3_loc (input_location, COND_EXPR, void_type_node, cond2,

[Bug fortran/101919] Inconsistent -Wstringop-overread warning with -flto

[anlauf at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101919

--- Comment #5 from anlauf at gcc dot gnu.org ---
(In reply to anlauf from comment #4)
> This fixes comment#2:

but "regresses" on gfortran.dg/transfer_intrinsic_1.f90 due to an additional
MIN_EXPR.

I haven't found the spot yet that needs to be addressed for comment#0.

[Bug fortran/101919] Inconsistent -Wstringop-overread warning with -flto

[rimvydas.jas at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101919

--- Comment #6 from Rimvydas (RJ) <rimvydas.jas at gmail dot com> ---
Additional reduced testcase.

$ cat bar.F90
subroutine bar()
  implicit none
  character(len=80) :: base
#ifdef V1
  character(len=80),parameter :: f='longname_patterns.xml'
  integer,parameter :: k = len_trim(f)
#else
# ifdef V2
  character(len=80),parameter :: f='longname_patterns.xml'
# else
  character(len=80) :: f='longname_patterns.xml'
# endif
  integer :: k
  k = len_trim(f)
#endif
  base = f(10:k-4)
  print *, base, '@'
end subroutine bar

$ gfortran -DV1 -flto -O0 -Wall -Wextra -c bar.F90
$ gcc -shared bar.o -o libbar.so -fdump-tree-optimized
$ gfortran -DV2 -flto -O1 -Wall -Wextra -c bar.F90
$ gcc -shared bar.o -o libbar.so -fdump-tree-optimized
$ gfortran -DV2 -flto -O0 -Wall -Wextra -c bar.F90
$ gcc -shared bar.o -o libbar.so -fdump-tree-optimized
bar.F90: In function ‘bar’:
bar.F90:16:18: warning: ‘__builtin_memmove’ reading 80 bytes from a region of
size 71 [-Wstringop-overread]
   16 |   base = f(10:k-4)
      |                  ^
$ gfortran -flto -O3 -Wall -Wextra -c bar.F90
$ gcc -shared bar.o -o libbar.so -fdump-tree-optimized
bar.F90: In function ‘bar’:
bar.F90:16:18: warning: ‘__builtin_memcpy’ reading 80 bytes from a region of
size 71 [-Wstringop-overread]
   16 |   base = f(10:k-4)
      |                  ^
bar.F90:11:24: note: at offset 9 into source object ‘f’ of size 80
   11 |   character(len=80) :: f='longname_patterns.xml'
      |

V1 -O0 has:
  __builtin_memcpy (&base, &"longname_patterns.xml                             
                             "[10]{lb: 1 sz: 1}, 8);
  _1 = &base + 8;
  __builtin_memset (_1, 32, 72);

V2 -O0 has:
  unsigned char base[1:80];
  k_10 = 21;
  _1 = k_10 + -4;
  _11 = (long int) _1;
  _2 = _11 + -9;
  _12 = MAX_EXPR <_2, 0>;                < --- discarded ?
  _3 = _11 + -9;
  _13 = MAX_EXPR <_3, 0>;
  _14 = &base;
  _15 = &"longname_patterns.xml                                                
          "[10]{lb: 1 sz: 1};
  if (_13 <= 79)                         < --- will always be false
    goto <bb 3>; [INV]
  else
    goto <bb 4>; [INV]
  <bb 3> :
  _4 = (long unsigned int) _13;
  __builtin_memmove (_14, _15, _4);
  _5 = 80 - _13;
  _6 = (long unsigned int) _5;
  _7 = (sizetype) _13;
  _8 = _14 + _7;
  __builtin_memset (_8, 32, _6);
  goto <bb 5>; [INV]
  <bb 4> :
  __builtin_memmove (_14, _15, 80);


V3 -O3 has:
  static unsigned char f[1:80] = <<< error >>>;
  _1 = _gfortran_string_len_trim (80, &f);
  k_10 = (int) _1;
  _2 = k_10 + -4;
  if (_2 <= 88)                         < --- no lower bound and redundant
    goto <bb 3>; [50.00%]
  else
    goto <bb 4>; [50.00%]
  <bb 3> [local count: 536870913]:
  _11 = (long int) _2;
  _3 = _11 + -9;
  _12 = MAX_EXPR <_3, 0>;
  _4 = (long unsigned int) _12;
  __builtin_memcpy (&base, &f[10]{lb: 1 sz: 1}, _4);
  _5 = 80 - _12;
  _6 = (long unsigned int) _5;
  _7 = &base + _4;
  __builtin_memset (_7, 32, _6);
  goto <bb 5>; [100.00%]
  <bb 4> [local count: 536870913]:
  __builtin_memcpy (&base, &f[10]{lb: 1 sz: 1}, 80)