From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-368739-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 13209 invoked by alias); 26 Sep 2011 09:12:49 -0000
Received: (qmail 11613 invoked by uid 22791); 26 Sep 2011 09:10:41 -0000
X-SWARE-Spam-Status: No, hits=-2.8 required=5.0	tests=ALL_TRUSTED,AWL,BAYES_00,TW_CP
X-Spam-Check-By: sourceware.org
Received: from localhost (HELO gcc.gnu.org) (127.0.0.1)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 26 Sep 2011 09:10:23 +0000
From: "jakub at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug middle-end/50460] [4.7 Regression] __builtin___strcpy_chk/__builtin_object_size don't work
Date: Mon, 26 Sep 2011 09:14:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: middle-end
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: jakub at gcc dot gnu.org
X-Bugzilla-Status: ASSIGNED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: rguenth at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 4.7.0
X-Bugzilla-Changed-Fields:
Message-ID: <bug-50460-4-g0Q8uGTAwC@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-50460-4@http.gcc.gnu.org/bugzilla/>
References: <bug-50460-4@http.gcc.gnu.org/bugzilla/>
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
X-SW-Source: 2011-09/txt/msg01916.txt.bz2

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50460

--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> 2011-09-26 09:08:36 UTC ---
#define strcpy(x,y) __builtin___strcpy_chk (x, y, __builtin_object_size (x, 1))

int
f1 (void)
{
  struct A { char buf1[9]; char buf2[4]; } a;
  strcpy (a.buf1 + 9, "a");
  return 0;
}

int
f2 (void)
{
  struct A { char buf1[9]; char buf2[4]; } a;
  strcpy (a.buf2 + 0, "a");
  return 0;
}

int
f3 (void)
{
  struct A { char buf1[9]; char buf2[4]; } a;
  strcpy (a.buf1 + 10, "a");
  return 0;
}

int
f4 (void)
{
  struct A { char buf1[9]; char buf2[4]; } a;
  strcpy (a.buf2 - 1, "a");
  return 0;
}

int
f5 (void)
{
  struct A { char buf1[9]; char buf2[4]; } a;
  strcpy ((char *) &a + 10, "a");
  return 0;
}

int
f6 (void)
{
  struct A { char buf1[9]; char buf2[4]; } a;
  strcpy ((char *) a.buf2 - 1, "a");
  return 0;
}

used to warn in f{1,3,4,6} (and fail at runtime) and not in f{2,5} in
4.{1,2,3,4,6} (haven't checked 4.5), doesn't warn nor fail on the trunk.
So yes, 4.0+ clearly did some reconstruction, but only in limited cases (e.g.
when the &a is offsetted).  Some field + offset remained COMPONENT_REF +
offset.