[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "msebor at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop
Date: Fri, 26 Aug 2022 19:21:26 +0000	[thread overview]
Message-ID: <bug-106757-4-dTqy4VqIRv@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-106757-4@http.gcc.gnu.org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|                            |2022-08-26
             Blocks|                            |88443
                 CC|                            |msebor at gcc dot gnu.org
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW
            Summary|[12/13 Regression]          |[12/13 Regression]
                   |Incorrect "writing 1 byte   |Incorrect "writing 1 byte
                   |into a region of size 0"    |into a region of size 0" on
                   |warning                     |a vectorized loop

--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
GCC unrolls the loop, and GCC 12 also vectorizes it.  The combination of the
two isolates stores from the loop that are out of bounds but that GCC cannot
prove cannot happen: it has no insight into what value pqr_mbc_len() might
return and if it's 5 or more the code would indeed write past the end.  The
warning just points it out.  To "fix" this the unroller could use the bounds of
the destination array to avoid emitting code for iterations of the loop that
end up accessing objects outside their bounds (there already is logic that does
that, controlled by the -faggressive-loop-optimizations option).  Until then,
if the function is guaranteed to return a value between 0 and 4 then adding the
following assertion both avoids the warning and improves the emitted code.

        if (len < 0 || MBC_MAX < len)
          __builtin_unreachable ();

The invalid stores can be seen in the IL output by the
-fdump-tree-strlen=/dev/stdout developer option:

  <bb 7> [local count: 76354976]:
  bnd.6_47 = _26 >> 2;
  vect__3.11_53 = MEM <vector(4) char> [(char *)mbs_22];
  MEM <vector(4) char> [(char *)&tmpchar] = vect__3.11_53;
  vectp_mbs.9_52 = mbs_22 + 4;
  niters_vector_mult_vf.7_48 = bnd.6_47 << 2;
  tmp.8_49 = (int) niters_vector_mult_vf.7_48;
  if (_26 == niters_vector_mult_vf.7_48)
    goto <bb 15>; [25.00%]
  else
    goto <bb 8>; [75.00%]

  <bb 8> [local count: 57266232]:
  _75 = (sizetype) tmp.8_49;
  _76 = vectp_mbs.9_52;
  _77 = MEM[(char *)vectp_mbs.9_52];
  tmpchar[tmp.8_49] = _77;   <<< -Wstringop-overflow
  k_79 = tmp.8_49 + 1;
  if (len_12 > 5)
    goto <bb 9>; [80.00%]
  else
    goto <bb 15>; [20.00%]

  <bb 9> [local count: 45812986]:
  _82 = 5;
  _83 = mbs_22 + 5;
  _84 = *_83;
  tmpchar[5] = _84;          <<< -Wstringop-overflow
  k_86 = tmp.8_49 + 2;
  if (len_12 > k_86)
    goto <bb 10>; [80.00%]
  else
    goto <bb 15>; [20.00%]


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88443
[Bug 88443] [meta-bug] bogus/missing -Wstringop-overflow warnings

next prev parent reply	other threads:[~2022-08-26 19:21 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-26 18:32 [Bug c/106757] New: Incorrect "writing 1 byte into a region of size 0" warning jonathan.leffler at gmail dot com
2022-08-26 18:37 ` [Bug tree-optimization/106757] [12/13 Regression] " pinskia at gcc dot gnu.org
2022-08-26 19:21 ` msebor at gcc dot gnu.org [this message]
2022-08-29  8:26 ` [Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop rguenth at gcc dot gnu.org
2022-10-03 23:12 ` bergner at gcc dot gnu.org
2022-10-19  7:05 ` rguenth at gcc dot gnu.org
2022-12-05 20:35 ` rguenth at gcc dot gnu.org
2023-05-08 12:25 ` [Bug tree-optimization/106757] [12/13/14 " rguenth at gcc dot gnu.org
2024-03-15  1:08 ` [Bug tree-optimization/106757] [12/13 " law at gcc dot gnu.org
2024-05-26  2:59 ` jonathan.leffler at gmail dot com
2024-05-26  3:13 ` jonathan.leffler at gmail dot com
2024-05-26  5:32 ` jonathan.leffler at gmail dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-106757-4-dTqy4VqIRv@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).