From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id AF436385DC0D; Mon, 13 Apr 2020 17:46:28 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AF436385DC0D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1586799988; bh=9YVERifKNWWjWnUhSfxMr/Z7GgxsMavmhgywSIJEZCk=; h=From:To:Subject:Date:From; b=pjI6aW1/YQPf9BUgf0KfRbjuTuZ/ctF5+DMkIYyCADDfiZRLF9P5MHIHHM33VOp9w GCl0eXCsMur+m7bee/ZD4QH+kqOr1OEpzmNRr3dEaDXY9xEuTrM8U5qnWPu3L8ZM6i t2AEQPzF1HnrfQDVocZos/r8JbCYdJlV14seXUU4= From: "msebor at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/94580] New: missing warning accessing an interior flexible array member Date: Mon, 13 Apr 2020 17:46:28 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: middle-end X-Bugzilla-Version: 10.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: msebor at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Apr 2020 17:46:28 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D94580 Bug ID: 94580 Summary: missing warning accessing an interior flexible array member Product: gcc Version: 10.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: middle-end Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- In the following (invalid) test case -Warray-bounds only diagnoses one of t= he four out-of-bounds references, although it eliminates the seemingly redunda= nt stores on the (clearly incorrect in this case) assumption that they don't a= lias with the reads. It's fine to eliminate the stores (or take whatever other reasonable action) as long as the out-of-bounds accesses are diagnosed. GCC warns about declarations of interior flexible array members, but only w= ith -Wpedantic, so this kind of bugs can easily go undetected. $ cat t.c && gcc -O2 -S -Wall -Wextra -fdump-tree-vrp=3D/dev/stdout t.c struct A { int n, a[]; }; struct B { struct A a; int x; }; struct B b; int f0 (void) { b.a.a[1] =3D 1; // missing -Warray-bounds (store eliminated) int t =3D b.x; b.a.a[1] =3D 0; // -Warray-bounds (good) return b.x - t; } int f1 (struct B *p) { p->a.a[1] =3D 1; // missing -Warray-bounds (store eliminated) int t =3D p->x; p->a.a[1] =3D 0; // missing -Warray-bounds return p->x - t; } ;; Function f0 (f0, funcdef_no=3D0, decl_uid=3D1937, cgraph_uid=3D1, symbol= _order=3D1) ;; 1 loops found ;; ;; Loop 0 ;; header 0, latch 1 ;; depth 0, outer -1 ;; nodes: 0 1 2 ;; 2 succs { 1 } Value ranges after VRP: t.c: In function =E2=80=98f0=E2=80=99: t.c:10:8: warning: array subscript 1 is above array bounds of =E2=80=98int[= 0]=E2=80=99 [-Warray-bounds] 10 | b.a.a[1] =3D 0; // -Warray-bounds (good) | ~~~~~^~~ t.c:1:19: note: while referencing =E2=80=98a=E2=80=99 1 | struct A { int n, a[]; }; | ^ f0 () { [local count: 1073741824]: b.a.a[1] =3D 0; return 0; } ;; Function f0 (f0, funcdef_no=3D0, decl_uid=3D1937, cgraph_uid=3D1, symbol= _order=3D1) ;; 1 loops found ;; ;; Loop 0 ;; header 0, latch 1 ;; depth 0, outer -1 ;; nodes: 0 1 2 ;; 2 succs { 1 } Value ranges after VRP: f0 () { [local count: 1073741824]: b.a.a[1] =3D 0; return 0; } ;; Function f1 (f1, funcdef_no=3D1, decl_uid=3D1941, cgraph_uid=3D2, symbol= _order=3D2) ;; 1 loops found ;; ;; Loop 0 ;; header 0, latch 1 ;; depth 0, outer -1 ;; nodes: 0 1 2 ;; 2 succs { 1 } Value ranges after VRP: f1 (struct B * p) { [local count: 1073741824]: p_2(D)->a.a[1] =3D 0; return 0; } ;; Function f1 (f1, funcdef_no=3D1, decl_uid=3D1941, cgraph_uid=3D2, symbol= _order=3D2) ;; 1 loops found ;; ;; Loop 0 ;; header 0, latch 1 ;; depth 0, outer -1 ;; nodes: 0 1 2 ;; 2 succs { 1 } Value ranges after VRP: f1 (struct B * p) { [local count: 1073741824]: p_2(D)->a.a[1] =3D 0; return 0; }=