[Bug tree-optimization/114615] New: spurious warning on mingw-w64: 'memcpy' reading 4 or more bytes from a region of size 2 with std::wstring{L""} and -flto -O1 [Wstringop-overread]

[Bug tree-optimization/114615] New: spurious warning on mingw-w64: 'memcpy' reading 4 or more bytes from a region of size 2 with std::wstring{L""} and -flto -O1 [Wstringop-overread]

[bugzilla.gcc.simon at arlott dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114615

            Bug ID: 114615
           Summary: spurious warning on mingw-w64: 'memcpy' reading 4 or
                    more bytes from a region of size 2 with
                    std::wstring{L""} and -flto -O1 [Wstringop-overread]
           Product: gcc
           Version: 12.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: bugzilla.gcc.simon at arlott dot org
  Target Milestone: ---

This only happens on MinGW, when compiling with -flto, -municode and
optimisations. I get a spurious warning and it fails to optimise away the
constructor/destructor:

$ x86_64-w64-mingw32-g++ -o test.exe test.cc -flto -municode -O1
In function ‘wmemcpy’,
    inlined from ‘copy’ at
/usr/lib/gcc/x86_64-w64-mingw32/12-win32/include/c++/bits/char_traits.h:558:16,
    inlined from ‘_S_copy’ at
/usr/lib/gcc/x86_64-w64-mingw32/12-win32/include/c++/bits/basic_string.h:423:21,
    inlined from ‘_S_copy_chars’ at
/usr/lib/gcc/x86_64-w64-mingw32/12-win32/include/c++/bits/basic_string.h:477:16,
    inlined from ‘_M_construct’ at
/usr/lib/gcc/x86_64-w64-mingw32/12-win32/include/c++/bits/basic_string.tcc:243:21,
    inlined from ‘__ct_comp ’ at
/usr/lib/gcc/x86_64-w64-mingw32/12-win32/include/c++/bits/basic_string.h:642:14,
    inlined from ‘wmain’ at test.cc:5:23:
/usr/share/mingw-w64/include/wchar.h:1502:31: warning: ‘memcpy’ reading 4 or
more bytes from a region of size 2 [-Wstringop-overread]
 1502 |     return (wchar_t *) memcpy (_S1,_S2,_N*sizeof(wchar_t));
      |                               ^

test.cc:
#include <windows.h>
#include <string>

int wmain(int argc, wchar_t *argv[], wchar_t *envp[]) {
        std::wstring test{L""};
        return 0;
}

I can reproduce it here on MinGW GCC 12.1.0 and 12.2.0:
https://godbolt.org/z/dv7Pb8nx4 (the MinGW GCC 13 compiler on there is
currently not working at all)

MinGW GCC 11.3.0 is ok.

[Bug target/114615] spurious warning on mingw-w64: 'memcpy' reading 4 or more bytes from a region of size 2 with std::wstring{L""} and -flto -O1 [Wstringop-overread]

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114615

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Target|                            |x86_64-w64-mingw32
          Component|tree-optimization           |target

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
-municode defines UNICODE .

Maybe there is some mismatching of wchar_t somewhere ...

[Bug target/114615] spurious warning on mingw-w64: 'memcpy' reading 4 or more bytes from a region of size 2 with std::wstring{L""} and -flto -O1 [Wstringop-overread]

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114615

Jonathan Wakely <redi at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |diagnostic

--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Or jump threading is splitting the code into two branches for N <= 1 and N >=
2, and then warning that the N >= 2 case would read past the end of the source
buffer. But that case never actually happens.

The constructor calls _M_construct which goes to:

      static void
      _S_copy(_CharT* __d, const _CharT* __s, size_type __n)
      {
        if (__n == 1)
          traits_type::assign(*__d, *__s);
        else
          traits_type::copy(__d, __s, __n);
      }

The N == 1 case is handled here, then char_traits<wchar_t>::copy does:

      static _GLIBCXX20_CONSTEXPR char_type*
      copy(char_type* __s1, const char_type* __s2, size_t __n)
      {
        if (__n == 0)
          return __s1;
#if __cplusplus >= 202002L
        if (std::__is_constant_evaluated())
          return __gnu_cxx::char_traits<char_type>::copy(__s1, __s2, __n);
#endif
        return wmemcpy(__s1, __s2, __n);
      }

So the N == 0 case is also handled here, so we only use wmemcpy for N >= 2. And
that would indeed read N * sizeof(wchar_t), i.e. 4 or more bytes, from L""
which is only 2 bytes.

But it's unreachable, because we take the if (__n == 0) branch.

[Bug target/114615] spurious warning on mingw-w64: 'memcpy' reading 4 or more bytes from a region of size 2 with std::wstring{L""} and -flto -O1 [Wstringop-overread]

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114615

--- Comment #3 from Jonathan Wakely <redi at gcc dot gnu.org> ---
The dumb part is that __n here comes from wcslen(__s2), so the compiler is able
to track that __s2 is only two bytes, but not capable of tracking that __n ==
0.

Specifically, __n is (__s2 + wcslen(__s2)) - __s2 which is just wcslen(L"")
which is 0.

[Bug target/114615] spurious warning on mingw-w64: 'memcpy' reading 4 or more bytes from a region of size 2 with std::wstring{L""} and -flto -O1 [Wstringop-overread]

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114615

--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Jonathan Wakely from comment #3)
> The dumb part is that __n here comes from wcslen(__s2), so the compiler is
> able to track that __s2 is only two bytes, but not capable of tracking that
> __n == 0.
> 
> Specifically, __n is (__s2 + wcslen(__s2)) - __s2 which is just wcslen(L"")
> which is 0.

I dont think we fold/track wide_t builtins at all ...