From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id C91613858C53; Fri, 31 Mar 2023 11:36:18 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C91613858C53 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1680262578; bh=cnuY52yQNf+fCD5W5cPbqy92D7EWYI46uuJZlWHY0KQ=; h=From:To:Subject:Date:In-Reply-To:References:From; b=ERN4d5vJ6YKZtav8gj9J7LrWN7SAc8WhEQSawc+X38SQaobtT1waNJ0vip9q95zeN Iv+3r7cR3AKTy3GK6z/Fp/s01QHFfr1f/4rDLeE4AwKaM8ywCBKdCdDnF56Rp1G34+ UgnBkY40N1QQ3awOJcX3d4GEuPujyimW1vHWNQeI= From: "rguenth at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/107087] [12/13 Regression] bits/stl_algobase.h:431: warning: 'void* __builtin_memcpy(void*, const void*, unsigned int)' reading between 8 and 2147483644 bytes from a region of size 4 [-Wstringop-overread] Date: Fri, 31 Mar 2023 11:36:17 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: diagnostic, missed-optimization X-Bugzilla-Severity: normal X-Bugzilla-Who: rguenth at gcc dot gnu.org X-Bugzilla-Status: REOPENED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 12.3 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: short_desc bug_status assigned_to resolution target_milestone Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D107087 Richard Biener changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|[13 Regression] |[12/13 Regression] |bits/stl_algobase.h:431: |bits/stl_algobase.h:431: |warning: 'void* |warning: 'void* |__builtin_memcpy(void*, |__builtin_memcpy(void*, |const void*, unsigned int)' |const void*, unsigned int)' |reading between 8 and |reading between 8 and |2147483644 bytes from a |2147483644 bytes from a |region of size 4 |region of size 4 |[-Wstringop-overread] |[-Wstringop-overread] Status|RESOLVED |REOPENED Assignee|rguenth at gcc dot gnu.org |unassigned at gcc d= ot gnu.org Resolution|FIXED |--- Target Milestone|13.0 |12.3 --- Comment #8 from Richard Biener --- Only comment#1 is fixed, the original testcase is 22_locale/money_get/cons/= 3.cc which still fails with the settings from comment#7 We have [local count: 268328082]: _187 =3D MEM[(struct _Rep *)&_S_empty_rep_storage].D.58774._M_length; _189 =3D MIN_EXPR <_170, _187>; if (_189 !=3D 0) goto ; [50.00%] else goto ; [50.00%] [local count: 134164041]: if (_189 =3D=3D 1) goto ; [34.00%] else goto ; [66.00%] [local count: 45615775]: MEM[(struct char_type *)_172] =3D MEM[(const struct character &)&_S_empty_rep_storage + 12]; goto ; [100.00%] [local count: 88548267]: _173 =3D _189 * 4; __builtin_memcpy (_172, &MEM [(void *)&_S_empty_rep_storage + 12B], _173); // <--- diagnosed [local count: 268328083]: __negative_sign =3D{v} {CLOBBER}; so we know that _173 is [2, +INF] * 4 and that's enough to diagnose the call as we seem to have an idea about the source size (the embedded string length). There's an intervening operator new preventing CSE of the length of the destination and while there's a condition of !=3D &_S_empty_rep_storage control flow converges again before this, so it seems we handle both here. It's incredibly branchy code :/=