From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 9E63F385840C; Mon, 17 Jan 2022 22:44:42 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9E63F385840C From: "jason at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/103483] [12 regression] context-sensitive ranges change triggers stringop-overread Date: Mon, 17 Jan 2022 22:44:42 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: middle-end X-Bugzilla-Version: 12.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: jason at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc short_desc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2022 22:44:43 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D103483 Jason Merrill changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jeffreyalaw at gmail dot c= om Summary|context-sensitive ranges |[12 regression] |change triggers |context-sensitive ranges |stringop-overread |change triggers | |stringop-overread --- Comment #15 from Jason Merrill --- Jeff, I remember running into similar issues in the past with jump-threading creating nonsensical blocks which we would then give other warnings about, = and I think you fixed at least one of those. Do you have any input that could = help guide us to a resolution of this problem? Note that the original testcase no longer warns on trunk because disables the warning entirely. To simplify my example a bit (compile with -O -Wall) char *sink; int mystrlen (const char *p); inline void copy(const char *p) { int L =3D mystrlen (p); if (L < 5) /* Small string magic. */; else __builtin_memcpy (sink, p, L); } void f() { copy ("12"); // bogus warning=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20 } I see that this actually warns as far back as GCC 8; I guess this is an old= er problem that has only gotten more problematic with improvements in value ra= nge propagation. I don't see any plausible way for the user to guard this perfectly reasonab= le code against this warning, other than disabling it. Again, at the point of the memcpy we don't know anything about the probabil= ity of different values of L. With or without the if condition, if we try to memcpy 5 bytes out of "12" we get undefined behavior; that doesn't become m= ore likely because we want to handle small L differently. It creates a branch = that is all undefined behavior, but that doesn't make the branch reachable.=