[Bug c/109968] New: False Warning stringop-overread when -O2 and -fsanitize=address used

[Bug c/109968] New: False Warning stringop-overread when -O2 and -fsanitize=address used

[davekelly13 at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109968

            Bug ID: 109968
           Summary: False Warning stringop-overread when -O2 and
                    -fsanitize=address used
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: davekelly13 at gmail dot com
  Target Milestone: ---

Created attachment 55157
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55157&action=edit
Preprocessed source

gcc-13 -O2 -fsanitize=address --save-temps x.c -S
x.c: In function ‘f’:
x.c:17:15: warning: ‘write’ reading 6 bytes from a region of size 4
[-Wstringop-overread]
   17 |         err = write( 1, (const void *)&(s->s2), 6);
      |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
x.c:5:21: note: source object ‘b’ of size 4
    5 |                 int b;
      |                     ^
In file included from x.c:1:
/usr/include/unistd.h:378:16: note: in a call to function ‘write’ declared with
attribute ‘access (read_only, 2, 3)’
  378 | extern ssize_t write (int __fd, const void *__buf, size_t __n) __wur
      |                ^~~~~

Preprocessed source attached.

Removing the  "if ( s->s2.b == 1 ) return 0;" resolves the issue.


 gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/12/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none:amdgcn-amdhsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu
12.2.0-17ubuntu1' --with-bugurl=file:///usr/share/doc/gcc-12/README.Bugs
--enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2 --prefix=/usr
--with-gcc-major-version-only --program-suffix=-12
--program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--libdir=/usr/lib --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug
--enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new
--enable-gnu-unique-object --disable-vtable-verify --enable-plugin
--enable-default-pie --with-system-zlib --enable-libphobos-checking=release
--with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch
--disable-werror --enable-cet --with-arch-32=i686 --with-abi=m64
--with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic
--enable-offload-targets=nvptx-none=/build/gcc-12-Pa930Z/gcc-12-12.2.0/debian/tmp-nvptx/usr,amdgcn-amdhsa=/build/gcc-12-Pa930Z/gcc-12-12.2.0/debian/tmp-gcn/usr
--enable-offload-defaulted --without-cuda-driver --enable-checking=release
--build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 12.2.0 (Ubuntu 12.2.0-17ubuntu1)

[Bug tree-optimization/109968] False Warning stringop-overread when -O2 and -fsanitize=address used

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109968

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
From
https://gcc.gnu.org/onlinedocs/gcc-13.1.0/gcc/Instrumentation-Options.html#index-fsanitize_003daddress
:
Note that sanitizers tend to increase the rate of false positive warnings, most
notably those around -Wmaybe-uninitialized. We recommend against combining
-Werror and [the use of] sanitizers.

[Bug tree-optimization/109968] False Warning stringop-overread at -O2

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109968

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|False Warning               |False Warning
                   |stringop-overread when -O2  |stringop-overread at -O2
                   |and -fsanitize=address used |

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Reduced testcase without -fsanitize=address:
extern int write1 (int __fd, const void *__buf, size_t __n) 
    __attribute__ ((__access__ (__read_only__, 2, 3)));

typedef struct {
 struct {
  int b;
  int c;
 } s2;
} S;

void f1(int *a);

int f(S *s )
{
 int err;
 f1(&s->s2.b);

 err = write1( 1, (const void *)&(s->s2), 6);
 return err;
}

[Bug tree-optimization/109968] False Warning stringop-overread at -O2

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109968

--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Andrew Pinski from comment #2)
> Reduced testcase without -fsanitize=address:

Sorry missed one undefined type.
Here is the corrected reduced testcase:
```
extern int write1 (int __fd, const void *__buf, int __n) 
    __attribute__ ((__access__ (__read_only__, 2, 3)));

typedef struct {
 struct {
  int b;
  int c;
 } s2;
} S;

void f1(int *a);

int f(S *s )
{
 int err;
f1(&s->s2.b);

 err = write1( 1, (const void *)&(s->s2), 6);
 return err;
}
```

[Bug tree-optimization/109968] False Warning stringop-overread at -O2

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109968

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|                            |2023-05-26
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1

--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
 f1(&s->s2.b);

 err = write1( 1, (const void *)&(s->s2), 6);

we CSE &s->s2 as &s->s2.b which derails ptr-query.  -Wstringop-overread has to
happen before we finalize object sizes and set optimizers lose.  Instead we
emit this diagnostic in the very late warn_access pass.