[Bug c++/106093] New: [Regression] False positive -Wstringop-overflow with -O3 when resizing std::vector

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug c++/106093] New: [Regression] False positive -Wstringop-overflow with -O3 when resizing std::vector
@ 2022-06-26 21:31 aclopte at gmail dot com
  2023-01-16 10:53 ` [Bug tree-optimization/106093] [12/13 Regression] " rguenth at gcc dot gnu.org
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: aclopte at gmail dot com @ 2022-06-26 21:31 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106093

            Bug ID: 106093
           Summary: [Regression] False positive -Wstringop-overflow with
                    -O3 when resizing std::vector
           Product: gcc
           Version: 12.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: aclopte at gmail dot com
  Target Milestone: ---

Created attachment 53202
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53202&action=edit
preprocessed reproducer

Very similar to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83239 and others.
This one reproduces on 12.1.0 but not on 11.2.0.

cat > repro.cpp << EOF
#include <vector>

template <typename T> struct Allocator {
  using value_type = T;

  Allocator() = default;

  T *allocate(unsigned long n) {
    return reinterpret_cast<T *>(::operator new(sizeof(T) * n));
  }

  void deallocate(T *ptr, unsigned long n) { ::operator delete(ptr); }
};

static std::vector<char, Allocator<char>> m_stream{};
void read_available() {
    m_stream.resize(1);
}
EOF

attached the preprocessed output

$ g++ -std=c++2a repro.cpp -S -O3

In function ‘constexpr decltype (::new(void*(0)) _Tp) std::construct_at(_Tp*,
_Args&& ...) [with _Tp = char; _Args = {char}]’,
    inlined from ‘static constexpr
std::_Require<std::__and_<std::__not_<typename std::allocator_traits<
<template-parameter-1-1> >::__construct_helper<_Tp, _Args>::type>,
std::is_constructible<_Tp, _Args ...> > > std::allocator_traits<
<template-parameter-1-1> >::_S_construct(_Alloc&, _Tp*, _Args&& ...) [with _Tp
= char; _Args = {char}; _Alloc = Allocator<char>]’ at
/usr/include/c++/12.1.0/bits/alloc_traits.h:263:21,
    inlined from ‘static constexpr decltype (std::allocator_traits<
<template-parameter-1-1> >::_S_construct(__a, __p,
(forward<_Args>)(std::allocator_traits< <template-parameter-1-1>
>::construct::__args)...)) std::allocator_traits< <template-parameter-1-1>
>::construct(_Alloc&, _Tp*, _Args&& ...) [with _Tp = char; _Args = {char};
_Alloc = Allocator<char>]’ at
/usr/include/c++/12.1.0/bits/alloc_traits.h:364:16,
    inlined from ‘constexpr void std::__relocate_object_a(_Tp*, _Up*,
_Allocator&) [with _Tp = char; _Up = char; _Allocator = Allocator<char>]’ at
/usr/include/c++/12.1.0/bits/stl_uninitialized.h:1064:26,
    inlined from ‘constexpr _ForwardIterator
std::__relocate_a_1(_InputIterator, _InputIterator, _ForwardIterator,
_Allocator&) [with _InputIterator = char*; _ForwardIterator = char*; _Allocator
= Allocator<char>]’ at
/usr/include/c++/12.1.0/bits/stl_uninitialized.h:1092:26,
    inlined from ‘constexpr _ForwardIterator std::__relocate_a(_InputIterator,
_InputIterator, _ForwardIterator, _Allocator&) [with _InputIterator = char*;
_ForwardIterator = char*; _Allocator = Allocator<char>]’ at
/usr/include/c++/12.1.0/bits/stl_uninitialized.h:1133:33,
    inlined from ‘static constexpr std::vector<_Tp, _Alloc>::pointer
std::vector<_Tp, _Alloc>::_S_relocate(pointer, pointer, pointer,
_Tp_alloc_type&) [with _Tp = char; _Alloc = Allocator<char>]’ at
/usr/include/c++/12.1.0/bits/stl_vector.h:504:26,
    inlined from ‘constexpr void std::vector<_Tp,
_Alloc>::_M_default_append(size_type) [with _Tp = char; _Alloc =
Allocator<char>]’ at /usr/include/c++/12.1.0/bits/vector.tcc:663:16,
    inlined from ‘constexpr void std::vector<_Tp, _Alloc>::resize(size_type)
[with _Tp = char; _Alloc = Allocator<char>]’ at
/usr/include/c++/12.1.0/bits/stl_vector.h:1011:21,
    inlined from ‘void read_available()’ at t/repro/repro.cc:17:20:
/usr/include/c++/12.1.0/bits/stl_construct.h:97:14: warning: writing 8 bytes
into a region of size 1 [-Wstringop-overflow=]
   97 |     { return ::new((void*)__location)
_Tp(std::forward<_Args>(__args)...); }
      |             
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug tree-optimization/106093] [12/13 Regression] False positive -Wstringop-overflow with -O3 when resizing std::vector
  2022-06-26 21:31 [Bug c++/106093] New: [Regression] False positive -Wstringop-overflow with -O3 when resizing std::vector aclopte at gmail dot com
@ 2023-01-16 10:53 ` rguenth at gcc dot gnu.org
  2023-01-16 13:14 ` redi at gcc dot gnu.org
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-01-16 10:53 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106093

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|[Regression] False positive |[12/13 Regression] False
                   |-Wstringop-overflow with    |positive
                   |-O3 when resizing           |-Wstringop-overflow with
                   |std::vector                 |-O3 when resizing
                   |                            |std::vector
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2023-01-16
             Status|UNCONFIRMED                 |NEW
                 CC|                            |jwakely.gcc at gmail dot com
      Known to work|                            |11.3.0
           Priority|P3                          |P2
   Target Milestone|---                         |12.3

--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
Confirmed.

(gdb) p debug_gimple_stmt (stmt)
# .MEM_120 = VDEF <.MEM_81>
MEM <vector(8) char> [(char *)vectp.79_117] = vect__18.77_116;

it's possibly a missed optimization for the vectorizer introduced compute
of the number of iterations.  We have

<bb 7> [local count: 58465242]:
_23 = operator new (1);
*_23 = 0;
__cur_29 = _23 + 1;
if (_3 != _4)
  goto <bb 8>; [89.00%]

<bb 8> [local count: 52034065]:
_15 = (unsigned long) _3;
_38 = (unsigned long) _4;
_36 = _15 - _38;
_54 = _36 + 18446744073709551615;
_10 = _54 > 6;
if (_10 != 0)
  goto <bb 9>; [64.00%]

so we allocate 1 byte but then compute the iteration as difference from _4 and
_3 which are computed from

_3 = m_stream.D.31893._M_impl.D.31166._M_finish;
_4 = m_stream.D.31893._M_impl.D.31166._M_start;

in particular the new allocated storage is processed but the old size is used?!

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug tree-optimization/106093] [12/13 Regression] False positive -Wstringop-overflow with -O3 when resizing std::vector
  2022-06-26 21:31 [Bug c++/106093] New: [Regression] False positive -Wstringop-overflow with -O3 when resizing std::vector aclopte at gmail dot com
  2023-01-16 10:53 ` [Bug tree-optimization/106093] [12/13 Regression] " rguenth at gcc dot gnu.org
@ 2023-01-16 13:14 ` redi at gcc dot gnu.org
  2023-01-16 13:17 ` redi at gcc dot gnu.org
  2023-05-08 12:24 ` [Bug tree-optimization/106093] [12/13/14 " rguenth at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: redi at gcc dot gnu.org @ 2023-01-16 13:14 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106093

--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to Richard Biener from comment #1)
> in particular the new allocated storage is processed but the old size is
> used?!

Yes, that seems correct.

We're resizing the vector from N to N+1 (where N happens to be 0). The new size
is greater than the existing capacity, so we allocate N+1 elements, then copy
the existing N elements into the new storage (which uses old_finish -
old_start).

Afterwards, we would actually construct the new element in the new storage, but
the warning happens while just copying the elements from the old storage to the
new.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug tree-optimization/106093] [12/13 Regression] False positive -Wstringop-overflow with -O3 when resizing std::vector
  2022-06-26 21:31 [Bug c++/106093] New: [Regression] False positive -Wstringop-overflow with -O3 when resizing std::vector aclopte at gmail dot com
  2023-01-16 10:53 ` [Bug tree-optimization/106093] [12/13 Regression] " rguenth at gcc dot gnu.org
  2023-01-16 13:14 ` redi at gcc dot gnu.org
@ 2023-01-16 13:17 ` redi at gcc dot gnu.org
  2023-05-08 12:24 ` [Bug tree-optimization/106093] [12/13/14 " rguenth at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: redi at gcc dot gnu.org @ 2023-01-16 13:17 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106093

--- Comment #3 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to Jonathan Wakely from comment #2)
> Afterwards, we would actually construct the new element in the new storage,
> but the warning happens while just copying the elements from the old storage
> to the new.

Actually we already created the new element first (vector.tcc:668) and then we
copy the old elements (vector.tcc:676).

Either way, it's correct that the loop copying the old elements uses the old
size.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug tree-optimization/106093] [12/13/14 Regression] False positive -Wstringop-overflow with -O3 when resizing std::vector
  2022-06-26 21:31 [Bug c++/106093] New: [Regression] False positive -Wstringop-overflow with -O3 when resizing std::vector aclopte at gmail dot com
                   ` (2 preceding siblings ...)
  2023-01-16 13:17 ` redi at gcc dot gnu.org
@ 2023-05-08 12:24 ` rguenth at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-05-08 12:24 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106093

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|12.3                        |12.4

--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 12.3 is being released, retargeting bugs to GCC 12.4.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-05-08 12:24 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-26 21:31 [Bug c++/106093] New: [Regression] False positive -Wstringop-overflow with -O3 when resizing std::vector aclopte at gmail dot com
2023-01-16 10:53 ` [Bug tree-optimization/106093] [12/13 Regression] " rguenth at gcc dot gnu.org
2023-01-16 13:14 ` redi at gcc dot gnu.org
2023-01-16 13:17 ` redi at gcc dot gnu.org
2023-05-08 12:24 ` [Bug tree-optimization/106093] [12/13/14 " rguenth at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).