public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "msebor at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/101977] array subscript 0 is outside array bounds Date: Thu, 19 Aug 2021 21:06:44 +0000 [thread overview] Message-ID: <bug-101977-4-odx69lSDOh@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-101977-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101977 Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Last reconfirmed| |2021-08-19 Status|UNCONFIRMED |ASSIGNED --- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> --- Stepping through the GCC code it looks like the same problem as in pr101600. The warning doesn't reset the base0 flag when processing a PHI node involving null pointers and those that don't point to known objects. Here's a simple C test case. The one in pr101600 is C++ so I'll keep this open just to remember to add both. $ cat z.c && gcc -O2 -S -Wall -fdump-tree-vrp1=/dev/stdout z.c struct A { int i; }; struct B { struct A a1; struct A a2; }; void f (struct A *p, int i) { struct A *q = i < 0 ? 0 : 0 < i ? p : 0; struct B *r = (struct B*)((char *)q - __builtin_offsetof (struct B, a2)); r->a1.i = 0; } ;; Function f (f, funcdef_no=0, decl_uid=1949, cgraph_uid=1, symbol_order=0) ;; 1 loops found ;; ;; Loop 0 ;; header 0, latch 1 ;; depth 0, outer -1 ;; nodes: 0 1 2 3 4 6 ;; 2 succs { 3 6 } ;; 3 succs { 6 4 } ;; 4 succs { 6 } ;; 6 succs { 1 } SSA replacement table N_i -> { O_1 ... O_j } means that N_i replaces O_1, ..., O_j i_6 -> { i_2(D) } Incremental SSA update started at block: 2 Number of blocks in CFG: 7 Number of blocks to update: 2 ( 29%) Value ranges after VRP: iftmp.0_1: struct A * VARYING i_2(D): int VARYING p_3(D): struct A * VARYING i_6: int [0, +INF] EQUIVALENCES: { i_2(D) } (1 elements) z.c: In function ‘f’: z.c:8:4: warning: array subscript 0 is outside array bounds of ‘struct A[2305843009213693951]’ [-Warray-bounds] 8 | r->a1.i = 0; | ^~ z.c:4:19: note: at offset -4 into object ‘p’ of size [0, 9223372036854775807] 4 | void f (struct A *p, int i) | ~~~~~~~~~~^ void f (struct A * p, int i) { struct A * iftmp.0_1; <bb 2> [local count: 1073741824]: if (i_2(D) >= 0) goto <bb 3>; [59.00%] else goto <bb 5>; [41.00%] <bb 3> [local count: 633507681]: if (i_2(D) != 0) goto <bb 5>; [50.00%] else goto <bb 4>; [50.00%] <bb 4> [local count: 316753840]: <bb 5> [local count: 1073741824]: # iftmp.0_1 = PHI <0B(4), 0B(2), p_3(D)(3)> <<< p_3(D)(3) is an function argument MEM[(struct B *)iftmp.0_1 + -4B].a1.i = 0; <<< -Warray-bounds return; } As an aside, the usual practice is to include a test case or a translation unit when reporting a bug. I reproduced the warning myself by building Binutils so I don't need the details we normally ask for, but it would be nice to at least mention what you believe is wrong, if only as a courtesy, and how you convinced yourself of it.
next prev parent reply other threads:[~2021-08-19 21:06 UTC|newest] Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-08-19 11:47 [Bug tree-optimization/101977] New: " amodra at gmail dot com 2021-08-19 21:06 ` msebor at gcc dot gnu.org [this message] 2021-08-19 21:07 ` [Bug tree-optimization/101977] [12 Regression] " msebor at gcc dot gnu.org 2021-08-23 23:41 ` msebor at gcc dot gnu.org 2021-08-24 16:49 ` cvs-commit at gcc dot gnu.org 2021-08-24 16:50 ` msebor at gcc dot gnu.org 2021-08-24 16:50 ` msebor at gcc dot gnu.org 2021-08-24 17:01 ` msebor at gcc dot gnu.org 2021-08-25 0:11 ` amodra at gmail dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-101977-4-odx69lSDOh@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).