public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "aldyh at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/107561] [13 Regression] g++.dg/pr71488.C and [g++.dg/warn/Warray-bounds-16.C -m32] regression due to -Wstringop-overflow problem Date: Mon, 27 Feb 2023 16:16:24 +0000 [thread overview] Message-ID: <bug-107561-4-LSI4s7uk5z@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-107561-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107561 --- Comment #14 from Aldy Hernandez <aldyh at gcc dot gnu.org> --- (In reply to Richard Biener from comment #11) > So I've missed the VR_ANTI_RANGE handling in get_size_range where we run into > > wide_int maxsize = wi::to_wide (max_object_size ()); > min = wide_int::from (min, maxsize.get_precision (), UNSIGNED); > max = wide_int::from (max, maxsize.get_precision (), UNSIGNED); > if (wi::eq_p (0, min - 1)) > { > /* EXP is unsigned and not in the range [1, MAX]. That means > it's either zero or greater than MAX. Even though 0 would > normally be detected by -Walloc-zero, unless ALLOW_ZERO > is set, set the range to [MAX, TYPE_MAX] so that when MAX > is greater than the limit the whole range is diagnosed. */ > wide_int maxsize = wi::to_wide (max_object_size ()); > if (flags & SR_ALLOW_ZERO) > { > if (wi::leu_p (maxsize, max + 1) > || !(flags & SR_USE_LARGEST)) > min = max = wi::zero (expprec); > else > { > min = max + 1; > max = wi::to_wide (TYPE_MAX_VALUE (exptype)); > } > } > else > { > min = max + 1; > max = wi::to_wide (TYPE_MAX_VALUE (exptype)); > } > > and from [0,0] [8, +INF] pick [8, +INF] based on the comments reasoning. Ughh, you're reaching all the problematic cases I ran into while trying to remove legacy. > > This all wouldn't happen if we'd be able to CSE the zero size ... > > We can now try to put additional heuristic ontop of the above heuristic, > namely when the object we write to is of size zero set SR_ALLOW_ZERO. > Or try to "undo" the multiplication trick which would probably make us > end up with VARYING. > > I'll note that with the earlier proposed change we regress the following, > that's an observation I make a lot of times - all "weirdness" in the code > is backed by (artificial) testcases verifying it works exactly as coded ... +1 > > FAIL: gcc.dg/Wstringop-overflow-15.c pr82608 (test for warnings, line 37) > FAIL: gcc.dg/Wstringop-overflow-15.c pr82608 (test for warnings, line 38) > FAIL: gcc.dg/Wstringop-overflow-15.c pr82608 (test for warnings, line 69) > FAIL: gcc.dg/Wstringop-overflow-15.c pr82608 (test for warnings, line 70) > FAIL: gcc.dg/Wstringop-overflow-56.c (test for warnings, line 64) > FAIL: gcc.dg/Wstringop-overflow-56.c (test for warnings, line 75) > FAIL: gcc.dg/Wstringop-overflow-56.c (test for warnings, line 86) > FAIL: gcc.dg/Wstringop-overflow-56.c (test for warnings, line 97) > FAIL: gcc.dg/Wstringop-overflow-56.c (test for warnings, line 108) > FAIL: gcc.dg/Wstringop-overflow-56.c (test for warnings, line 148) > FAIL: gcc.dg/Wstringop-overflow-56.c (test for warnings, line 159) > FAIL: gcc.dg/attr-alloc_size-11.c (test for warnings, line 52) > FAIL: gcc.dg/attr-alloc_size-11.c (test for warnings, line 53) > FAIL: gcc.dg/attr-alloc_size-11.c (test for warnings, line 54) > FAIL: gcc.dg/attr-alloc_size-11.c (test for warnings, line 55) > FAIL: gcc.dg/attr-alloc_size-11.c (test for warnings, line 56) > FAIL: gcc.dg/attr-alloc_size-11.c (test for warnings, line 57) > FAIL: gcc.dg/attr-alloc_size-11.c (test for warnings, line 58) > FAIL: gcc.dg/attr-alloc_size-11.c (test for warnings, line 64) > FAIL: gcc.dg/attr-alloc_size-11.c (test for warnings, line 65) > FAIL: gcc.dg/attr-alloc_size-3.c (test for warnings, line 438) > FAIL: gcc.dg/attr-alloc_size-4.c (test for warnings, line 138) > FAIL: gcc.dg/attr-alloc_size-4.c (test for warnings, line 143) > FAIL: gcc.dg/attr-alloc_size-4.c (test for warnings, line 187) > FAIL: gcc.dg/pr98721-1.c (test for warnings, line 11) > FAIL: gcc.dg/pr98721-1.c (test for warnings, line 12) > > For example gcc.dg/pr98721-1.c has > > int > foo (int n) > { > if (n <= 0) > { > char vla[n]; /* { dg-message "source object 'vla' > of size 0" } */ > return __builtin_strlen (vla); /* { dg-warning "'__builtin_strlen' > reading 1 or more bytes from a region of size 0" } */ > > but of course we do not diagnose > > int > foo (int n) > { > if (n < 0) > { > char vla[n]; > > or when no condition is present or a n > 32 condition is present. Yup, ran into that too. > > I fear it's not possible to "fix" this testcase without changing the > expectation on a bunch of other testcases. But the messaging to the > user is quite unhelpful because it doesn't actually inform him about > above reasoning. Agreed.
next prev parent reply other threads:[~2023-02-27 16:16 UTC|newest] Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-11-07 20:06 [Bug tree-optimization/107561] New: g++.dg/pr17488.C " aldyh at gcc dot gnu.org 2022-11-07 20:10 ` [Bug tree-optimization/107561] [13 Regression] " pinskia at gcc dot gnu.org 2022-11-08 8:31 ` aldyh at gcc dot gnu.org 2022-11-08 8:48 ` [Bug tree-optimization/107561] [13 Regression] g++.dg/pr17488.C and [g++.dg/warn/Warray-bounds-16.C -m32] " aldyh at gcc dot gnu.org 2022-11-08 9:34 ` rguenth at gcc dot gnu.org 2022-11-08 13:43 ` aldyh at gcc dot gnu.org 2022-11-08 18:27 ` pinskia at gcc dot gnu.org 2022-12-14 15:43 ` [Bug tree-optimization/107561] [13 Regression] g++.dg/pr71488.C " danglin at gcc dot gnu.org 2023-01-13 12:42 ` rguenth at gcc dot gnu.org 2023-02-02 18:53 ` hp at gcc dot gnu.org 2023-02-02 21:03 ` hp at gcc dot gnu.org 2023-02-10 0:42 ` cvs-commit at gcc dot gnu.org 2023-02-27 9:56 ` rguenth at gcc dot gnu.org 2023-02-27 11:18 ` rguenth at gcc dot gnu.org 2023-02-27 12:49 ` rguenth at gcc dot gnu.org 2023-02-27 13:45 ` aldyh at gcc dot gnu.org 2023-02-27 14:38 ` redi at gcc dot gnu.org 2023-02-27 16:16 ` aldyh at gcc dot gnu.org [this message] 2023-03-01 14:22 ` rguenth at gcc dot gnu.org 2023-03-01 14:34 ` jakub at gcc dot gnu.org 2023-03-01 14:38 ` rguenth at gcc dot gnu.org 2023-03-01 14:55 ` jakub at gcc dot gnu.org 2023-03-01 14:57 ` jakub at gcc dot gnu.org 2023-03-01 15:55 ` redi at gcc dot gnu.org 2023-03-02 7:51 ` rguenth at gcc dot gnu.org 2023-03-02 7:53 ` rguenth at gcc dot gnu.org 2023-03-29 11:38 ` rguenth at gcc dot gnu.org 2023-03-29 11:41 ` rguenth at gcc dot gnu.org 2023-03-30 11:16 ` cvs-commit at gcc dot gnu.org 2023-03-30 11:17 ` rguenth at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-107561-4-LSI4s7uk5z@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).