public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/105918] New: Spurious Warray-bounds in std::to_chars
@ 2022-06-10 14:01 ed at catmur dot uk
2022-06-21 5:48 ` [Bug tree-optimization/105918] [12/13 Regression] " pinskia at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: ed at catmur dot uk @ 2022-06-10 14:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105918
Bug ID: 105918
Summary: Spurious Warray-bounds in std::to_chars
Product: gcc
Version: 12.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: ed at catmur dot uk
Target Milestone: ---
#include <charconv>
template<int N>
std::to_chars_result toChars(char (& buf)[N], int number) {
char temp[N];
std::to_chars_result result = std::to_chars(temp, temp + N, number);
if (result.ec != std::errc())
return result;
char* it = temp;
char* end = result.ptr;
std::size_t i = 0u;
while (i != N && it != end)
buf[i++] = *it++;
if (i != N)
buf[i] = '\0';
return std::to_chars_result{.ptr = buf + (result.ptr - temp), .ec =
std::errc()};
}
#include <memory>
struct ar {
struct V { bool value; } value;
std::unique_ptr<int> s;
};
void f(...);
ar g();
ar evaluate(bool value) {
ar res{value};
if (res.value.value)
return res;
return g();
}
#define CHECK(P) f(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, evaluate(P), 0, 0, 0, 0, 0, 0,
0, 0, 0 );
int main() {
char s3[3];
auto res3 = toChars(s3, 12);
CHECK((res3.ec == std::errc()));
CHECK((s3[0] == '1'));
CHECK((s3[1] == '2'));
CHECK((s3[2] == '\0'));
char s1[1];
auto res1 = toChars(s1, 12);
CHECK((res1.ec != std::errc()));
}
Compiled at -O3 -Warray-bounds:
In file included from include/c++/12.1.0/charconv:42,
from <source>:1:
In function 'void std::__detail::__to_chars_10_impl(char*, unsigned int, _Tp)
[with _Tp = unsigned int]',
inlined from 'std::__detail::__integer_to_chars_result_type<_Tp>
std::__detail::__to_chars_10(char*, char*, _Tp) [with _Tp = unsigned int]' at
include/c++/12.1.0/charconv:225:35,
inlined from 'std::__detail::__integer_to_chars_result_type<_Tp>
std::__to_chars_i(char*, char*, _Tp, int) [with _Tp = int]' at
include/c++/12.1.0/charconv:351:32,
inlined from 'std::to_chars_result std::to_chars(char*, char*, int, int)'
at include/c++/12.1.0/charconv:370:1,
inlined from 'std::to_chars_result toChars(char (&)[N], int) [with int N =
1]' at <source>:7:48:
include/c++/12.1.0/bits/charconv.h:95:22: warning: array subscript 1 is outside
array bounds of 'char [1]' [-Warray-bounds]
95 | __first[1] = __digits[__num + 1];
| ~~~~~~~~~~~^~~~~~~~~~~
<source>: In function 'std::to_chars_result toChars(char (&)[N], int) [with int
N = 1]':
<source>:6:10: note: at offset 1 into object 'temp' of size 1
6 | char temp[N];
| ^~~~
<source>:6:10: note: at offset 2 into object 'temp' of size 1
Compiler returned: 0
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug tree-optimization/105918] [12/13 Regression] Spurious Warray-bounds in std::to_chars
2022-06-10 14:01 [Bug c++/105918] New: Spurious Warray-bounds in std::to_chars ed at catmur dot uk
@ 2022-06-21 5:48 ` pinskia at gcc dot gnu.org
2022-07-08 12:34 ` [Bug tree-optimization/105918] [12/13 Regression] Spurious Warray-bounds in std::to_chars since r12-2132-ga110855667782dac marxin at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-06-21 5:48 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105918
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Spurious Warray-bounds in |[12/13 Regression] Spurious
|std::to_chars |Warray-bounds in
| |std::to_chars
Target Milestone|--- |12.2
Keywords| |needs-bisection,
| |needs-reduction
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Shorter testcase (still need to reduce it futher):
#include <charconv>
void toChars(int number) {
char temp[1];
std::to_chars(temp, temp + 1, number);
}
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug tree-optimization/105918] [12/13 Regression] Spurious Warray-bounds in std::to_chars since r12-2132-ga110855667782dac
2022-06-10 14:01 [Bug c++/105918] New: Spurious Warray-bounds in std::to_chars ed at catmur dot uk
2022-06-21 5:48 ` [Bug tree-optimization/105918] [12/13 Regression] " pinskia at gcc dot gnu.org
@ 2022-07-08 12:34 ` marxin at gcc dot gnu.org
2022-07-25 16:03 ` rguenth at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: marxin at gcc dot gnu.org @ 2022-07-08 12:34 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105918
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2022-07-08
Keywords|needs-bisection |
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
CC| |marxin at gcc dot gnu.org,
| |msebor at gcc dot gnu.org
Summary|[12/13 Regression] Spurious |[12/13 Regression] Spurious
|Warray-bounds in |Warray-bounds in
|std::to_chars |std::to_chars since
| |r12-2132-ga110855667782dac
--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
Started with r12-2132-ga110855667782dac.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug tree-optimization/105918] [12/13 Regression] Spurious Warray-bounds in std::to_chars since r12-2132-ga110855667782dac
2022-06-10 14:01 [Bug c++/105918] New: Spurious Warray-bounds in std::to_chars ed at catmur dot uk
2022-06-21 5:48 ` [Bug tree-optimization/105918] [12/13 Regression] " pinskia at gcc dot gnu.org
2022-07-08 12:34 ` [Bug tree-optimization/105918] [12/13 Regression] Spurious Warray-bounds in std::to_chars since r12-2132-ga110855667782dac marxin at gcc dot gnu.org
@ 2022-07-25 16:03 ` rguenth at gcc dot gnu.org
2022-11-29 18:14 ` rguenth at gcc dot gnu.org
2023-05-08 12:24 ` [Bug tree-optimization/105918] [12/13/14 " rguenth at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-07-25 16:03 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105918
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug tree-optimization/105918] [12/13 Regression] Spurious Warray-bounds in std::to_chars since r12-2132-ga110855667782dac
2022-06-10 14:01 [Bug c++/105918] New: Spurious Warray-bounds in std::to_chars ed at catmur dot uk
` (2 preceding siblings ...)
2022-07-25 16:03 ` rguenth at gcc dot gnu.org
@ 2022-11-29 18:14 ` rguenth at gcc dot gnu.org
2023-05-08 12:24 ` [Bug tree-optimization/105918] [12/13/14 " rguenth at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-11-29 18:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105918
--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
(In reply to Andrew Pinski from comment #1)
> Shorter testcase (still need to reduce it futher):
> #include <charconv>
> void toChars(int number) {
> char temp[1];
> std::to_chars(temp, temp + 1, number);
> }
So the failure mode is std::to_chars treating a negative 'number' specially,
in this case starting from the end. We get
<bb 6> [local count: 536870912]:
# __first_9 = PHI <&temp(4), &MEM <char[1]> [(void *)&temp + 1B](5)>
# __unsigned_val_10 = PHI <__unsigned_val_5(4), __unsigned_val_8(5)>
and
<bb 21> [local count: 241591910]:
__num_47 = __val_28 * 2;
_48 = __num_47 + 1;
_49 = __digits[_48];
MEM[(char *)__first_9 + 1B] = _49;
_50 = __digits[__num_47];
*__first_9 = _50;
here the __first_9 + 1 store is _always_ out of bounds. It might be
that this block is never reachable but we couldn't prove that.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug tree-optimization/105918] [12/13/14 Regression] Spurious Warray-bounds in std::to_chars since r12-2132-ga110855667782dac
2022-06-10 14:01 [Bug c++/105918] New: Spurious Warray-bounds in std::to_chars ed at catmur dot uk
` (3 preceding siblings ...)
2022-11-29 18:14 ` rguenth at gcc dot gnu.org
@ 2023-05-08 12:24 ` rguenth at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-05-08 12:24 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105918
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|12.3 |12.4
--- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 12.3 is being released, retargeting bugs to GCC 12.4.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-05-08 12:24 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-10 14:01 [Bug c++/105918] New: Spurious Warray-bounds in std::to_chars ed at catmur dot uk
2022-06-21 5:48 ` [Bug tree-optimization/105918] [12/13 Regression] " pinskia at gcc dot gnu.org
2022-07-08 12:34 ` [Bug tree-optimization/105918] [12/13 Regression] Spurious Warray-bounds in std::to_chars since r12-2132-ga110855667782dac marxin at gcc dot gnu.org
2022-07-25 16:03 ` rguenth at gcc dot gnu.org
2022-11-29 18:14 ` rguenth at gcc dot gnu.org
2023-05-08 12:24 ` [Bug tree-optimization/105918] [12/13/14 " rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).