[Bug c/115274] New: Bogus -Wstringop-overread in SQLite source code

[Bug c/115274] New: Bogus -Wstringop-overread in SQLite source code

[boris at kolpackov dot net]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115274

            Bug ID: 115274
           Summary: Bogus -Wstringop-overread in SQLite source code
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: boris at kolpackov dot net
  Target Milestone: ---

Compiled attached sqlite3.c from recent SQLite release with GCC 14 and -O3
produces the following bogus (according to our analysis) warning:

$ gcc-14 -O3 -c sqlite3.c
In function ‘sqlite3Strlen30’,
    inlined from ‘sqlite3ColumnSetColl’ at sqlite3.c:115936:10:
sqlite3.c:33361:28: warning: ‘strlen’ reading 1 or more bytes from a region of
size 0 [-Wstringop-overread]
33361 |   return 0x3fffffff & (int)strlen(z);
      |                            ^~~~~~~~~
In function ‘sqlite3ColumnSetColl’:
cc1: note: source object is likely at address zero

$ gcc-14 --version
gcc-14 (Debian 14.1.0-1) 14.1.0

There is no such warning with GCC 13.2.0.

[Bug tree-optimization/115274] Bogus -Wstringop-overread in SQLite source code

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115274

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
>Compiled attached sqlite3.c

Looks like it didn't attach.  Can you try again? Maybe compress it?

[Bug tree-optimization/115274] Bogus -Wstringop-overread in SQLite source code

[boris at kolpackov dot net]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115274

--- Comment #2 from Boris Kolpackov <boris at kolpackov dot net> ---
Ok, I couldn't attach the source file due to size limits, but you can get it
from https://sqlite.org/download.html . I get this warning with the latest
version, which is 3.46.0 at the time of this writing.

[Bug tree-optimization/115274] Bogus -Wstringop-overread in SQLite source code

[sjames at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115274

Sam James <sjames at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sjames at gcc dot gnu.org

--- Comment #3 from Sam James <sjames at gcc dot gnu.org> ---
(In reply to Boris Kolpackov from comment #2)
> Ok, I couldn't attach the source file due to size limits, but you can get it
> from https://sqlite.org/download.html . I get this warning with the latest
> version, which is 3.46.0 at the time of this writing.

Please try compress it.

[Bug tree-optimization/115274] Bogus -Wstringop-overread in SQLite source code

[boris at kolpackov dot net]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115274

--- Comment #4 from Boris Kolpackov <boris at kolpackov dot net> ---
> Please try compress it.

I did try with xz -9e and it was still 1.5M (the limit is 1M). I doubt any
compression method will be able to shave those 50% off.

[Bug tree-optimization/115274] Bogus -Wstringop-overread in SQLite source code

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115274

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |christian at zeek dot org

--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
*** Bug 115702 has been marked as a duplicate of this bug. ***

[Bug tree-optimization/115274] Bogus -Wstringop-overread in SQLite source code

[drh at sqlite dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115274

D. Richard Hipp <drh at sqlite dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |drh at sqlite dot org

--- Comment #6 from D. Richard Hipp <drh at sqlite dot org> ---
The source file that causes the problem can now be downloaded from
<https://sqlite.org/tmp/sqlite3-20240523.c>.

[Bug tree-optimization/115274] Bogus -Wstringop-overread in SQLite source code

[andi-gcc at firstfloor dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115274

Andi Kleen <andi-gcc at firstfloor dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |andi-gcc at firstfloor dot org

--- Comment #7 from Andi Kleen <andi-gcc at firstfloor dot org> ---
Doesn't reproduce for me on recent trunk. So maybe already fixed.

The file is useful as a general run test case for the compiler though.

[Bug tree-optimization/115274] Bogus -Wstringop-overread in SQLite source code

[andi-gcc at firstfloor dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115274

--- Comment #8 from Andi Kleen <andi-gcc at firstfloor dot org> ---
Ah never mind. I ran it with the wrong option with -O3 it shows the warning.
Unfortunately the run time is very long so it will be difficult to minimize.

[Bug tree-optimization/115274] Bogus -Wstringop-overread in SQLite source code

[ak at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115274

ak at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2024-06-29
                 CC|                            |ak at gcc dot gnu.org

--- Comment #9 from ak at gcc dot gnu.org ---
creduce minimized it to

#include <string.h>
char *c;
void a();
int b(char *d) { return strlen(d); }
void e() {
  long f = 1;
  f = b(c + f);
  if (c == 0)
    a(f);
}

From the one it seems to be invalid because the c global is indeed NULL.

but it's hard to say if it is exactly equivalent because it will depend on the
caller and the original test case had something like 30+ callers, so we don't
know the exact context.

Problem is that these warnings which depend on inlining should really print the
inline stack for the instance that triggers the warning. I opened PR115704