[Bug tree-optimization/108366] [12/13 Regression] Spurious stringop overflow, possibly alias-related since r12-145-gd1d01a66012a93cc

["rguenth at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108366

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |missed-optimization
   Last reconfirmed|                            |2023-01-11
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1

--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
Warns from

#1  0x00000000013bc420 in warn_for_access<gimple*> (loc=2147485003, 
    func=<function_decl 0x7ffff633ad00 memset>, exp=<gimple_call
0x7ffff60938e8>, 
    opt=761, range=0x7fffffffd560, size=<integer_cst 0x7ffff63f42e8>, 
    write=true, read=false, maybe=false)
    at /home/rguenther/src/gcc-12-branch/gcc/gimple-ssa-warn-access.cc:995
(gdb) l
990         }
991
992       if (write)
993         {
994           if (tree_int_cst_equal (range[0], range[1]))
995             warned = (func
996                       ? warning_n (loc, opt, tree_to_uhwi (range[0]),
997                                    (maybe
998                                     ? G_("%qD may write %E byte into a
region "
999                                          "of size %E")
(gdb) p debug_gimple_stmt (exp)
# .MEM_2 = VDEF <.MEM_23>
memset (&MEM <char[32]> [(void *)&actual], 65, 128);

on a path where actual.m_outline == nullptr

for some unknown reason we reload actual.m_outline in the loop, likely
because storing to it is thought to clobber actual.m_outline
(which is initialized from a new expression).  Note 'actual' escapes
the function via the printf call and 'new' can inspect/clobber globals.

We're also "bad" in computing points-to info because of the

    memset(buffer.data(), 'A', new_size);

which with

    char* data() {
        if (m_outline)
            return m_outline;
        return reinterpret_cast<char*>(m_inline);
    }

simply clobbers the whole object (with our points-to analysis).

Helping the compiler and doing

    auto *b = buffer.m_outline;
    for (unsigned i = 0; i < 128; ++i)
        b[i] = 0;

allows it to optimize and avoid the diagnostic.  Using buffer.m_outline
in the memset instead of buffer.data () would probably work as well.