From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id C1311384B82F; Sun, 22 May 2022 11:30:51 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C1311384B82F From: "sagebar at web dot de" To: gcc-bugs@gcc.gnu.org Subject: [Bug c/105689] New: Bogus `-Wstringop-overflow=` after accessing field, then containing struct (wrong "region size") Date: Sun, 22 May 2022 11:30:51 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c X-Bugzilla-Version: 12.1.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: sagebar at web dot de X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 May 2022 11:30:51 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D105689 Bug ID: 105689 Summary: Bogus `-Wstringop-overflow=3D` after accessing field, then containing struct (wrong "region size") Product: gcc Version: 12.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: sagebar at web dot de Target Milestone: --- The following code wrongly produces a warning `[-Wstringop-overflow=3D`: Compile (using `gcc -c -O2 infile.c`) ``` struct subobject { int field1; int field2; }; struct myobject { struct subobject sub; }; extern void access_1(int *a); extern __attribute__((access(read_write, 1))) void access_2(struct subobject *); void myfunc(struct myobject *me) { // { void *p __attribute__((unused)) =3D &me->sub; } access_1(&me->sub.field1); access_2(&me->sub); } ``` =3D=3D=3D=3D=3D=3D=3D Output (gcc-12) =3D=3D=3D=3D=3D=3D=3D >infile.c: In function 'myfunc': >infile.c:16:9: warning: 'access_2' accessing 8 bytes in a region of size 4= [-Wstringop-overflow=3D] > 16 | access_2(&me->sub); > | ^~~~~~~~~~~~~~~~~~ >infile.c:11:52: note: in a call to function 'access_2' declared with attri= bute 'access (read_write, 1)' > 11 | extern __attribute__((access(read_write, 1))) void access_2(struct= subobject *); > | ^~~~~~~~ =3D=3D=3D=3D=3D=3D=3D Output (expected) =3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D Notes =3D=3D=3D=3D=3D=3D=3D - By uncommenting the line `{ void *p __attribute__((unused)) =3D &me->sub;= }`, the warning goes away, even though that line literally does nothing. (see Theory below) - I was able to observe this bug in gcc-12.1.0 and gcc-11.2.0 =3D=3D=3D=3D=3D=3D=3D Theory =3D=3D=3D=3D=3D=3D=3D It seems that this has got something to do with some internal, hidden attri= bute (relating to the "region size") attached to some field-expression the first time that field is accessed, only that when accessing `me->sub.field1` (whe= re `offsetof(field1) =3D=3D 0`) before `me->sub`, that "region size" attribute wrongfully also gets attached to `me->sub`. Then, when an access to `me->su= b` actually happens, gcc seems to think that the "region size" of `me->sub` as= a whole matches the size of the previously accessed field (`me->sub.field1`). This seems further compounded by the fact that this only happens when `fiel= d1` is the first field of `subobject` (i.e. has offset 0). If we insert another field `int field0;` before it, the warning also disappears (so something in gcc's logic appears to make it think that `region_size_of() =3D=3D region_size_of()`)=