[Bug tree-optimization/107852] New: Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[Bug tree-optimization/107852] New: Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[cuzdav at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

            Bug ID: 107852
           Summary: Spurious warnings stringop-overflow and array-bounds
                    copying data as bytes into vector
           Product: gcc
           Version: 12.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: cuzdav at gmail dot com
  Target Milestone: ---

Created attachment 53957
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53957&action=edit
preprocessed source code, if that's useful.

Starting with gcc 12 and continuing into the current trunk, with optimizations
enabled, the compiler emits warnings from static analysis regarding copying
data internal to the vector class, both on Compiler Explorer, and on my local
linux box running Centos9.

Options: g++ warnings.cpp -Werror -O2 -Warray-bounds 

Code:

    #include <vector>
    std::vector<char> bytes;
    int value{};

    void copyValueBytes() {
        bytes.clear();
        auto ptr = reinterpret_cast<const char *>(&value);
        bytes.insert(bytes.end(), ptr, ptr + sizeof(value));
    }

https://godbolt.org/z/MfjM9xKjP

Observations:
* if I don't clear() the vector first, it does not report any errors
* if I call bytes.resize(0) it reports the same output
* if I call bytes.resize(1) it compiles cleanly
* if I use a std::deque instead of a vector, it compiles cleanly

A reinterpret_cast always is eye-raising, but I think this is a valid use since
its address is casted to a char*, a compatible type.

Output:

In file included from
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/vector:60,
                 from <source>:1:
In static member function 'static _Tp* std::__copy_move<_IsMove, true,
std::random_access_iterator_tag>::__copy_m(const _Tp*, const _Tp*, _Tp*) [with
_Tp = char; bool _IsMove = true]',
    inlined from '_OI std::__copy_move_a2(_II, _II, _OI) [with bool _IsMove =
true; _II = char*; _OI = char*]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_algobase.h:495:30,
    inlined from '_OI std::__copy_move_a1(_II, _II, _OI) [with bool _IsMove =
true; _II = char*; _OI = char*]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_algobase.h:522:42,
    inlined from '_OI std::__copy_move_a(_II, _II, _OI) [with bool _IsMove =
true; _II = char*; _OI = char*]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_algobase.h:529:31,
    inlined from '_OI std::copy(_II, _II, _OI) [with _II =
move_iterator<char*>; _OI = char*]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_algobase.h:620:7,
    inlined from 'static _ForwardIterator
std::__uninitialized_copy<true>::__uninit_copy(_InputIterator, _InputIterator,
_ForwardIterator) [with _InputIterator = std::move_iterator<char*>;
_ForwardIterator = char*]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_uninitialized.h:147:27,
    inlined from '_ForwardIterator std::uninitialized_copy(_InputIterator,
_InputIterator, _ForwardIterator) [with _InputIterator = move_iterator<char*>;
_ForwardIterator = char*]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_uninitialized.h:185:15,
    inlined from '_ForwardIterator std::__uninitialized_copy_a(_InputIterator,
_InputIterator, _ForwardIterator, allocator<_Tp>&) [with _InputIterator =
move_iterator<char*>; _ForwardIterator = char*; _Tp = char]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_uninitialized.h:372:37,
    inlined from '_ForwardIterator
std::__uninitialized_move_if_noexcept_a(_InputIterator, _InputIterator,
_ForwardIterator, _Allocator&) [with _InputIterator = char*; _ForwardIterator =
char*; _Allocator = allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_uninitialized.h:397:2,
    inlined from 'void std::vector<_Tp, _Alloc>::_M_range_insert(iterator,
_ForwardIterator, _ForwardIterator, std::forward_iterator_tag) [with
_ForwardIterator = const char*; _Tp = char; _Alloc = std::allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/vector.tcc:801:9,
    inlined from 'void std::vector<_Tp, _Alloc>::_M_insert_dispatch(iterator,
_InputIterator, _InputIterator, std::__false_type) [with _InputIterator = const
char*; _Tp = char; _Alloc = std::allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_vector.h:1779:19,
    inlined from 'std::vector<_Tp, _Alloc>::iterator std::vector<_Tp,
_Alloc>::insert(const_iterator, _InputIterator, _InputIterator) [with
_InputIterator = const char*; <template-parameter-2-2> = void; _Tp = char;
_Alloc = std::allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_vector.h:1481:22,
    inlined from 'void copyValueBytes()' at <source>:9:17:
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_algobase.h:431:30:
error: 'void* __builtin_memcpy(void*, const void*, long unsigned int)' offset 4
is out of the bounds [0, 4] [-Werror=array-bounds]
  431 |             __builtin_memmove(__result, __first, sizeof(_Tp) * _Num);
      |             ~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_algobase.h:431:30:
error: 'void* __builtin_memcpy(void*, const void*, long unsigned int)' writing
1 or more bytes into a region of size 0 overflows the destination
[-Werror=stringop-overflow=]
In file included from
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/x86_64-linux-gnu/bits/c++allocator.h:33,
                 from
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/allocator.h:46,
                 from
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/vector:61:
In member function '_Tp* std::__new_allocator<_Tp>::allocate(size_type, const
void*) [with _Tp = char]',
    inlined from 'static _Tp* std::allocator_traits<std::allocator<_Tp1>
>::allocate(allocator_type&, size_type) [with _Tp = char]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/alloc_traits.h:464:28,
    inlined from 'std::_Vector_base<_Tp, _Alloc>::pointer
std::_Vector_base<_Tp, _Alloc>::_M_allocate(std::size_t) [with _Tp = char;
_Alloc = std::allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_vector.h:378:33,
    inlined from 'void std::vector<_Tp, _Alloc>::_M_range_insert(iterator,
_ForwardIterator, _ForwardIterator, std::forward_iterator_tag) [with
_ForwardIterator = const char*; _Tp = char; _Alloc = std::allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/vector.tcc:787:40,
    inlined from 'void std::vector<_Tp, _Alloc>::_M_insert_dispatch(iterator,
_InputIterator, _InputIterator, std::__false_type) [with _InputIterator = const
char*; _Tp = char; _Alloc = std::allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_vector.h:1779:19,
    inlined from 'std::vector<_Tp, _Alloc>::iterator std::vector<_Tp,
_Alloc>::insert(const_iterator, _InputIterator, _InputIterator) [with
_InputIterator = const char*; <template-parameter-2-2> = void; _Tp = char;
_Alloc = std::allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_vector.h:1481:22,
    inlined from 'void copyValueBytes()' at <source>:9:17:
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/new_allocator.h:137:55:
note: at offset [5, 8] into destination object of size 4 allocated by 'operator
new'
  137 |         return static_cast<_Tp*>(_GLIBCXX_OPERATOR_NEW(__n *
sizeof(_Tp)));
      |                                                       ^
cc1plus: all warnings being treated as errors
ASM generation compiler returned: 1
In file included from
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/vector:60,
                 from <source>:1:
In static member function 'static _Tp* std::__copy_move<_IsMove, true,
std::random_access_iterator_tag>::__copy_m(const _Tp*, const _Tp*, _Tp*) [with
_Tp = char; bool _IsMove = true]',
    inlined from '_OI std::__copy_move_a2(_II, _II, _OI) [with bool _IsMove =
true; _II = char*; _OI = char*]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_algobase.h:495:30,
    inlined from '_OI std::__copy_move_a1(_II, _II, _OI) [with bool _IsMove =
true; _II = char*; _OI = char*]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_algobase.h:522:42,
    inlined from '_OI std::__copy_move_a(_II, _II, _OI) [with bool _IsMove =
true; _II = char*; _OI = char*]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_algobase.h:529:31,
    inlined from '_OI std::copy(_II, _II, _OI) [with _II =
move_iterator<char*>; _OI = char*]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_algobase.h:620:7,
    inlined from 'static _ForwardIterator
std::__uninitialized_copy<true>::__uninit_copy(_InputIterator, _InputIterator,
_ForwardIterator) [with _InputIterator = std::move_iterator<char*>;
_ForwardIterator = char*]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_uninitialized.h:147:27,
    inlined from '_ForwardIterator std::uninitialized_copy(_InputIterator,
_InputIterator, _ForwardIterator) [with _InputIterator = move_iterator<char*>;
_ForwardIterator = char*]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_uninitialized.h:185:15,
    inlined from '_ForwardIterator std::__uninitialized_copy_a(_InputIterator,
_InputIterator, _ForwardIterator, allocator<_Tp>&) [with _InputIterator =
move_iterator<char*>; _ForwardIterator = char*; _Tp = char]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_uninitialized.h:372:37,
    inlined from '_ForwardIterator
std::__uninitialized_move_if_noexcept_a(_InputIterator, _InputIterator,
_ForwardIterator, _Allocator&) [with _InputIterator = char*; _ForwardIterator =
char*; _Allocator = allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_uninitialized.h:397:2,
    inlined from 'void std::vector<_Tp, _Alloc>::_M_range_insert(iterator,
_ForwardIterator, _ForwardIterator, std::forward_iterator_tag) [with
_ForwardIterator = const char*; _Tp = char; _Alloc = std::allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/vector.tcc:801:9,
    inlined from 'void std::vector<_Tp, _Alloc>::_M_insert_dispatch(iterator,
_InputIterator, _InputIterator, std::__false_type) [with _InputIterator = const
char*; _Tp = char; _Alloc = std::allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_vector.h:1779:19,
    inlined from 'std::vector<_Tp, _Alloc>::iterator std::vector<_Tp,
_Alloc>::insert(const_iterator, _InputIterator, _InputIterator) [with
_InputIterator = const char*; <template-parameter-2-2> = void; _Tp = char;
_Alloc = std::allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_vector.h:1481:22,
    inlined from 'void copyValueBytes()' at <source>:9:17:
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_algobase.h:431:30:
error: 'void* __builtin_memcpy(void*, const void*, long unsigned int)' offset 4
is out of the bounds [0, 4] [-Werror=array-bounds]
  431 |             __builtin_memmove(__result, __first, sizeof(_Tp) * _Num);
      |             ~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_algobase.h:431:30:
error: 'void* __builtin_memcpy(void*, const void*, long unsigned int)' writing
1 or more bytes into a region of size 0 overflows the destination
[-Werror=stringop-overflow=]
In file included from
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/x86_64-linux-gnu/bits/c++allocator.h:33,
                 from
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/allocator.h:46,
                 from
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/vector:61:
In member function '_Tp* std::__new_allocator<_Tp>::allocate(size_type, const
void*) [with _Tp = char]',
    inlined from 'static _Tp* std::allocator_traits<std::allocator<_Tp1>
>::allocate(allocator_type&, size_type) [with _Tp = char]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/alloc_traits.h:464:28,
    inlined from 'std::_Vector_base<_Tp, _Alloc>::pointer
std::_Vector_base<_Tp, _Alloc>::_M_allocate(std::size_t) [with _Tp = char;
_Alloc = std::allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_vector.h:378:33,
    inlined from 'void std::vector<_Tp, _Alloc>::_M_range_insert(iterator,
_ForwardIterator, _ForwardIterator, std::forward_iterator_tag) [with
_ForwardIterator = const char*; _Tp = char; _Alloc = std::allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/vector.tcc:787:40,
    inlined from 'void std::vector<_Tp, _Alloc>::_M_insert_dispatch(iterator,
_InputIterator, _InputIterator, std::__false_type) [with _InputIterator = const
char*; _Tp = char; _Alloc = std::allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_vector.h:1779:19,
    inlined from 'std::vector<_Tp, _Alloc>::iterator std::vector<_Tp,
_Alloc>::insert(const_iterator, _InputIterator, _InputIterator) [with
_InputIterator = const char*; <template-parameter-2-2> = void; _Tp = char;
_Alloc = std::allocator<char>]' at
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/stl_vector.h:1481:22,
    inlined from 'void copyValueBytes()' at <source>:9:17:
/opt/compiler-explorer/gcc-12.2.0/include/c++/12.2.0/bits/new_allocator.h:137:55:
note: at offset [5, 8] into destination object of size 4 allocated by 'operator
new'
  137 |         return static_cast<_Tp*>(_GLIBCXX_OPERATOR_NEW(__n *
sizeof(_Tp)));
      |                                                       ^
cc1plus: all warnings being treated as errors
Execution build compiler returned: 1

[Bug tree-optimization/107852] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
There might be other bugs which are very similar too ...

[Bug tree-optimization/107852] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |https://gcc.gnu.org/bugzill
                   |                            |a/show_bug.cgi?id=100366

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
PR 100366 looks almost the same here.

[Bug tree-optimization/107852] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
Most likely the diagnostic code is mis-interpreting pointer types.

[Bug tree-optimization/107852] [12/13 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |12.3
            Summary|Spurious warnings           |[12/13 Regression] Spurious
                   |stringop-overflow and       |warnings stringop-overflow
                   |array-bounds copying data   |and array-bounds copying
                   |as bytes into vector        |data as bytes into vector

[Bug tree-optimization/107852] [12/13 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2022-11-29
     Ever confirmed|0                           |1
           Keywords|                            |missed-optimization

--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
The array bound diagnostic happens on

__builtin_memcpy (_48, _137, _Num.12_51);

where we have

_89 = operator new (4);
_48 = _89 + 4;

so the destination has no space left, thus _Num.12_51 must be zero but the
actual guard of the memcpy is:

if (_Num_50 != 0)
  goto <bb 11>; [33.00%]
else
  goto <bb 12>; [67.00%]

<bb 11> [local count: 72751929]:
_Num.12_51 = (long unsigned int) _Num_50;
__builtin_memcpy (_48, _137, _Num.12_51);

so the value-range of that is known > 0.  There's a missed optimization:

<bb 2> [local count: 1073741824]:
_5 = bytes.D.25336._M_impl.D.24643._M_start;
_6 = bytes.D.25336._M_impl.D.24643._M_finish;
pretmp_66 = bytes.D.25336._M_impl.D.24643._M_end_of_storage;
if (_5 != _6)
  goto <bb 3>; [70.00%]
else
  goto <bb 4>; [30.00%]

...

<bb 6> [local count: 329045359]:
# _137 = PHI <_6(4), _5(3)>
_89 = operator new (4);
_43 = bytes.D.25336._M_impl.D.24643._M_start;
_Num_44 = _137 - _43;
if (_Num_44 != 0)
  goto <bb 7>; [33.00%]
else
  goto <bb 9>; [67.00%]

here we could see that _137 is equal to _5 and thus _Num_44 is zero (not
sure why _43 was not yet CSEd to _5 here, supposedly this is exposed too
late for the last FRE?).  Knowing this would make the memcpy unreachable.
So there's some std::__throw_length_error unresolved still which
clobbers 'bytes'.

I have a patch to elide the PHI node but the issue with
bytes.D.25336._M_impl.D.24643._M_start not CSEd remains, it's in this
case possibly clobbered by operator new (4).

There's the possible option to avoid re-loading from 'this' in the
involved(?) std::vector implementation (vector.tcc around line 800
which is where eventually the operator new originates from).  IIRC we
removed an optimization that 'new' cannot clobber global memory because
of correctness issues recently.

[Bug libstdc++/107852] [12/13 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|tree-optimization           |libstdc++

--- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> ---
I'm testing a patch for the tree optimization issue (the redundant PHI), the
operator new issue is a libstdc++ issue.

[Bug libstdc++/107852] [12/13 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

--- Comment #6 from Jonathan Wakely <redi at gcc dot gnu.org> ---
As Martin S. suggested a few times, it would be nice if we had an attribute or
something that could say that no members of 'this' are clobbered like that. It
would be UB for the vector's allocator (whether it's using operator new or
malloc or something else) to re-enter any of the vector's member functions
while in the middle of resizing it.

Or maybe some kind of pragma that says that for the duration of the current
scope, the 'this' pointer should be assumed to be unreachable to global
functions (such as operator new). Something like "#pragma GCC unescape(this)"

[Bug libstdc++/107852] [12/13 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

--- Comment #7 from Richard Biener <rguenth at gcc dot gnu.org> ---
Ontop of the patch I am testing the following fixes the diagnostics:

diff --git a/libstdc++-v3/include/bits/vector.tcc
b/libstdc++-v3/include/bits/vector.tcc
index 33faabf2eae..aab87b94882 100644
--- a/libstdc++-v3/include/bits/vector.tcc
+++ b/libstdc++-v3/include/bits/vector.tcc
@@ -784,13 +784,15 @@ _GLIBCXX_BEGIN_NAMESPACE_CONTAINER
              {
                const size_type __len =
                  _M_check_len(__n, "vector::_M_range_insert");
+               pointer __tem = this->_M_impl._M_start;
+               pointer __tem2 = this->_M_impl._M_finish;
                pointer __new_start(this->_M_allocate(__len));
                pointer __new_finish(__new_start);
                __try
                  {
                    __new_finish
                      = std::__uninitialized_move_if_noexcept_a
-                     (this->_M_impl._M_start, __position.base(),
+                     (__tem, __position.base(),
                       __new_start, _M_get_Tp_allocator());
                    __new_finish
                      = std::__uninitialized_copy_a(__first, __last,
@@ -798,7 +800,7 @@ _GLIBCXX_BEGIN_NAMESPACE_CONTAINER
                                                    _M_get_Tp_allocator());
                    __new_finish
                      = std::__uninitialized_move_if_noexcept_a
-                     (__position.base(), this->_M_impl._M_finish,
+                     (__position.base(), __tem2,
                       __new_finish, _M_get_Tp_allocator());
                  }
                __catch(...)

[Bug libstdc++/107852] [12/13 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

--- Comment #8 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Richard Biener <rguenth@gcc.gnu.org>:

https://gcc.gnu.org/g:fd8dd6c0384969170e594be34da278a072d5eb76

commit r13-4389-gfd8dd6c0384969170e594be34da278a072d5eb76
Author: Richard Biener <rguenther@suse.de>
Date:   Tue Nov 29 12:56:22 2022 +0100

    tree-optimization/107852 - missed optimization with PHIs

    The following deals with the situation where we have

    <bb 2> [local count: 1073741824]:
    _5 = bytes.D.25336._M_impl.D.24643._M_start;
    _6 = bytes.D.25336._M_impl.D.24643._M_finish;
    pretmp_66 = bytes.D.25336._M_impl.D.24643._M_end_of_storage;
    if (_5 != _6)
      goto <bb 3>; [70.00%]
    else
      goto <bb 4>; [30.00%]

    ...

    <bb 6> [local count: 329045359]:
    _89 = operator new (4);
    _43 = bytes.D.25336._M_impl.D.24643._M_start;
    _Num_44 = _137 - _43;
    if (_Num_44 != 0)

    but fail to see that _137 is equal to _5 and thus eventually _Num_44
    is zero if not operator new would possibly clobber the global
    bytes variable.

    The following resolves this in value-numbering by using the
    predicated values for _5 == _6 recorded for the dominating
    condition.

            PR tree-optimization/107852
            * tree-ssa-sccvn.cc (visit_phi): Use equivalences recorded
            as predicated values to elide more redundant PHIs.

            * gcc.dg/tree-ssa/ssa-fre-101.c: New testcase.

[Bug libstdc++/107852] [12/13 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

--- Comment #9 from Richard Biener <rguenth at gcc dot gnu.org> ---
My part is done, libstdc++ adjustment missing.

[Bug libstdc++/107852] [12/13 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

--- Comment #10 from Jonathan Wakely <redi at gcc dot gnu.org> ---
With that compiler patch for the missed-optimization one of the two bogus
warnings goes away. The second one goes away with this change:

--- a/libstdc++-v3/include/bits/stl_vector.h
+++ b/libstdc++-v3/include/bits/stl_vector.h
@@ -374,8 +374,19 @@ _GLIBCXX_BEGIN_NAMESPACE_CONTAINER
       pointer
       _M_allocate(size_t __n)
       {
-       typedef __gnu_cxx::__alloc_traits<_Tp_alloc_type> _Tr;
-       return __n != 0 ? _Tr::allocate(_M_impl, __n) : pointer();
+        pointer __p = pointer();
+        if (__n != 0)
+          {
+            typedef __gnu_cxx::__alloc_traits<_Tp_alloc_type> _Tr;
+            const pointer __s = _M_impl._M_start;
+            const pointer __f = _M_impl._M_finish;
+            const pointer __e = _M_impl._M_end_of_storage;
+            __p = _Tr::allocate(_M_impl, __n);
+            if (__s != _M_impl._M_start || __f != _M_impl._M_finish
+               || __e != _M_impl._M_end_of_storage)
+              __builtin_unreachable();
+          }
+        return __p;
       }

       _GLIBCXX20_CONSTEXPR

[Bug libstdc++/107852] [12/13 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

--- Comment #11 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jonathan Wakely <redi@gcc.gnu.org>:

https://gcc.gnu.org/g:cca06f0d6d76b08ed4ddb7667eda93e2e9f2589e

commit r13-4393-gcca06f0d6d76b08ed4ddb7667eda93e2e9f2589e
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Tue Nov 29 15:50:06 2022 +0000

    libstdc++: Avoid bogus warning in std::vector::insert [PR107852]

    GCC assumes that any global variable might be modified by operator new,
    and so in the testcase for this PR all data members get reloaded after
    allocating new storage. By making local copies of the _M_start and
    _M_finish members we avoid that, and then the compiler has enough info
    to remove the dead branches that trigger bogus -Warray-bounds warnings.

    libstdc++-v3/ChangeLog:

            PR libstdc++/107852
            PR libstdc++/106199
            PR libstdc++/100366
            * include/bits/vector.tcc (vector::_M_fill_insert): Copy
            _M_start and _M_finish members before allocating.
            (vector::_M_default_append): Likewise.
            (vector::_M_range_insert): Likewise.

[Bug libstdc++/107852] [12 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[dvirtz at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

Dvir Yitzchaki <dvirtz at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dvirtz at gmail dot com

--- Comment #12 from Dvir Yitzchaki <dvirtz at gmail dot com> ---
Is this supposed to be fixed on trunk? Still seeing a similar call stack in
godbolt: https://godbolt.org/z/KKnn4v9EK

[Bug libstdc++/107852] [12 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

--- Comment #13 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-12 branch has been updated by Jonathan Wakely
<redi@gcc.gnu.org>:

https://gcc.gnu.org/g:2e4210698c644e44f9e0645dc7bc49710fd60ce8

commit r12-9457-g2e4210698c644e44f9e0645dc7bc49710fd60ce8
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Tue Nov 29 15:50:06 2022 +0000

    libstdc++: Avoid bogus warning in std::vector::insert [PR107852]

    GCC assumes that any global variable might be modified by operator new,
    and so in the testcase for this PR all data members get reloaded after
    allocating new storage. By making local copies of the _M_start and
    _M_finish members we avoid that, and then the compiler has enough info
    to remove the dead branches that trigger bogus -Warray-bounds warnings.

    libstdc++-v3/ChangeLog:

            PR libstdc++/107852
            PR libstdc++/106199
            PR libstdc++/100366
            * include/bits/vector.tcc (vector::_M_fill_insert): Copy
            _M_start and _M_finish members before allocating.
            (vector::_M_default_append): Likewise.
            (vector::_M_range_insert): Likewise.

    (cherry picked from commit cca06f0d6d76b08ed4ddb7667eda93e2e9f2589e)

[Bug libstdc++/107852] [12 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
      Known to work|                            |12.2.1
      Known to fail|                            |12.2.0
         Resolution|---                         |FIXED

--- Comment #14 from Richard Biener <rguenth at gcc dot gnu.org> ---
The diagnostic is fixed on the branch as well (just checked).

[Bug libstdc++/107852] [12 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jeffrey.reynolds@ticketmast
                   |                            |er.com

--- Comment #15 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
*** Bug 105723 has been marked as a duplicate of this bug. ***

[Bug libstdc++/107852] [12 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[rogerio.souza at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

Rogério de Souza Moraes <rogerio.souza at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |rogerio.souza at gmail dot com

--- Comment #16 from Rogério de Souza Moraes <rogerio.souza at gmail dot com> ---
I have a similar issue that happens using GCC v13.1.0 on Red Hat 7.9
3.10.0-1160.90.1.el7.x86_64.

The compiler configuration settings are:

/grid/common/test/gcc-v13.1.0d1rh74_lnx86/bin/gcc -v
Using built-in specs.
COLLECT_GCC=/grid/common/test/gcc-v13.1.0d1rh74_lnx86/bin/gcc
COLLECT_LTO_WRAPPER=/grid/common/test/gcc-v13.1.0d1rh74_lnx86/libexec/gcc/x86_64-redhat-linux/13.1.0/lto-wrapper
Target: x86_64-redhat-linux
Configured with: /tmp/gcc-v13.1.0d1rh74_lnx86/gcc.source/configure
--prefix=/grid/common/test/gcc-v13.1.0d1rh74_lnx86 --with-pkgversion=Cadence
--disable-libgcj --enable-threads=posix --enable-shared --with-system-zlib
--enable-checking=release --enable-__cxa_atexit --disable-libunwind-exceptions
--enable-languages=c,c++,fortran --disable-nls --enable-gnu-unique-object
--enable-bootstrap --enable-plugin --enable-linker-build-id
--enable-gnu-indirect-function --enable-install-libiberty --with-tune=generic
--enable-initfini-array --enable-multiarch --with-linker-hash-style=gnu
--with-ld=/grid/common/test/gcc-v13.1.0d1rh74_lnx86/bin/ld
--with-as=/grid/common/test/gcc-v13.1.0d1rh74_lnx86/bin/as
--build=x86_64-redhat-linux --host=x86_64-redhat-linux
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 13.1.0 (Cadence)

=========================================================

The command line to reproduce the crash and the compiler output:

/opt/gcc-v13.1.0d1rh74_lnx86/bin/gcc -c -fpic  -std=c++2b -pthread
-D_GLIBCXX_USE_CXX11_ABI=1 -Wstrict-aliasing=3 -O3 -Wall -Werror -DNDEBUG
-Wstrict-aliasing=3  -Wextra   -DET7 -DETX=7
-DCMG_QT_VERSION='"MAIN_WXE_23.05.539.d000-Z2, VEngineering"'  -DLINUX2   
-I/opt/ua/3party/capnproto -I/opt/ua/Framework -I. -I.. -I/opt/ap/include
-I/grid/cva/p4/eugene/gcc_wxe/ua/include -I/opt/ua/3party/xlm_inst/include 
-MMD ../radbSerializer.C

In file included from
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/string:51,
                 from
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/stdexcept:39,
                 from ../radbSerializer.C:9:
In static member function 'static constexpr _Up* std::__copy_move<_IsMove,
true, std::random_access_iterator_tag>::__copy_m(_Tp*, _Tp*, _Up*) [with _Tp =
long unsigned int; _Up = long unsigned int; bool _IsMove = false]',
    inlined from 'constexpr _OI std::__copy_move_a2(_II, _II, _OI) [with bool
_IsMove = false; _II = long unsigned int*; _OI = long unsigned int*]' at
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/stl_algobase.h:506:3 ,
    inlined from 'constexpr _OI std::__copy_move_a1(_II, _II, _OI) [with bool
_IsMove = false; _II = long unsigned int*; _OI = long unsigned int*]' at
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/stl_algobase.h:533:4 ,
    inlined from 'constexpr _OI std::__copy_move_a(_II, _II, _OI) [with bool
_IsMove = false; _II = long unsigned int*; _OI = long unsigned int*]' at
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/stl_algobase.h:540:31,   
inlined from 'constexpr _OI std::copy(_II, _II, _OI) [with _II = long unsigned
int*; _OI = long unsigned int*]' at
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/stl_algobase.h:633:7,
    inlined from 'constexpr std::vector<bool, _Alloc>::iterator
std::vector<bool, _Alloc>::_M_copy_aligned(const_iterator, const_iterator,
iterator) [with _Alloc = std::allocator<bool>]' at
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/stl_bvector.h:1303:28,
    inlined from 'constexpr void std::vector<bool,
_Alloc>::_M_reallocate(size_type) [with _Alloc = std::allocator<bool>]' at
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/vector.tcc:851:40,
    inlined from 'constexpr void std::vector<bool, _Alloc>::reserve(size_type)
[with _Alloc = std::allocator<bool>]' at
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/stl_bvector.h:1091:17,
    inlined from 'radb::ScopesSerializer::ScopesSerializer()' at
../radbSerializer.C:25:24:
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/stl_algobase.h:437:30:
error: 'void* __builtin_memmove(void*, const void*, long unsigned int)' forming
offset 8 is out of the bounds [0, 8] [-Werror=array-bounds=]
  437 |             __builtin_memmove(__result, __first, sizeof(_Tp) * _Num);
      |             ~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In static member function 'static constexpr _Up* std::__copy_move<_IsMove,
true, std::random_access_iterator_tag>::__copy_m(_Tp*, _Tp*, _Up*) [with _Tp =
long unsigned int; _Up = long unsigned int; bool _IsMove = false]',
    inlined from 'constexpr _OI std::__copy_move_a2(_II, _II, _OI) [with bool
_IsMove = false; _II = long unsigned int*; _OI = long unsigned int*]' at
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/stl_algobase.h:506:3 ,
    inlined from 'constexpr _OI std::__copy_move_a1(_II, _II, _OI) [with bool
_IsMove = false; _II = long unsigned int*; _OI = long unsigned int*]' at
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/stl_algobase.h:533:4 ,
    inlined from 'constexpr _OI std::__copy_move_a(_II, _II, _OI) [with bool
_IsMove = false; _II = long unsigned int*; _OI = long unsigned int*]' at
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/stl_algobase.h:540:31,   
inlined from 'constexpr _OI std::copy(_II, _II, _OI) [with _II = long unsigned
int*; _OI = long unsigned int*]' at
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/stl_algobase.h:633:7,
    inlined from 'constexpr std::vector<bool, _Alloc>::iterator
std::vector<bool, _Alloc>::_M_copy_aligned(const_iterator, const_iterator,
iterator) [with _Alloc = std::allocator<bool>]' at
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/stl_bvector.h:1303:28,
    inlined from 'constexpr void std::vector<bool,
_Alloc>::_M_reallocate(size_type) [with _Alloc = std::allocator<bool>]' at
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/vector.tcc:851:40,
    inlined from 'constexpr void std::vector<bool, _Alloc>::reserve(size_type)
[with _Alloc = std::allocator<bool>]' at
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/stl_bvector.h:1091:17,
    inlined from 'radb::VarsSerializer::VarsSerializer()' at
../radbSerializer.C:93:27:
/opt/gcc-v13.1.0d1rh74_lnx86/include/c++/13.1.0/bits/stl_algobase.h:437:30:
error: 'void* __builtin_memmove(void*, const void*, long unsigned int)' forming
offset 8 is out of the bounds [0, 8] [-Werror=array-bounds=]
  437 |             __builtin_memmove(__result, __first, sizeof(_Tp) * _Num);
      |             ~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1plus: all warnings being treated as errors

=========================================================

The the preprocessed file "radbSerializer.ii" is attached. This might means
that this issue was still not totally fixed on GCC v13.1.0

Regards,
Rogerio

[Bug libstdc++/107852] [12 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[rogerio.souza at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

--- Comment #17 from Rogério de Souza Moraes <rogerio.souza at gmail dot com> ---
Created attachment 55428
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55428&action=edit
Preprocessed file for GCC 13.1.0 bug

This is the preprocessed file (*.i*) that triggers the bug reported by Rogerio
on GCC v13.1.0.

[Bug libstdc++/107852] [12 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

--- Comment #18 from Jonathan Wakely <redi at gcc dot gnu.org> ---
That's not a crash, it's a warning. And it looks like a separate problem, since
it comes from vector::reserve not vector::insert. Please file a new bug for it
instead.