From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 692D6382FCBA; Tue, 6 Dec 2022 09:11:43 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 692D6382FCBA DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1670317903; bh=JbBm2BSFObWljdNKiiP+Q09/Po53L3Cq1VzjAR+rCWA=; h=From:To:Subject:Date:In-Reply-To:References:From; b=C9PbfHhXC4n4JzQW2LRWUnokB1zETR1RdQupFQJ+h4mnz+iDa9OlWMGw03uGjKcy5 VnWUurLVL/mrdjyWnXgznbRMfu2et8J+u86gkc4ZyNuLoBTZDKV2jnuezdLdTjaMSW Xe5l1Ud8eX6Y0cekSdoqii4OF7vB9kJNg6M2UcbQ= From: "rguenth at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/104475] [12/13 Regression] Wstringop-overflow + atomics incorrect warning on dynamic object Date: Tue, 06 Dec 2022 09:11:42 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 12.0 X-Bugzilla-Keywords: diagnostic, missed-optimization X-Bugzilla-Severity: normal X-Bugzilla-Who: rguenth at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 12.3 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D104475 --- Comment #16 from Richard Biener --- The odd thing is that we do /* Pointer constants other than null smaller than param_min_pagesize might be the result of erroneous null pointer addition/subtraction. Unless zero is a valid address set size to zero. For null pointer= s, set size to the maximum for now since those may be the result of jump threading. Similarly, for values >=3D param_min_pagesize in order to support (type *) 0x7cdeab00. */ if (integer_zerop (ptr) || wi::to_widest (ptr) >=3D param_min_pagesize) pref->set_max_size_range (); so if we plain dereference nullptr we will not diagnose the access but if we dereference at an address between zero and param_min_pagesize we will. The machinery unfortunately doesn't propagate this decision so the diagnostic itself is quite unhelpful (or would have to replicate the above). The code also doesn't catch upcasting of nullptr which would result in small "negative" pointers. I have a patch improving the diagnostic by means of printing a note like /home/tjmaciei/dev/gcc/include/c++/13.0.0/bits/atomic_base.h:655:34: warnin= g: 'unsigned int __atomic_fetch_and_4(volatile void*, unsigned int, int)' writ= ing 4 bytes into a region of size 0 overflows the destination [-Wstringop-overflow=3D] In member function 'void QFutureInterfaceBase::setThrottled(bool)': cc1plus: note: destination object is likely at address zero amending each and every "into a region of size 0" case would be tedious sin= ce the API used there doesn't pass down the object I amended.=