From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 2D3363857827; Tue, 12 Oct 2021 06:22:56 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2D3363857827 From: "rguenth at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/102690] [12 regression] g++.dg/warn/Warray-bounds-16.C fails Date: Tue, 12 Oct 2021 06:22:56 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 12.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: rguenth at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 12.0 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cf_reconfirmed_on bug_status everconfirmed Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2021 06:22:56 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D102690 Richard Biener changed: What |Removed |Added ---------------------------------------------------------------------------- Last reconfirmed| |2021-10-12 Status|UNCONFIRMED |NEW Ever confirmed|0 |1 --- Comment #3 from Richard Biener --- Oh, I can probably fix the FAIL: g++.dg/warn/Warray-bounds-16.C -std=3Dgnu++17 scan-tree-dump-not optimized "goto" since the expected optimization is not valid. But the IMHO bogus excess er= ror remains, see PR101480 for an analysis. Quote: -- What we see is the global variable construction function which accesses just 'a', and yes, the call to 'new' is considered clobbering global variables (including 'a'): [local count: 1073741824]: MEM[(struct __as_base &)&a] =3D{v} {CLOBBER}; a.m =3D 0; _5 =3D operator new [] (0); a.p =3D _5; goto ; [100.00%] [local count: 8687547547]: _7 =3D (long unsigned int) i_6; _8 =3D _7 * 4; _9 =3D _5 + _8; MEM[(int *)_9] =3D 0; i_10 =3D i_6 + 1; [local count: 9761289362]: # i_6 =3D PHI <0(2), i_10(3)> _11 =3D a.m; if (i_6 < _11) goto ; [89.00%] else goto ; [11.00%] [local count: 1073741824]: return; I suppose implementing the global operator new as accessing a.m would be valid as IIRC lifetime of a starts when the CTOR is invoked, not when it finished (otherwise the CTOR could not access the variable itself). We somehow conclude that _9: void * [1B, +INF] EQUIVALENCES: { } (0 elements) possibly because it cannot be NULL (?): extract_range_from_stmt visiting: _5 =3D operator new [] (0); Found new range for _5: void * [1B, +INF] marking stmt to be not simulated again (huh?) and then the -Warray-bounds warning concludes the access is always outside of the allocated area. I suspect when we'd arrive at VARYING we'd not issue the warning even when the access would always extend beyond a zero-sized allocation. --=