From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 3914D3858D20; Fri, 31 Mar 2023 07:17:51 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3914D3858D20 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1680247071; bh=p10ynTucJ8V1SL5ih0bkcWo+u/m95aHPXO2t8oIhhh4=; h=From:To:Subject:Date:In-Reply-To:References:From; b=sku0BWEPW0ENsUxw8+5mdlZ29h6++uNSa0m6a3uL34D6bA/1rryv1Mm7Q/Sf80VQm CWOwM0oMnpEdLe+rySWHCRnIxQkY78d7pAuzuSH6iEIrMFEFn5qHqKMmIniTjfqAeP Wm3JQv8nACVnF/OM1Az8U2al9Hr8wo+1sUH4i2zs= From: "rguenth at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/109350] FAIL: g++.dg/warn/Wstringop-overflow-4.C Date: Fri, 31 Mar 2023 07:17:50 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: rguenth at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109350 Richard Biener changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |amacleod at redhat dot com --- Comment #2 from Richard Biener --- Hmm, the same reproduces with r_imin_imax as ptrdiff_t but the IL is a bit more obvious: [local count: 1073741824]: _27 =3D{v} signed_value_source; _4 =3D (unsigned long) _27; _8 =3D _4 + 2147483648; if (_8 > 4294967295) goto ; [50.00%] else goto ; [50.00%] [local count: 536870913]: _30 =3D _27 + 1; _28 =3D (sizetype) _30; if (_4 <=3D 4611686018427387900) goto ; [50.00%] else goto ; [50.00%] [local count: 268435458]: _12 =3D operator new [] (18446744073709551615); __builtin_memcpy (_12, &MEM [(void *)"0123456789abcdefghijklmnopqrstuvwxyz" + 35B], 2); sink (_12); if (_28 <=3D 4611686018427387900) goto ; [100.00%] else goto ; [0.00%] [local count: 0]: iftmp.2_37 =3D _28 * 2; _39 =3D operator new [] (iftmp.2_37); __builtin_memcpy (_39, &MEM [(void *)"0123456789abcdefghijklmnopqrstuvwxyz" + 34B], 3); so we have (unsigned long)[int_min, int_max] > 4611686018427387900 && (unsigned long)[int_min+1, int_max+1] <=3D 4611686018427387900 to constrain _4. I don't see how we can arrive at [0,0] for iftmp.2_37. In fact if I put this into a separate testcase like void __attribute__((noipa)) foo (long signed_value_source) { unsigned long temu =3D signed_value_source; if (temu + 2147483648 > 4294967295) ; else { long tems =3D signed_value_source + 1; unsigned long temu2 =3D tems; if (temu > 4611686018427387900) if (temu2 <=3D 4611686018427387900) { unsigned long iftmp =3D temu2 * 2; if (iftmp =3D=3D 0) __builtin_abort (); } } } then we optimize this to [local count: 1073741824]: temu_3 =3D (long unsigned int) signed_value_source_2(D); _1 =3D temu_3 + 2147483648; if (_1 > 4294967295) goto ; [50.00%] else goto ; [50.00%] [local count: 536870913]: if (signed_value_source_2(D) =3D=3D -1) goto ; [0.00%] else goto ; [100.00%] [count: 0]: __builtin_abort (); and the outer if doesn't change the inner range result.=