From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-497436-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 73620 invoked by alias); 17 Sep 2015 18:18:36 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Received: (qmail 73555 invoked by uid 48); 17 Sep 2015 18:18:32 -0000
From: "pangbw at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/59124] [4.9/5/6 Regression] Wrong warnings "array subscript is above array bounds"
Date: Thu, 17 Sep 2015 18:18:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 4.8.3
X-Bugzilla-Keywords: diagnostic
X-Bugzilla-Severity: normal
X-Bugzilla-Who: pangbw at gmail dot com
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution:
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 4.9.4
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-59124-4-QgTHzUZo0v@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-59124-4@http.gcc.gnu.org/bugzilla/>
References: <bug-59124-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-09/txt/msg01414.txt.bz2

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D59124

--- Comment #23 from baoshan <pangbw at gmail dot com> ---
(In reply to Manuel L=C3=B3pez-Ib=C3=A1=C3=B1ez from comment #22)
> (In reply to baoshan from comment #21)
> > Don't you think the range value is strange? how it is possible the range
> > value is so big according the code?
>=20
> j =3D i - 1 is actually j =3D i + 4294967295 because of unsigned.
>=20
> Thus the problematic ranges:
>=20
>    [test.c:9:13] # RANGE [4294967291, 4294967295]
>    _51 =3D i_2 + 4294967290;
>=20
>  are actually:
>=20
>    [test.c:9:13] # RANGE [-5, -1]
>    _51 =3D i_2 - 6;
>=20
> but this code should have not been generated. Those ranges do seem
> suspicious. Finding out how that block ends up with those ranges would be
> helpful. You probably need to debug vrp or (using -fopt-info) the point
> where gcc gives:
>=20
> test.c:7:3: note: loop turned into non-loop; it never loops.
> test.c:7:3: note: loop with 5 iterations completely unrolled

I have seen two places that would convert "A-1" to "A+(-1)", and due the ty=
pe
is unsigned int, it would be converted to "A+4294967295". This looks not ri=
ght
to me.

The two places are:
1. fold-const.c:10626
      /* A - B -> A + (-B) if B is easily negatable.  */
      if (negate_expr_p (arg1)
          && !TYPE_OVERFLOW_SANITIZED (type)
          && ((FLOAT_TYPE_P (type)
               /* Avoid this transformation if B is a positive REAL_CST.  */
               && (TREE_CODE (arg1) !=3D REAL_CST
                   ||  REAL_VALUE_NEGATIVE (TREE_REAL_CST (arg1))))
              || INTEGRAL_TYPE_P (type)))
=3D>      return fold_build2_loc (loc, PLUS_EXPR, type,
                            fold_convert_loc (loc, type, arg0),
                            fold_convert_loc (loc, type,
                                              negate_expr (arg1)));

2. c-common.c:4574
  if (resultcode =3D=3D MINUS_EXPR)
    intop =3D fold_build1_loc (loc, NEGATE_EXPR, sizetype, intop);
>>From gcc-bugs-return-497437-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Thu Sep 17 18:42:56 2015
Return-Path: <gcc-bugs-return-497437-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 28140 invoked by alias); 17 Sep 2015 18:42:56 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 27910 invoked by uid 48); 17 Sep 2015 18:42:52 -0000
From: "pinskia at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/59124] [4.9/5/6 Regression] Wrong warnings "array subscript is above array bounds"
Date: Thu, 17 Sep 2015 18:42:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 4.8.3
X-Bugzilla-Keywords: diagnostic
X-Bugzilla-Severity: normal
X-Bugzilla-Who: pinskia at gcc dot gnu.org
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution:
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 4.9.4
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-59124-4-HQCCX0LESh@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-59124-4@http.gcc.gnu.org/bugzilla/>
References: <bug-59124-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-09/txt/msg01415.txt.bz2
Content-length: 433

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=59124

--- Comment #24 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to baoshan from comment #23)
> I have seen two places that would convert "A-1" to "A+(-1)", and due the
> type is unsigned int, it would be converted to "A+4294967295". This looks
> not right to me.

Why wrapping is well defined for unsigned types so adding 4294967295 is the
same as subtracting by 1.