[Bug tree-optimization/107852] [12/13 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "rguenth at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/107852] [12/13 Regression] Spurious warnings stringop-overflow and array-bounds copying data as bytes into vector
Date: Tue, 29 Nov 2022 11:46:58 +0000	[thread overview]
Message-ID: <bug-107852-4-Qn1Dbozawy@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-107852-4@http.gcc.gnu.org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107852

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2022-11-29
     Ever confirmed|0                           |1
           Keywords|                            |missed-optimization

--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
The array bound diagnostic happens on

__builtin_memcpy (_48, _137, _Num.12_51);

where we have

_89 = operator new (4);
_48 = _89 + 4;

so the destination has no space left, thus _Num.12_51 must be zero but the
actual guard of the memcpy is:

if (_Num_50 != 0)
  goto <bb 11>; [33.00%]
else
  goto <bb 12>; [67.00%]

<bb 11> [local count: 72751929]:
_Num.12_51 = (long unsigned int) _Num_50;
__builtin_memcpy (_48, _137, _Num.12_51);

so the value-range of that is known > 0.  There's a missed optimization:

<bb 2> [local count: 1073741824]:
_5 = bytes.D.25336._M_impl.D.24643._M_start;
_6 = bytes.D.25336._M_impl.D.24643._M_finish;
pretmp_66 = bytes.D.25336._M_impl.D.24643._M_end_of_storage;
if (_5 != _6)
  goto <bb 3>; [70.00%]
else
  goto <bb 4>; [30.00%]

...

<bb 6> [local count: 329045359]:
# _137 = PHI <_6(4), _5(3)>
_89 = operator new (4);
_43 = bytes.D.25336._M_impl.D.24643._M_start;
_Num_44 = _137 - _43;
if (_Num_44 != 0)
  goto <bb 7>; [33.00%]
else
  goto <bb 9>; [67.00%]

here we could see that _137 is equal to _5 and thus _Num_44 is zero (not
sure why _43 was not yet CSEd to _5 here, supposedly this is exposed too
late for the last FRE?).  Knowing this would make the memcpy unreachable.
So there's some std::__throw_length_error unresolved still which
clobbers 'bytes'.

I have a patch to elide the PHI node but the issue with
bytes.D.25336._M_impl.D.24643._M_start not CSEd remains, it's in this
case possibly clobbered by operator new (4).

There's the possible option to avoid re-loading from 'this' in the
involved(?) std::vector implementation (vector.tcc around line 800
which is where eventually the operator new originates from).  IIRC we
removed an optimization that 'new' cannot clobber global memory because
of correctness issues recently.

next prev parent reply	other threads:[~2022-11-29 11:47 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-23 23:24 [Bug tree-optimization/107852] New: " cuzdav at gmail dot com
2022-11-23 23:31 ` [Bug tree-optimization/107852] " pinskia at gcc dot gnu.org
2022-11-24  1:12 ` pinskia at gcc dot gnu.org
2022-11-24  7:07 ` rguenth at gcc dot gnu.org
2022-11-24  7:08 ` [Bug tree-optimization/107852] [12/13 Regression] " rguenth at gcc dot gnu.org
2022-11-29 11:46 ` rguenth at gcc dot gnu.org [this message]
2022-11-29 11:47 ` [Bug libstdc++/107852] " rguenth at gcc dot gnu.org
2022-11-29 12:01 ` redi at gcc dot gnu.org
2022-11-29 12:26 ` rguenth at gcc dot gnu.org
2022-11-29 13:30 ` cvs-commit at gcc dot gnu.org
2022-11-29 13:31 ` rguenth at gcc dot gnu.org
2022-11-29 16:50 ` redi at gcc dot gnu.org
2022-11-29 17:14 ` cvs-commit at gcc dot gnu.org
2023-03-19 10:31 ` [Bug libstdc++/107852] [12 " dvirtz at gmail dot com
2023-04-20 13:57 ` cvs-commit at gcc dot gnu.org
2023-04-27 11:44 ` rguenth at gcc dot gnu.org
2023-05-01 13:12 ` pinskia at gcc dot gnu.org
2023-06-29 18:08 ` rogerio.souza at gmail dot com
2023-06-29 18:12 ` rogerio.souza at gmail dot com
2023-06-29 19:16 ` redi at gcc dot gnu.org

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-107852-4-Qn1Dbozawy@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).