[Bug c/113514] New: Wrong __builtin_dynamic_object_size when using a set local variable

[Bug c/113514] New: Wrong __builtin_dynamic_object_size when using a set local variable

[isanbard at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113514

            Bug ID: 113514
           Summary: Wrong __builtin_dynamic_object_size when using a set
                    local variable
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: isanbard at gmail dot com
  Target Milestone: ---

There appears to be an issue with __builtin_dynamic_object_size() when using a
local variable. The following code should output 40 for each __bdos call:

$ cat test.c
#include <stdio.h>

struct s {
    int a, b, c, d;
    int  foo;
#define IDX 2
    int blue;
    char bar[IDX][40];
    int  baz;
    int  qux;
};

int main(int argc, char **argv) {
    struct s f;

    #define report(x) fprintf(stderr, #x ": %zu\n", x)

    report(__builtin_dynamic_object_size(f.bar[1], 1));
    report(__builtin_dynamic_object_size(f.bar[1], 3));

    report(__builtin_dynamic_object_size(f.bar[argc], 1));
    report(__builtin_dynamic_object_size(f.bar[argc], 3));

    argc = 1;
    report(__builtin_dynamic_object_size(f.bar[argc], 1));
    report(__builtin_dynamic_object_size(f.bar[argc], 3));

    return 0;
}

However, the last two print 48:

$ gcc -O2 test.c && a.out
__builtin_dynamic_object_size(f.bar[1], 1): 40
__builtin_dynamic_object_size(f.bar[1], 3): 40
__builtin_dynamic_object_size(f.bar[argc], 1): 40
__builtin_dynamic_object_size(f.bar[argc], 3): 40
__builtin_dynamic_object_size(f.bar[argc], 1): 48
__builtin_dynamic_object_size(f.bar[argc], 3): 48

[Bug middle-end/113514] Wrong __builtin_dynamic_object_size when using a set local variable

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113514

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
The answer is not really and it is complex.

So I will note that clang/LLVM returns 48 for `f.bar[argc], 1` and 0 for `,3`.

[Bug middle-end/113514] Wrong __builtin_dynamic_object_size when using a set local variable

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113514

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
In the case of the constant proping into `&f.bar[argc][0]`, it is not know if
you are doing an offset of the original struct or an offset into the array.
GCC's internal IR changes into the former as it is more canonical form while
with the constant already there is known at front-end time.

With respect of a non-constant one, GCC's IR keeps the array form address
around which allows the answer of still 40.

I can't explain clang/LLVM's behavior for `,3` though.

[Bug middle-end/113514] Wrong __builtin_dynamic_object_size when using a set local variable

[isanbard at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113514

--- Comment #3 from Bill Wendling <isanbard at gmail dot com> ---
(In reply to Andrew Pinski from comment #1)
> The answer is not really and it is complex.
> 
Okay. It just seems counter-intuitive.

> So I will note that clang/LLVM returns 48 for `f.bar[argc], 1` and 0 for
> `,3`.

Yeah. I'm trying to fix that, but the consensus is that returning the maximum
value of the whole object (not sub-object) when the LSB is set is okay due to
this in the documentation:

> If there are multiple objects ptr can point to and all of them are known at compile time, the returned number is the maximum of remaining byte counts in those objects if type & 2 is 0 and minimum if nonzero.

Note, I don't agree with that viewpoint.

[Bug middle-end/113514] Wrong __builtin_dynamic_object_size when using a set local variable

[sjames at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113514

--- Comment #4 from Sam James <sjames at gcc dot gnu.org> ---
Siddhesh, there's some discussion at
https://github.com/llvm/llvm-project/pull/78526 as to what the GCC behaviour is
supposed to be vs documented.

[Bug middle-end/113514] Wrong __builtin_dynamic_object_size when using a set local variable

[siddhesh at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113514

--- Comment #5 from Siddhesh Poyarekar <siddhesh at gcc dot gnu.org> ---
What seems to be happening is that early_objsz bails out since the subobject
size at that point is not a constant; I remember concluding that it's safest to
stick to constant sizes here, but I can't remember why I came to that
conclusion.  Then in constant propagation (literally the next pass in -O2), the
reference gets folded into a MEM_REF and we have the classic case of the
subobject reference being lost, due to which we see the whole object size there
instead of the subobject size.

I need to try and remember why I decided against generating expressions in
early_objsz.

[Bug middle-end/113514] Imprecise __builtin_dynamic_object_size when using a set local variable

[siddhesh at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113514

Siddhesh Poyarekar <siddhesh at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|                            |2024-01-22
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW