From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 272E1385E448; Thu, 13 Jan 2022 23:16:29 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 272E1385E448 From: "msebor at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/104017] unexpeted -Warray-bounds popping a fixed number of std::deque elements Date: Thu, 13 Jan 2022 23:16:29 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 9.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: msebor at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jan 2022 23:16:29 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D104017 --- Comment #1 from Martin Sebor --- The warning triggers for the clobber statement in bb 43 below. _236 is ass= umed to point to the beginning of the block of 512 bytes allocated by new, so subtracting a positive integer from it or adding one in excess of 512 is invalid, as is dereferencing the result: [local count: 118111600]: ... _229 =3D operator new (512); >>> _229 ... [local count: 50546886]: _176 =3D p.D.20902._M_impl.D.20257._M_finish._M_first; if (_176 !=3D _229) goto ; [82.57%] else goto ; [17.43%] [local count: 41736564]: _236 =3D ASSERT_EXPR <_229, _229 !=3D _176>; <<< _229 _177 =3D _236 + 18446744073709551608; p.D.20951._M_impl.D.20306._M_finish._M_cur =3D _177; MEM[(const struct Node * *)_236 + -8B] =3D{v} {CLOBBER}; <<< -Warray-bo= unds goto ; [100.00%] I view the warning as helpful here (and so not a false positive even) becau= se the test function assumes the loop inserts at least three elements into the container. If it doesn't, one of the pop() calls will crash. A more compelling test case would guard each if the pop() calls to prevent = the crash, like below: #include struct Node { Node const * parent =3D nullptr; }; void func(Node const * n) { std::deque p; Node const * e =3D n; while (e !=3D nullptr) { p.push_front(e); e =3D e->parent; } if (p.size ()) p.pop_front(); if (p.size ()) p.pop_front(); if (p.size ()) p.pop_back(); } This test case also triggers a warning, for the same reason: GCC can't determine the relationship between a deque's internal node pointers and the result of std::deque::size() (which is a function of the node pointers).=