public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "sagebar at web dot de" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug c/105689] New: Bogus `-Wstringop-overflow=` after accessing field, then containing struct (wrong "region size") Date: Sun, 22 May 2022 11:30:51 +0000 [thread overview] Message-ID: <bug-105689-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105689 Bug ID: 105689 Summary: Bogus `-Wstringop-overflow=` after accessing field, then containing struct (wrong "region size") Product: gcc Version: 12.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: sagebar at web dot de Target Milestone: --- The following code wrongly produces a warning `[-Wstringop-overflow=`: Compile (using `gcc -c -O2 infile.c`) ``` struct subobject { int field1; int field2; }; struct myobject { struct subobject sub; }; extern void access_1(int *a); extern __attribute__((access(read_write, 1))) void access_2(struct subobject *); void myfunc(struct myobject *me) { // { void *p __attribute__((unused)) = &me->sub; } access_1(&me->sub.field1); access_2(&me->sub); } ``` ======= Output (gcc-12) ======= >infile.c: In function 'myfunc': >infile.c:16:9: warning: 'access_2' accessing 8 bytes in a region of size 4 [-Wstringop-overflow=] > 16 | access_2(&me->sub); > | ^~~~~~~~~~~~~~~~~~ >infile.c:11:52: note: in a call to function 'access_2' declared with attribute 'access (read_write, 1)' > 11 | extern __attribute__((access(read_write, 1))) void access_2(struct subobject *); > | ^~~~~~~~ ======= Output (expected) ======= ><No warning> ======= Notes ======= - By uncommenting the line `{ void *p __attribute__((unused)) = &me->sub; }`, the warning goes away, even though that line literally does nothing. (see Theory below) - I was able to observe this bug in gcc-12.1.0 and gcc-11.2.0 ======= Theory ======= It seems that this has got something to do with some internal, hidden attribute (relating to the "region size") attached to some field-expression the first time that field is accessed, only that when accessing `me->sub.field1` (where `offsetof(field1) == 0`) before `me->sub`, that "region size" attribute wrongfully also gets attached to `me->sub`. Then, when an access to `me->sub` actually happens, gcc seems to think that the "region size" of `me->sub` as a whole matches the size of the previously accessed field (`me->sub.field1`). This seems further compounded by the fact that this only happens when `field1` is the first field of `subobject` (i.e. has offset 0). If we insert another field `int field0;` before it, the warning also disappears (so something in gcc's logic appears to make it think that `region_size_of(<field-at-offset-0>) == region_size_of(<containing-struct>)`)
next reply other threads:[~2022-05-22 11:30 UTC|newest] Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-05-22 11:30 sagebar at web dot de [this message] 2022-05-23 7:30 ` [Bug c/105689] " rguenth at gcc dot gnu.org 2022-05-23 20:27 ` msebor at gcc dot gnu.org 2023-05-17 20:56 ` [Bug tree-optimization/105689] " pinskia at gcc dot gnu.org 2023-05-17 21:00 ` pinskia at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-105689-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).