public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "msebor at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/102006] A false warning "Array subscript -N is outside array bounds warning"
Date: Sat, 21 Aug 2021 18:21:43 +0000 [thread overview]
Message-ID: <bug-102006-4-mDFURsEyxK@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-102006-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102006
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |56456
CC| |msebor at gcc dot gnu.org
Keywords| |diagnostic
Component|c++ |tree-optimization
--- Comment #5 from Martin Sebor <msebor at gcc dot gnu.org> ---
I ca confirm the warning but not yet that it's a bug or limitation in GCC.
The IL does show an access via an out-of-bounds pointer to a local object:
(struct Element *)&holder + -32B, so it's working as designed. I can't tell if
the access itself, adjusted for the offset of the member, is valid (i.e.,
what's D.146911's offset within holder), but even if it is, the warning
validates pointers without considering subsequent adjustments so if something
earlier ends up emitting one that's out-of-bounds the warning will trigger.
The out-of-bounds offset first shows up in the fixup_cfg3 dump. ListHolder is
multiply derived from the same base class whose members freely cast the this
pointer to the derived class so maybe that somehow results in the intermediate
negative offset. The translation unit is almost 90,000 of twisty C++ code so
it will take a bit of time to reduce to something manageable.
void List_TestFunc (const struct TestContext & context)
{
...
struct ListHolder holder;
...
<bb 3> [local count: 1073741824]:
_15 = MEM[(struct base_single_link *)&holder].pNext;
if (_15 != 0B)
goto <bb 4>; [85.10%]
else
goto <bb 5>; [14.90%]
<bb 4> [local count: 913754293]:
iftmp.2_16 = &MEM[(struct Element *)_15 + -32B].D.146911;
<bb 5> [local count: 1073741821]:
# i$m_p_24 = PHI <iftmp.2_16(4), 0B(3)>
goto <bb 8>; [100.00%]
...
<bb 8> [local count: 9761289345]:
# i$m_p_21 = PHI <i$m_p_24(5), _22(7)>
if (&MEM[(struct Element *)&holder + -32B].D.146911 != i$m_p_21) <<<
-Warray-bounds
goto <bb 6>; [89.00%]
else
goto <bb 27>; [11.00%]
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456
[Bug 56456] [meta-bug] bogus/missing -Warray-bounds
next prev parent reply other threads:[~2021-08-21 18:21 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-21 11:35 [Bug c++/102006] New: " d-ef at yandex dot ru
2021-08-21 12:46 ` [Bug c++/102006] " pinskia at gcc dot gnu.org
2021-08-21 13:19 ` d-ef at yandex dot ru
2021-08-21 13:20 ` d-ef at yandex dot ru
2021-08-21 13:23 ` d-ef at yandex dot ru
2021-08-21 18:21 ` msebor at gcc dot gnu.org [this message]
2021-08-23 8:54 ` [Bug tree-optimization/102006] " rguenth at gcc dot gnu.org
2021-08-23 9:50 ` d-ef at yandex dot ru
2021-08-23 9:53 ` d-ef at yandex dot ru
2021-08-27 16:59 ` msebor at gcc dot gnu.org
2021-08-27 17:00 ` msebor at gcc dot gnu.org
2022-02-16 1:33 ` d-ef at yandex dot ru
2022-02-16 17:25 ` msebor at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-102006-4-mDFURsEyxK@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).