public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "rguenth at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/104492] [12 Regression] Bogus dangling pointer warning at -O3 Date: Mon, 25 Apr 2022 08:43:28 +0000 [thread overview] Message-ID: <bug-104492-4-5IQyPjVQBN@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-104492-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104492 --- Comment #9 from Richard Biener <rguenth at gcc dot gnu.org> --- So IL wise the issue is that we go from <bb 2> : candidates(address-taken)[0].m_size = 2; candidates(address-taken)[0].m_data = "so"; _1 = std::end<const QLatin1String, 1> (&candidates(address-taken)); _2 = std::begin<const QLatin1String, 1> (&candidates(address-taken)); _11 = std::find<const QLatin1String*, QStringView> (_2, _1, &s(address-taken)); _3 = _11; _4 = std::end<const QLatin1String, 1> (&candidates(address-taken)); _13 = _3 != _4; candidates(address-taken) ={v} {CLOBBER(eol)}; return _13; to _32 = std::__find_if<const QLatin1String*, __gnu_cxx::__ops::_Iter_equals_val<const QStringView> > (&candidates(address-taken), &MEM <const struct QLatin1String[1]> [(void *)&candidates(address-taken) + 16B], __pred, D.182436); __pred ={v} {CLOBBER(eol)}; _33 = &MEM <const struct QLatin1String[1]> [(void *)&candidates(address-taken) + 16B] != _32; candidates(address-taken) ={v} {CLOBBER(eol)}; _66 = _33; s(address-taken) ={v} {CLOBBER(eol)}; _19 = _66; retval.0_20 = _19; D.169966(address-taken) ={v} {CLOBBER(eol)}; if (retval.0_20 != 0) exposing the forwarding opportunity into the conditional: _32 = std::__find_if<const QLatin1String*, __gnu_cxx::__ops::_Iter_equals_val<const QStringView> > (&candidates(address-taken), &MEM <const struct QLatin1String[1]> [(void *)&candidates(address-taken) + 16B], __pred, D.182436); __pred ={v} {CLOBBER(eol)}; candidates(address-taken) ={v} {CLOBBER(eol)}; s(address-taken) ={v} {CLOBBER(eol)}; D.169966 ={v} {CLOBBER(eol)}; if (&MEM <const struct QLatin1String[1]> [(void *)&candidates(address-taken) + 16B] != _32) as noted CLOBBERs are not barriers for values but only for memory so any such forwarding (which would also happen for non-equality compares) interferes with the intent of -Wdangling-pointer. I'll note that a CLOBBER does _not_ invalidate the pointer to the storage but only its contents as opposed to some reading of 'realloc' or 'free' semantics imposed by the C standard. The documentation mentions two levels of -Wdangling-pointer but all examples are about either the pointer escaping the function (to the caller) or about accesses to the storage whose contents became indeterminate. Unrolling and IVOPTs/SLSR could also expose re-use of storage accessed by a pointer to the "first" instance of a variable. I'm not sure what can be done about all this for the late pass_warn_access (which runs _very_ late). It's going to be prone to such issues and maybe -Wanalyzer is a better tool for the purpose. I was not successful in auto-reducing the testcase to something that closely resembles the above IL but I guess crafting a manual testcase from it would be possible. For the specific case we now pass 'equality' to pass_waccess::warn_invalid_pointer which is true for the original testcase but is only used to prune diagnostics after free/realloc and not when using the (undocumented) -Wdangling-pointer=3 level (level 3 is also rejected because it has IntegerRange(0, 2)). This case is about iteration over an auto variable and the "found" check being forwarded across the storage invalidation. The following fixes the original (and my misreduced) testcase. I'm going to test it and post it for review. diff --git a/gcc/gimple-ssa-warn-access.cc b/gcc/gimple-ssa-warn-access.cc index 879dbcc1e52..6c404f18db7 100644 --- a/gcc/gimple-ssa-warn-access.cc +++ b/gcc/gimple-ssa-warn-access.cc @@ -3896,13 +3896,13 @@ pass_waccess::warn_invalid_pointer (tree ref, gimple *us e_stmt, return; } + if ((equality && warn_use_after_free < 3) + || (maybe && warn_use_after_free < 2) + || warning_suppressed_p (use_stmt, OPT_Wuse_after_free)) + return; + if (is_gimple_call (inval_stmt)) { - if ((equality && warn_use_after_free < 3) - || (maybe && warn_use_after_free < 2) - || warning_suppressed_p (use_stmt, OPT_Wuse_after_free)) - return; - const tree inval_decl = gimple_call_fndecl (inval_stmt); if ((ref && warning_at (use_loc, OPT_Wuse_after_free, @@ -3923,10 +3923,6 @@ pass_waccess::warn_invalid_pointer (tree ref, gimple *use_stmt, return; } - if ((maybe && warn_dangling_pointer < 2) - || warning_suppressed_p (use_stmt, OPT_Wdangling_pointer_)) - return; - if (DECL_NAME (var)) { if ((ref
next prev parent reply other threads:[~2022-04-25 8:43 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-02-10 19:35 [Bug c++/104492] New: Bogus dangling pointer warning (dangling pointer to ‘candidates’ may be used [-Werror=dangling-pointer=]) thiago at kde dot org 2022-02-10 20:08 ` [Bug c++/104492] " pinskia at gcc dot gnu.org 2022-02-11 0:49 ` [Bug middle-end/104492] [12 Regression] Bogus dangling pointer warning at -O3 msebor at gcc dot gnu.org 2022-02-11 0:59 ` msebor at gcc dot gnu.org 2022-02-11 9:06 ` rguenth at gcc dot gnu.org 2022-02-15 0:40 ` msebor at gcc dot gnu.org 2022-03-09 13:07 ` rguenth at gcc dot gnu.org 2022-03-09 13:07 ` rguenth at gcc dot gnu.org 2022-03-16 16:01 ` msebor at gcc dot gnu.org 2022-04-20 8:52 ` jakub at gcc dot gnu.org 2022-04-25 8:43 ` rguenth at gcc dot gnu.org [this message] 2022-04-27 10:03 ` cvs-commit at gcc dot gnu.org 2022-04-27 10:03 ` rguenth at gcc dot gnu.org 2022-04-27 16:48 ` cvs-commit at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-104492-4-5IQyPjVQBN@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).