public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/95635] New: -Warray-bounds falsely claims out-of-bounds access
@ 2020-06-11 8:06 gccbugs at dima dot secretsauce.net
2020-06-11 8:21 ` [Bug c/95635] " marxin at gcc dot gnu.org
2020-06-11 14:37 ` [Bug tree-optimization/95635] -Warray-bounds while iterating over an escaped constant local array msebor at gcc dot gnu.org
0 siblings, 2 replies; 3+ messages in thread
From: gccbugs at dima dot secretsauce.net @ 2020-06-11 8:06 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95635
Bug ID: 95635
Summary: -Warray-bounds falsely claims out-of-bounds access
Product: gcc
Version: 10.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: gccbugs at dima dot secretsauce.net
Target Milestone: ---
Created attachment 48716
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=48716&action=edit
Bug demo
Hi. I'm running gcc-10 from Debian:
dima@shorty:~$ gcc-10 --version
gcc-10 (Debian 10.1.0-3) 10.1.0
I'm building the attached source like this:
gcc-10 -Warray-bounds -O2 -c -o /dev/null tst.c
And I get this:
tst.c: In function 'a':
tst.c:12:27: warning: array subscript <unknown> is outside array bounds of
'int[0]' [-Warray-bounds]
12 | if(L[i] > 0 && arr[L[i]] )
| ~~~^~~~~~
tst.c:8:9: note: while referencing 'arr'
8 | int arr[0];
| ^~~
tst.c:12:27: warning: array subscript <unknown> is outside array bounds of
'int[0]' [-Warray-bounds]
12 | if(L[i] > 0 && arr[L[i]] )
| ~~~^~~~~~
tst.c:8:9: note: while referencing 'arr'
8 | int arr[0];
The array arr[] has 0 elements, and gcc is telling me I'm accessing outside of
those bounds. But L[i]>0 is always false, so we'll never actually look at
arr[anything]. gcc knows this most of the time. If I remove the -O2 or the b()
call or lots of little unrelated-looking things, the issue goes away. Thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug c/95635] -Warray-bounds falsely claims out-of-bounds access
2020-06-11 8:06 [Bug c/95635] New: -Warray-bounds falsely claims out-of-bounds access gccbugs at dima dot secretsauce.net
@ 2020-06-11 8:21 ` marxin at gcc dot gnu.org
2020-06-11 14:37 ` [Bug tree-optimization/95635] -Warray-bounds while iterating over an escaped constant local array msebor at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-06-11 8:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95635
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |marxin at gcc dot gnu.org,
| |msebor at gcc dot gnu.org
Status|UNCONFIRMED |NEW
Known to work| |9.3.0
Last reconfirmed| |2020-06-11
Ever confirmed|0 |1
Known to fail| |10.1.0, 11.0
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
Confirmed, started with r10-4390-g8299dfae93644680.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug tree-optimization/95635] -Warray-bounds while iterating over an escaped constant local array
2020-06-11 8:06 [Bug c/95635] New: -Warray-bounds falsely claims out-of-bounds access gccbugs at dima dot secretsauce.net
2020-06-11 8:21 ` [Bug c/95635] " marxin at gcc dot gnu.org
@ 2020-06-11 14:37 ` msebor at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-06-11 14:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95635
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends on| |86318
Component|c |tree-optimization
Summary|-Warray-bounds falsely |-Warray-bounds while
|claims out-of-bounds access |iterating over an escaped
| |constant local array
Keywords| |diagnostic,
| |missed-optimization
Blocks| |56456
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
-Warray-bounds relies on the optimizer to eliminate dead code. In the test
case, GCC (unnecessarily) assumes that the escaped array may be modified by the
call to c(). This missing optimization (tracked in pr86318) keeps the second
test from being eliminated (see also the test case below). I note that Clang
optimizes the function to a no-op as expected.
That aside, arrays with zero elements are meant to be used as trailing members
of structures. Using them anywhere else is a bug waiting to happen. I would
recommend against using them in any other contexts as they may start getting
diagnosed even more aggressively (e.g., even declaring one that's not last in a
struct might trigger a warning in the future). I'll keep this open since a
similar warning can be triggered with a non-empty array due to the same
limitation.
A test case for the missing optimization:
$ cat pr95635.c && gcc -O3 -S -Wall -Wextra -fdump-tree-optimized=/dev/stdout
pr95635.c
void f (const int*);
void g (void)
{
const int i = -1;
f (&i);
if (i != -1) // folded to false
__builtin_abort (); // eliminated
}
void h (void)
{
const int a[] = { -1 };
f (a);
if (*a != -1) // not folded
__builtin_abort ();
}
;; Function g (g, funcdef_no=0, decl_uid=1933, cgraph_uid=1, symbol_order=0)
g ()
{
const int i;
<bb 2> [local count: 1073741824]:
i = -1;
f (&i);
i ={v} {CLOBBER};
return;
}
;; Function h (h, funcdef_no=1, decl_uid=1937, cgraph_uid=2, symbol_order=1)
h ()
{
const int a[1];
int _1;
<bb 2> [local count: 1073741824]:
a[0] = -1;
f (&a);
_1 = a[0];
if (_1 != -1)
goto <bb 3>; [0.00%]
else
goto <bb 4>; [100.00%]
<bb 3> [count: 0]:
__builtin_abort ();
<bb 4> [local count: 1073741824]:
a ={v} {CLOBBER};
return;
}
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456
[Bug 56456] [meta-bug] bogus/missing -Warray-bounds
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86318
[Bug 86318] const local aggregates can be assumed not to be modified even when
escaped
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-06-11 14:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-11 8:06 [Bug c/95635] New: -Warray-bounds falsely claims out-of-bounds access gccbugs at dima dot secretsauce.net
2020-06-11 8:21 ` [Bug c/95635] " marxin at gcc dot gnu.org
2020-06-11 14:37 ` [Bug tree-optimization/95635] -Warray-bounds while iterating over an escaped constant local array msebor at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).