public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug middle-end/45978] New: bogus "array subscript is above array bounds" warning in extremely simple code with no loops
@ 2010-10-12 7:37 miles at gnu dot org
2010-10-12 9:44 ` [Bug tree-optimization/45978] [4.6 Regression] " rguenth at gcc dot gnu.org
` (11 more replies)
0 siblings, 12 replies; 13+ messages in thread
From: miles at gnu dot org @ 2010-10-12 7:37 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45978
Summary: bogus "array subscript is above array bounds" warning
in extremely simple code with no loops
Product: gcc
Version: 4.6.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: miles@gnu.org
Created attachment 22021
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=22021
C++ source file illustrating bug
[I don't know if the "component:" field is correct, but there doesn't seem to
be a "I don't know" option]
There are many bugs in gcc's bugzilla related to bogus array-bounds warnings,
but most of them seem to involve loops and other situations that may need
non-trivial analysis by the compiler.
However the attached C++ source file ("tt.cc") seems to be almost trivial; it
contains no loops at all, and all array references use a constant (and valid)
index, but it nonetheless elicits an "array subscript is above array bounds"
warning from the compiler. As far as I can figure, the warning is bogus.
Compilation looks like:
$ g++-snapshot -O3 -S -Wall -Wextra tt.cc
tt.cc: In function 'Z test()':
tt.cc:15:21: warning: array subscript is above array bounds [-Warray-bounds]
Version info:
$ g++-snapshot --version
g++ (Debian 20101009-1) 4.6.0 20101009 (experimental) [trunk revision
165234]
Copyright (C) 2010 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
"g++-snapshot" just invokes g++ from Debian's gcc-snapshot package, which is a
somewhat recent trunk snapshot.
["tt.cc" is as minimal as I can get it -- moving, eliminating, or changing any
field in any of the structures seems to silence the warning.]
Thanks,
-Miles
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/45978] [4.6 Regression] bogus "array subscript is above array bounds" warning in extremely simple code with no loops
2010-10-12 7:37 [Bug middle-end/45978] New: bogus "array subscript is above array bounds" warning in extremely simple code with no loops miles at gnu dot org
@ 2010-10-12 9:44 ` rguenth at gcc dot gnu.org
2010-11-15 12:05 ` rguenth at gcc dot gnu.org
` (10 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2010-10-12 9:44 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45978
Richard Guenther <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Keywords| |diagnostic
Last reconfirmed| |2010.10.12 09:44:10
Component|middle-end |tree-optimization
Ever Confirmed|0 |1
Summary|bogus "array subscript is |[4.6 Regression] bogus
|above array bounds" warning |"array subscript is above
|in extremely simple code |array bounds" warning in
|with no loops |extremely simple code with
| |no loops
Target Milestone|--- |4.6.0
--- Comment #1 from Richard Guenther <rguenth at gcc dot gnu.org> 2010-10-12 09:44:10 UTC ---
Confirmed. The vectorizer uses &MEM[(struct Y *)&<retval>].ar[4]; as the
base address for the store to .c.x, .c.y, .c.z, .d.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/45978] [4.6 Regression] bogus "array subscript is above array bounds" warning in extremely simple code with no loops
2010-10-12 7:37 [Bug middle-end/45978] New: bogus "array subscript is above array bounds" warning in extremely simple code with no loops miles at gnu dot org
2010-10-12 9:44 ` [Bug tree-optimization/45978] [4.6 Regression] " rguenth at gcc dot gnu.org
@ 2010-11-15 12:05 ` rguenth at gcc dot gnu.org
2011-02-08 13:39 ` rguenth at gcc dot gnu.org
` (9 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2010-11-15 12:05 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45978
--- Comment #2 from Richard Guenther <rguenth at gcc dot gnu.org> 2010-11-15 12:00:20 UTC ---
Hmm, I'm not sure how to address this - we warn about the address-taking
operation which only at VRP time get's folded to &MEM[(struct Y
*)&<retval>].ar[4]
via maybe_fold_stmt_addition (which I only preserved to avoid some regressions
I don't remember anymore during mem-ref development).
Clearly even the first vectorized access spans more than the array (but we
could set TREE_NO_WARNING on the memory reference itself).
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/45978] [4.6 Regression] bogus "array subscript is above array bounds" warning in extremely simple code with no loops
2010-10-12 7:37 [Bug middle-end/45978] New: bogus "array subscript is above array bounds" warning in extremely simple code with no loops miles at gnu dot org
2010-10-12 9:44 ` [Bug tree-optimization/45978] [4.6 Regression] " rguenth at gcc dot gnu.org
2010-11-15 12:05 ` rguenth at gcc dot gnu.org
@ 2011-02-08 13:39 ` rguenth at gcc dot gnu.org
2011-03-25 20:10 ` [Bug tree-optimization/45978] [4.6/4.7 " jakub at gcc dot gnu.org
` (8 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2011-02-08 13:39 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45978
Richard Guenther <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P2
--- Comment #3 from Richard Guenther <rguenth at gcc dot gnu.org> 2011-02-08 13:37:48 UTC ---
Something like
Index: gimple-fold.c
===================================================================
--- gimple-fold.c (revision 169917)
+++ gimple-fold.c (working copy)
@@ -212,6 +212,7 @@ maybe_fold_offset_to_array_ref (location
tree min_idx, idx, idx_type, elt_offset = integer_zero_node;
tree array_type, elt_type, elt_size;
tree domain_type;
+ tree no_warning = false;
/* If BASE is an ARRAY_REF, we can pick up another offset (this time
measured in units of the size of elements type) from that ARRAY_REF).
@@ -308,26 +309,34 @@ maybe_fold_offset_to_array_ref (location
char *(c[4]);
c[3][2];
should not be simplified into (*c)[14] or tree-vrp will
- give false warnings.
- This is only an issue for multi-dimensional arrays. */
- if (TREE_CODE (elt_type) == ARRAY_TYPE
- && domain_type)
+ give false warnings. For multi-dimensional arrays
+ avoid this transformation, for one-dimensional arrays
+ set TREE_NO_WARNING on out-of-bound references. */
+ if (domain_type)
{
+ bool oob = false;
if (TYPE_MAX_VALUE (domain_type)
&& TREE_CODE (TYPE_MAX_VALUE (domain_type)) == INTEGER_CST
&& tree_int_cst_lt (TYPE_MAX_VALUE (domain_type), idx))
- return NULL_TREE;
+ oob = true;
else if (TYPE_MIN_VALUE (domain_type)
&& TREE_CODE (TYPE_MIN_VALUE (domain_type)) == INTEGER_CST
&& tree_int_cst_lt (idx, TYPE_MIN_VALUE (domain_type)))
- return NULL_TREE;
+ oob = true;
else if (compare_tree_int (idx, 0) < 0)
+ oob = true;
+ if (oob)
+ {
+ if (TREE_CODE (elt_type) == ARRAY_TYPE)
return NULL_TREE;
+ no_warning = true;
+ }
}
{
tree t = build4 (ARRAY_REF, elt_type, base, idx, NULL_TREE, NULL_TREE);
SET_EXPR_LOCATION (t, loc);
+ TREE_NO_WARNING (t) = no_warning;
return t;
}
}
fixes this but will cause us to omit all warnings for C array accesses
that are out-of-bounds:
FAIL: gcc.dg/Warray-bounds.c (test for warnings, line 59)
FAIL: gcc.dg/Warray-bounds.c (test for warnings, line 60)
FAIL: gcc.dg/Warray-bounds.c (test for warnings, line 65)
FAIL: gcc.dg/Warray-bounds.c (test for warnings, line 66)
FAIL: gcc.dg/Warray-bounds.c (test for warnings, line 72)
FAIL: gcc.dg/Warray-bounds.c (test for warnings, line 73)
In general I'd say we should not warn from VRP after loop opts, and
for address-taking operations we should have a distinct warning,
eventually looking at object sizes, not only type bounds.
This bug is a regression only because we now vectorize the testcase to
xorps %xmm0, %xmm0
movq %rdi, %rax
movlps %xmm0, (%rdi)
movhps %xmm0, 8(%rdi)
movlps %xmm0, 16(%rdi)
movlps %xmm0, 24(%rdi)
compared to
xorl %edx, %edx
movq %rdi, %rax
movl %edx, (%rdi)
movl %edx, 4(%rdi)
movl %edx, 8(%rdi)
movl %edx, 12(%rdi)
movl %edx, 16(%rdi)
movl %edx, 20(%rdi)
movl %edx, 24(%rdi)
movl %edx, 28(%rdi)
which is a good thing.
Eventually we can mitigate the problem from inside the vectorizer by
not using
vect_p.7_13 = &MEM[(struct Y *)&<retval>].ar[0];
but instead
vect_p.7_13 = &<retval> + off
style initial addresses. Unfortunately that isn't very easy to do.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/45978] [4.6/4.7 Regression] bogus "array subscript is above array bounds" warning in extremely simple code with no loops
2010-10-12 7:37 [Bug middle-end/45978] New: bogus "array subscript is above array bounds" warning in extremely simple code with no loops miles at gnu dot org
` (2 preceding siblings ...)
2011-02-08 13:39 ` rguenth at gcc dot gnu.org
@ 2011-03-25 20:10 ` jakub at gcc dot gnu.org
2011-05-20 5:17 ` miles at gnu dot org
` (7 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: jakub at gcc dot gnu.org @ 2011-03-25 20:10 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45978
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|4.6.0 |4.6.1
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> 2011-03-25 19:52:47 UTC ---
GCC 4.6.0 is being released, adjusting target milestone.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/45978] [4.6/4.7 Regression] bogus "array subscript is above array bounds" warning in extremely simple code with no loops
2010-10-12 7:37 [Bug middle-end/45978] New: bogus "array subscript is above array bounds" warning in extremely simple code with no loops miles at gnu dot org
` (3 preceding siblings ...)
2011-03-25 20:10 ` [Bug tree-optimization/45978] [4.6/4.7 " jakub at gcc dot gnu.org
@ 2011-05-20 5:17 ` miles at gnu dot org
2011-05-20 8:46 ` [Bug tree-optimization/45978] [4.6 " rguenth at gcc dot gnu.org
` (6 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: miles at gnu dot org @ 2011-05-20 5:17 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45978
--- Comment #5 from miles at gnu dot org 2011-05-20 04:09:01 UTC ---
Hmm, I'm not getting this warning anymore ... is the bug fixed?
[version "g++ (Debian 20110519-1) 4.7.0 20110519 (experimental) [trunk revision
173903]"]
Thanks,
-Miles
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/45978] [4.6 Regression] bogus "array subscript is above array bounds" warning in extremely simple code with no loops
2010-10-12 7:37 [Bug middle-end/45978] New: bogus "array subscript is above array bounds" warning in extremely simple code with no loops miles at gnu dot org
` (4 preceding siblings ...)
2011-05-20 5:17 ` miles at gnu dot org
@ 2011-05-20 8:46 ` rguenth at gcc dot gnu.org
2011-06-27 15:56 ` jakub at gcc dot gnu.org
` (5 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2011-05-20 8:46 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45978
Richard Guenther <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Known to work| |4.7.0
Summary|[4.6/4.7 Regression] bogus |[4.6 Regression] bogus
|"array subscript is above |"array subscript is above
|array bounds" warning in |array bounds" warning in
|extremely simple code with |extremely simple code with
|no loops |no loops
--- Comment #6 from Richard Guenther <rguenth at gcc dot gnu.org> 2011-05-20 08:19:59 UTC ---
The bug was indeed worked around in VRP by making it use the CCP engine.
It now sees
MEM[(struct Y *)&<retval> + 16B] = vect_cst_.6_11;
instead of &MEM[(struct Y *)&<retval>].ar[4] as a base which makes it not warn.
The vectorizer still uses that address as base though.
So I suppose we can say it's fixed in 4.7 by adjusting the pass that
emits the warning.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/45978] [4.6 Regression] bogus "array subscript is above array bounds" warning in extremely simple code with no loops
2010-10-12 7:37 [Bug middle-end/45978] New: bogus "array subscript is above array bounds" warning in extremely simple code with no loops miles at gnu dot org
` (5 preceding siblings ...)
2011-05-20 8:46 ` [Bug tree-optimization/45978] [4.6 " rguenth at gcc dot gnu.org
@ 2011-06-27 15:56 ` jakub at gcc dot gnu.org
2011-08-19 22:58 ` torsten at debian dot org
` (4 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: jakub at gcc dot gnu.org @ 2011-06-27 15:56 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45978
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|4.6.1 |4.6.2
--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> 2011-06-27 12:33:02 UTC ---
GCC 4.6.1 is being released.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/45978] [4.6 Regression] bogus "array subscript is above array bounds" warning in extremely simple code with no loops
2010-10-12 7:37 [Bug middle-end/45978] New: bogus "array subscript is above array bounds" warning in extremely simple code with no loops miles at gnu dot org
` (6 preceding siblings ...)
2011-06-27 15:56 ` jakub at gcc dot gnu.org
@ 2011-08-19 22:58 ` torsten at debian dot org
2011-10-26 17:57 ` jakub at gcc dot gnu.org
` (3 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: torsten at debian dot org @ 2011-08-19 22:58 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45978
--- Comment #8 from torsten at debian dot org 2011-08-19 22:54:11 UTC ---
Created attachment 25059
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=25059
An obviously correct example that triggers the bug.
(In reply to comment #7)
> GCC 4.6.1 is being released.
I just searched for this problem due to a bug report that SWIG causes out of
bounds array accesses:
https://sourceforge.net/tracker/?func=detail&atid=101645&aid=3394790&group_id=1645
It turns out that the generated code is similar to the trivial example that I
attached. Perhaps this makes it easier to track down the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/45978] [4.6 Regression] bogus "array subscript is above array bounds" warning in extremely simple code with no loops
2010-10-12 7:37 [Bug middle-end/45978] New: bogus "array subscript is above array bounds" warning in extremely simple code with no loops miles at gnu dot org
` (7 preceding siblings ...)
2011-08-19 22:58 ` torsten at debian dot org
@ 2011-10-26 17:57 ` jakub at gcc dot gnu.org
2012-03-01 15:02 ` jakub at gcc dot gnu.org
` (2 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: jakub at gcc dot gnu.org @ 2011-10-26 17:57 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45978
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|4.6.2 |4.6.3
--- Comment #9 from Jakub Jelinek <jakub at gcc dot gnu.org> 2011-10-26 17:13:44 UTC ---
GCC 4.6.2 is being released.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/45978] [4.6 Regression] bogus "array subscript is above array bounds" warning in extremely simple code with no loops
2010-10-12 7:37 [Bug middle-end/45978] New: bogus "array subscript is above array bounds" warning in extremely simple code with no loops miles at gnu dot org
` (8 preceding siblings ...)
2011-10-26 17:57 ` jakub at gcc dot gnu.org
@ 2012-03-01 15:02 ` jakub at gcc dot gnu.org
2012-07-16 6:48 ` Petr.Salinger at seznam dot cz
2013-04-12 16:18 ` jakub at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: jakub at gcc dot gnu.org @ 2012-03-01 15:02 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45978
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|4.6.3 |4.6.4
--- Comment #10 from Jakub Jelinek <jakub at gcc dot gnu.org> 2012-03-01 14:38:47 UTC ---
GCC 4.6.3 is being released.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/45978] [4.6 Regression] bogus "array subscript is above array bounds" warning in extremely simple code with no loops
2010-10-12 7:37 [Bug middle-end/45978] New: bogus "array subscript is above array bounds" warning in extremely simple code with no loops miles at gnu dot org
` (9 preceding siblings ...)
2012-03-01 15:02 ` jakub at gcc dot gnu.org
@ 2012-07-16 6:48 ` Petr.Salinger at seznam dot cz
2013-04-12 16:18 ` jakub at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: Petr.Salinger at seznam dot cz @ 2012-07-16 6:48 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45978
--- Comment #11 from Petr.Salinger at seznam dot cz 2012-07-16 06:48:07 UTC ---
Created attachment 27800
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=27800
testcase
Another failing testcase - reduced from xserver-xorg-input-mouse
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/45978] [4.6 Regression] bogus "array subscript is above array bounds" warning in extremely simple code with no loops
2010-10-12 7:37 [Bug middle-end/45978] New: bogus "array subscript is above array bounds" warning in extremely simple code with no loops miles at gnu dot org
` (10 preceding siblings ...)
2012-07-16 6:48 ` Petr.Salinger at seznam dot cz
@ 2013-04-12 16:18 ` jakub at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: jakub at gcc dot gnu.org @ 2013-04-12 16:18 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45978
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
Target Milestone|4.6.4 |4.7.0
--- Comment #12 from Jakub Jelinek <jakub at gcc dot gnu.org> 2013-04-12 16:17:49 UTC ---
The 4.6 branch has been closed, fixed in GCC 4.7.0.
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2013-04-12 16:18 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-10-12 7:37 [Bug middle-end/45978] New: bogus "array subscript is above array bounds" warning in extremely simple code with no loops miles at gnu dot org
2010-10-12 9:44 ` [Bug tree-optimization/45978] [4.6 Regression] " rguenth at gcc dot gnu.org
2010-11-15 12:05 ` rguenth at gcc dot gnu.org
2011-02-08 13:39 ` rguenth at gcc dot gnu.org
2011-03-25 20:10 ` [Bug tree-optimization/45978] [4.6/4.7 " jakub at gcc dot gnu.org
2011-05-20 5:17 ` miles at gnu dot org
2011-05-20 8:46 ` [Bug tree-optimization/45978] [4.6 " rguenth at gcc dot gnu.org
2011-06-27 15:56 ` jakub at gcc dot gnu.org
2011-08-19 22:58 ` torsten at debian dot org
2011-10-26 17:57 ` jakub at gcc dot gnu.org
2012-03-01 15:02 ` jakub at gcc dot gnu.org
2012-07-16 6:48 ` Petr.Salinger at seznam dot cz
2013-04-12 16:18 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).