From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 6B2773858D20; Thu, 3 Mar 2022 18:21:42 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6B2773858D20 From: "msebor at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/104746] [12 Regression] False positive for -Wformat-overflow=2 since r12-7033-g3c9f762ad02f398c Date: Thu, 03 Mar 2022 18:21:42 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 12.0 X-Bugzilla-Keywords: diagnostic, lto X-Bugzilla-Severity: normal X-Bugzilla-Who: msebor at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 12.0 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2022 18:21:42 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D104746 --- Comment #5 from Martin Sebor --- (In reply to Martin Li=C5=A1ka from comment #3) This is an example of the "symbolic constraints involving multiple argument= s" that I mentioned in comment #1. There is no logic to determine from the complex relationship between the lengths of the two strings that their sum = also constrains the output of the call to avoid the overflow. A similar example= of the same problem is below. The conditional guarantees that each of i and j produces exactly one digit on output, but the all the warning logic conside= rs is the range of the arguments, which is [0, INT_MAX]. Unlike in the string case, I think here Ranger could actually set the range of i and j to be [0,= 9] on the assumption the sum doesn't overflow, but that would still not avoid = the warning unless the code also checked the range of the sum. $ cat b.c && gcc -O2 -S -Wall -Wformat-overflow=3D2 b.c char a[3]; void f (int i, int j) { if (i < 0 || j < 0 || i + j > 9) return; __builtin_sprintf (a, "%u%u", i, j); } b.c: In function =E2=80=98f=E2=80=99: b.c:8:26: warning: =E2=80=98%u=E2=80=99 directive writing between 1 and 10 = bytes into a region of size 4 [-Wformat-overflow=3D] 8 | __builtin_sprintf (a, "%u%u", i, j); | ^~ b.c:8:25: note: using the range [0, 4294967295] for directive argument 8 | __builtin_sprintf (a, "%u%u", i, j); | ^~~~~~ b.c:8:25: note: using the range [0, 4294967295] for directive argument b.c:8:3: note: =E2=80=98__builtin_sprintf=E2=80=99 output between 3 and 21 = bytes into a destination of size 4 8 | __builtin_sprintf (a, "%u%u", i, j); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=