public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "msebor at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/102006] A false warning "Array subscript -N is outside array bounds warning" Date: Sat, 21 Aug 2021 18:21:43 +0000 [thread overview] Message-ID: <bug-102006-4-mDFURsEyxK@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-102006-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102006 Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |56456 CC| |msebor at gcc dot gnu.org Keywords| |diagnostic Component|c++ |tree-optimization --- Comment #5 from Martin Sebor <msebor at gcc dot gnu.org> --- I ca confirm the warning but not yet that it's a bug or limitation in GCC. The IL does show an access via an out-of-bounds pointer to a local object: (struct Element *)&holder + -32B, so it's working as designed. I can't tell if the access itself, adjusted for the offset of the member, is valid (i.e., what's D.146911's offset within holder), but even if it is, the warning validates pointers without considering subsequent adjustments so if something earlier ends up emitting one that's out-of-bounds the warning will trigger. The out-of-bounds offset first shows up in the fixup_cfg3 dump. ListHolder is multiply derived from the same base class whose members freely cast the this pointer to the derived class so maybe that somehow results in the intermediate negative offset. The translation unit is almost 90,000 of twisty C++ code so it will take a bit of time to reduce to something manageable. void List_TestFunc (const struct TestContext & context) { ... struct ListHolder holder; ... <bb 3> [local count: 1073741824]: _15 = MEM[(struct base_single_link *)&holder].pNext; if (_15 != 0B) goto <bb 4>; [85.10%] else goto <bb 5>; [14.90%] <bb 4> [local count: 913754293]: iftmp.2_16 = &MEM[(struct Element *)_15 + -32B].D.146911; <bb 5> [local count: 1073741821]: # i$m_p_24 = PHI <iftmp.2_16(4), 0B(3)> goto <bb 8>; [100.00%] ... <bb 8> [local count: 9761289345]: # i$m_p_21 = PHI <i$m_p_24(5), _22(7)> if (&MEM[(struct Element *)&holder + -32B].D.146911 != i$m_p_21) <<< -Warray-bounds goto <bb 6>; [89.00%] else goto <bb 27>; [11.00%] Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456 [Bug 56456] [meta-bug] bogus/missing -Warray-bounds
next prev parent reply other threads:[~2021-08-21 18:21 UTC|newest] Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-08-21 11:35 [Bug c++/102006] New: " d-ef at yandex dot ru 2021-08-21 12:46 ` [Bug c++/102006] " pinskia at gcc dot gnu.org 2021-08-21 13:19 ` d-ef at yandex dot ru 2021-08-21 13:20 ` d-ef at yandex dot ru 2021-08-21 13:23 ` d-ef at yandex dot ru 2021-08-21 18:21 ` msebor at gcc dot gnu.org [this message] 2021-08-23 8:54 ` [Bug tree-optimization/102006] " rguenth at gcc dot gnu.org 2021-08-23 9:50 ` d-ef at yandex dot ru 2021-08-23 9:53 ` d-ef at yandex dot ru 2021-08-27 16:59 ` msebor at gcc dot gnu.org 2021-08-27 17:00 ` msebor at gcc dot gnu.org 2022-02-16 1:33 ` d-ef at yandex dot ru 2022-02-16 17:25 ` msebor at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-102006-4-mDFURsEyxK@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).