public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug tree-optimization/101977] New: array subscript 0 is outside array bounds
@ 2021-08-19 11:47 amodra at gmail dot com
2021-08-19 21:06 ` [Bug tree-optimization/101977] " msebor at gcc dot gnu.org
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: amodra at gmail dot com @ 2021-08-19 11:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101977
Bug ID: 101977
Summary: array subscript 0 is outside array bounds
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: amodra at gmail dot com
Target Milestone: ---
Seen on attempting to build binutils for x86_64-linux with current mainline gcc
/home/alan/build/gcc-virgin/gcc/xgcc -B/home/alan/build/gcc-virgin/gcc/
-DHAVE_CONFIG_H -I. -I/home/alan/src/binutils-gdb/bfd
-DBINDIR=\"/usr/local/bin\" -DLIBDIR=\"/usr/local/lib\" -I.
-I/home/alan/src/binutils-gdb/bfd -I/home/alan/src/binutils-gdb/bfd/../include
-DHAVE_all_vecs -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wshadow
-Wstack-usage=262144 -Werror -I/home/alan/src/binutils-gdb/bfd/../zlib -g -O2
-MT section.lo -MD -MP -MF .deps/section.Tpo -c
/home/alan/src/binutils-gdb/bfd/section.c -o section.o
In function ‘bfd_get_next_section_by_name’,
inlined from ‘bfd_get_linker_section’ at
/home/alan/src/binutils-gdb/bfd/section.c:976:11:
/home/alan/src/binutils-gdb/bfd/section.c:936:8: error: array subscript 0 is
outside array bounds of ‘asection[31160040665049918]’ {aka ‘struct
bfd_section[31160040665049918]’} [-Werror=array-bounds]
936 | hash = sh->root.hash;
| ~~~~~^~~~~~~~~~~~~~~
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/101977] array subscript 0 is outside array bounds
2021-08-19 11:47 [Bug tree-optimization/101977] New: array subscript 0 is outside array bounds amodra at gmail dot com
@ 2021-08-19 21:06 ` msebor at gcc dot gnu.org
2021-08-19 21:07 ` [Bug tree-optimization/101977] [12 Regression] " msebor at gcc dot gnu.org
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-08-19 21:06 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101977
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2021-08-19
Status|UNCONFIRMED |ASSIGNED
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Stepping through the GCC code it looks like the same problem as in pr101600.
The warning doesn't reset the base0 flag when processing a PHI node involving
null pointers and those that don't point to known objects. Here's a simple C
test case. The one in pr101600 is C++ so I'll keep this open just to remember
to add both.
$ cat z.c && gcc -O2 -S -Wall -fdump-tree-vrp1=/dev/stdout z.c
struct A { int i; };
struct B { struct A a1; struct A a2; };
void f (struct A *p, int i)
{
struct A *q = i < 0 ? 0 : 0 < i ? p : 0;
struct B *r = (struct B*)((char *)q - __builtin_offsetof (struct B, a2));
r->a1.i = 0;
}
;; Function f (f, funcdef_no=0, decl_uid=1949, cgraph_uid=1, symbol_order=0)
;; 1 loops found
;;
;; Loop 0
;; header 0, latch 1
;; depth 0, outer -1
;; nodes: 0 1 2 3 4 6
;; 2 succs { 3 6 }
;; 3 succs { 6 4 }
;; 4 succs { 6 }
;; 6 succs { 1 }
SSA replacement table
N_i -> { O_1 ... O_j } means that N_i replaces O_1, ..., O_j
i_6 -> { i_2(D) }
Incremental SSA update started at block: 2
Number of blocks in CFG: 7
Number of blocks to update: 2 ( 29%)
Value ranges after VRP:
iftmp.0_1: struct A * VARYING
i_2(D): int VARYING
p_3(D): struct A * VARYING
i_6: int [0, +INF] EQUIVALENCES: { i_2(D) } (1 elements)
z.c: In function ‘f’:
z.c:8:4: warning: array subscript 0 is outside array bounds of ‘struct
A[2305843009213693951]’ [-Warray-bounds]
8 | r->a1.i = 0;
| ^~
z.c:4:19: note: at offset -4 into object ‘p’ of size [0, 9223372036854775807]
4 | void f (struct A *p, int i)
| ~~~~~~~~~~^
void f (struct A * p, int i)
{
struct A * iftmp.0_1;
<bb 2> [local count: 1073741824]:
if (i_2(D) >= 0)
goto <bb 3>; [59.00%]
else
goto <bb 5>; [41.00%]
<bb 3> [local count: 633507681]:
if (i_2(D) != 0)
goto <bb 5>; [50.00%]
else
goto <bb 4>; [50.00%]
<bb 4> [local count: 316753840]:
<bb 5> [local count: 1073741824]:
# iftmp.0_1 = PHI <0B(4), 0B(2), p_3(D)(3)> <<< p_3(D)(3) is an function
argument
MEM[(struct B *)iftmp.0_1 + -4B].a1.i = 0; <<< -Warray-bounds
return;
}
As an aside, the usual practice is to include a test case or a translation unit
when reporting a bug. I reproduced the warning myself by building Binutils so
I don't need the details we normally ask for, but it would be nice to at least
mention what you believe is wrong, if only as a courtesy, and how you convinced
yourself of it.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/101977] [12 Regression] array subscript 0 is outside array bounds
2021-08-19 11:47 [Bug tree-optimization/101977] New: array subscript 0 is outside array bounds amodra at gmail dot com
2021-08-19 21:06 ` [Bug tree-optimization/101977] " msebor at gcc dot gnu.org
@ 2021-08-19 21:07 ` msebor at gcc dot gnu.org
2021-08-23 23:41 ` msebor at gcc dot gnu.org
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-08-19 21:07 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101977
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |12.0
Assignee|unassigned at gcc dot gnu.org |msebor at gcc dot gnu.org
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/101977] [12 Regression] array subscript 0 is outside array bounds
2021-08-19 11:47 [Bug tree-optimization/101977] New: array subscript 0 is outside array bounds amodra at gmail dot com
2021-08-19 21:06 ` [Bug tree-optimization/101977] " msebor at gcc dot gnu.org
2021-08-19 21:07 ` [Bug tree-optimization/101977] [12 Regression] " msebor at gcc dot gnu.org
@ 2021-08-23 23:41 ` msebor at gcc dot gnu.org
2021-08-24 16:49 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-08-23 23:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101977
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |patch
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
Patch: https://gcc.gnu.org/pipermail/gcc-patches/2021-August/577985.html
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/101977] [12 Regression] array subscript 0 is outside array bounds
2021-08-19 11:47 [Bug tree-optimization/101977] New: array subscript 0 is outside array bounds amodra at gmail dot com
` (2 preceding siblings ...)
2021-08-23 23:41 ` msebor at gcc dot gnu.org
@ 2021-08-24 16:49 ` cvs-commit at gcc dot gnu.org
2021-08-24 16:50 ` msebor at gcc dot gnu.org
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-08-24 16:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101977
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>:
https://gcc.gnu.org/g:820f0940d7ace1306430a9dcf1bd9577508a7a7e
commit r12-3124-g820f0940d7ace1306430a9dcf1bd9577508a7a7e
Author: Martin Sebor <msebor@redhat.com>
Date: Tue Aug 24 10:49:11 2021 -0600
Reset PHI base0 flag if it's clear in any argument [PR101977, ...]
Resolves:
PR middle-end/101600 - Spurious -Warray-bounds downcasting a polymorphic
pointer
PR middle-end/101977 - bogus -Warray-bounds on a negative index into a
parameter in conditional with null
gcc/ChangeLog:
PR middle-end/101600
PR middle-end/101977
* gimple-ssa-warn-access.cc (maybe_warn_for_bound): Tighten up
the phrasing of a warning.
(check_access): Use the remaining size after subtracting any offset
rather than the whole object size.
* pointer-query.cc (access_ref::get_ref): Clear BASE0 flag if it's
clear for any nonnull PHI argument.
(compute_objsize): Clear argument.
gcc/testsuite/ChangeLog:
PR middle-end/101600
PR middle-end/101977
* g++.dg/pr100574.C: Prune out valid warning.
* gcc.dg/pr20126.c: Same.
* gcc.dg/Wstringop-overread.c: Adjust text of expected warnings.
Add new instances.
* gcc.dg/warn-strnlen-no-nul.c: Same.
* g++.dg/warn/Warray-bounds-26.C: New test.
* gcc.dg/Warray-bounds-88.c: New test.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/101977] [12 Regression] array subscript 0 is outside array bounds
2021-08-19 11:47 [Bug tree-optimization/101977] New: array subscript 0 is outside array bounds amodra at gmail dot com
` (3 preceding siblings ...)
2021-08-24 16:49 ` cvs-commit at gcc dot gnu.org
@ 2021-08-24 16:50 ` msebor at gcc dot gnu.org
2021-08-24 16:50 ` msebor at gcc dot gnu.org
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-08-24 16:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101977
Bug 101977 depends on bug 101600, which changed state.
Bug 101600 Summary: [12 Regression] Spurious -Warray-bounds downcasting a polymorphic pointer
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101600
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/101977] [12 Regression] array subscript 0 is outside array bounds
2021-08-19 11:47 [Bug tree-optimization/101977] New: array subscript 0 is outside array bounds amodra at gmail dot com
` (4 preceding siblings ...)
2021-08-24 16:50 ` msebor at gcc dot gnu.org
@ 2021-08-24 16:50 ` msebor at gcc dot gnu.org
2021-08-24 17:01 ` msebor at gcc dot gnu.org
2021-08-25 0:11 ` amodra at gmail dot com
7 siblings, 0 replies; 9+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-08-24 16:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101977
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #4 from Martin Sebor <msebor at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/101977] [12 Regression] array subscript 0 is outside array bounds
2021-08-19 11:47 [Bug tree-optimization/101977] New: array subscript 0 is outside array bounds amodra at gmail dot com
` (5 preceding siblings ...)
2021-08-24 16:50 ` msebor at gcc dot gnu.org
@ 2021-08-24 17:01 ` msebor at gcc dot gnu.org
2021-08-25 0:11 ` amodra at gmail dot com
7 siblings, 0 replies; 9+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-08-24 17:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101977
--- Comment #5 from Martin Sebor <msebor at gcc dot gnu.org> ---
The -Warray-bounds for section.c is gone but last night's build still shows a
large number of -Warray-bounds instances as well as other warnings for Binutils
& GDB. I haven't analyzed any of them. The breakdown is below:
Diagnostic Count Unique Files
-Wimplicit-function-declaration 99 70 15
-Warray-bounds 79 1 1
-Wpointer-sign 54 54 8
-Wmaybe-uninitialized 43 37 22
-Wmissing-prototypes 42 32 9
-Wincompatible-pointer-types 42 42 1
-Wpointer-to-int-cast 11 11 2
-Wparentheses 11 11 3
-Wint-to-pointer-cast 9 9 1
-Wformat= 6 3 2
-Walloc-zero 6 2 2
-Wconflicts-sr 5 5 5
-Wunused-value 3 1 1
-Wunused-function 3 3 1
-Wstrict-aliasing 3 3 1
-Wdangling-else 2 2 1
-Wmisleading-indentation 1 1 1
-Wconflicts-rr 1 1 1
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/101977] [12 Regression] array subscript 0 is outside array bounds
2021-08-19 11:47 [Bug tree-optimization/101977] New: array subscript 0 is outside array bounds amodra at gmail dot com
` (6 preceding siblings ...)
2021-08-24 17:01 ` msebor at gcc dot gnu.org
@ 2021-08-25 0:11 ` amodra at gmail dot com
7 siblings, 0 replies; 9+ messages in thread
From: amodra at gmail dot com @ 2021-08-25 0:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101977
--- Comment #6 from Alan Modra <amodra at gmail dot com> ---
(In reply to Martin Sebor from comment #5)
> The -Warray-bounds for section.c is gone
Thanks for fixing that.
> but last night's build still shows
> a large number of -Warray-bounds instances as well as other warnings for
> Binutils & GDB.
I built gcc and binutils+gdb just now and see that these are all in sim/ with
the exception of -Wconflicts-sr and -Wconflicts-rr bison warnings, and this
libstdc++ warning:
home/alan/build/gcc-virgin/prev-x86_64-linux/libstdc++-v3/include/bits/stl_algo.h:1869:32:
error: array subscript 19 is outside array bounds of ‘void [136]’
[-Werror=array-bounds]
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2021-08-25 0:11 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-19 11:47 [Bug tree-optimization/101977] New: array subscript 0 is outside array bounds amodra at gmail dot com
2021-08-19 21:06 ` [Bug tree-optimization/101977] " msebor at gcc dot gnu.org
2021-08-19 21:07 ` [Bug tree-optimization/101977] [12 Regression] " msebor at gcc dot gnu.org
2021-08-23 23:41 ` msebor at gcc dot gnu.org
2021-08-24 16:49 ` cvs-commit at gcc dot gnu.org
2021-08-24 16:50 ` msebor at gcc dot gnu.org
2021-08-24 16:50 ` msebor at gcc dot gnu.org
2021-08-24 17:01 ` msebor at gcc dot gnu.org
2021-08-25 0:11 ` amodra at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).