From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 9C0563851162; Fri, 26 Aug 2022 19:21:27 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9C0563851162 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1661541687; bh=GmB6A76Dy680fP2U7FUF4qnpDktBydmbYDv3S+wStn8=; h=From:To:Subject:Date:In-Reply-To:References:From; b=PKRucsLKhBfhUIm5lNMbcOk8VugvfASlOUrj2oHUEYV8z9xnOP7IhJPrU7MaVkBGO wov19VqKfmOdbv6Foz8vyvz4vtzfBTHaNkUsR0a2MxLj2lwtA/FO8JUE7KYb0G54JO o9uzLuG00tDTdn/5FKZ+OWt+oQ2JhEq6V4yt5vUo= From: "msebor at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop Date: Fri, 26 Aug 2022 19:21:26 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 12.2.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: msebor at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 12.3 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cf_reconfirmed_on blocked cc everconfirmed bug_status short_desc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D106757 Martin Sebor changed: What |Removed |Added ---------------------------------------------------------------------------- Last reconfirmed| |2022-08-26 Blocks| |88443 CC| |msebor at gcc dot gnu.org Ever confirmed|0 |1 Status|UNCONFIRMED |NEW Summary|[12/13 Regression] |[12/13 Regression] |Incorrect "writing 1 byte |Incorrect "writing 1 byte |into a region of size 0" |into a region of size 0" on |warning |a vectorized loop --- Comment #1 from Martin Sebor --- GCC unrolls the loop, and GCC 12 also vectorizes it. The combination of the two isolates stores from the loop that are out of bounds but that GCC cannot prove cannot happen: it has no insight into what value pqr_mbc_len() might return and if it's 5 or more the code would indeed write past the end. The warning just points it out. To "fix" this the unroller could use the bound= s of the destination array to avoid emitting code for iterations of the loop that end up accessing objects outside their bounds (there already is logic that = does that, controlled by the -faggressive-loop-optimizations option). Until the= n, if the function is guaranteed to return a value between 0 and 4 then adding= the following assertion both avoids the warning and improves the emitted code. if (len < 0 || MBC_MAX < len) __builtin_unreachable (); The invalid stores can be seen in the IL output by the -fdump-tree-strlen=3D/dev/stdout developer option: [local count: 76354976]: bnd.6_47 =3D _26 >> 2; vect__3.11_53 =3D MEM [(char *)mbs_22]; MEM [(char *)&tmpchar] =3D vect__3.11_53; vectp_mbs.9_52 =3D mbs_22 + 4; niters_vector_mult_vf.7_48 =3D bnd.6_47 << 2; tmp.8_49 =3D (int) niters_vector_mult_vf.7_48; if (_26 =3D=3D niters_vector_mult_vf.7_48) goto ; [25.00%] else goto ; [75.00%] [local count: 57266232]: _75 =3D (sizetype) tmp.8_49; _76 =3D vectp_mbs.9_52; _77 =3D MEM[(char *)vectp_mbs.9_52]; tmpchar[tmp.8_49] =3D _77; <<< -Wstringop-overflow k_79 =3D tmp.8_49 + 1; if (len_12 > 5) goto ; [80.00%] else goto ; [20.00%] [local count: 45812986]: _82 =3D 5; _83 =3D mbs_22 + 5; _84 =3D *_83; tmpchar[5] =3D _84; <<< -Wstringop-overflow k_86 =3D tmp.8_49 + 2; if (len_12 > k_86) goto ; [80.00%] else goto ; [20.00%] Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D88443 [Bug 88443] [meta-bug] bogus/missing -Wstringop-overflow warnings=