[Bug c++/96188] -Wstringop-overflow false positive

["msebor at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96188

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |diagnostic,
                   |                            |missed-optimization
   Last reconfirmed|                            |2020-07-13
                 CC|                            |msebor at gcc dot gnu.org
             Blocks|                            |88443
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW

--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
In bug reports please include the information requested here:
https://gcc.gnu.org/bugs/#need (specifically the compiler outptut).  Links to
external sites are not a substitute since the need not reproduce the same
problem in the future.

This form of the warning first started paying attention to dynamically
allocated memory in GCC 10.  On master, the output is as follows:

pr96188.C: In function ‘void F()’:
pr96188.C:9:18: warning: unused variable ‘fx’ [-Wunused-variable]
    9 |   for (const int fx : {0}) {
      |                  ^~
cc1plus: warning: writing 16 bytes into a region of size 0
[-Wstringop-overflow=]
In file included from
/build/gcc-master/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/c++allocator.h:33,
                 from
/build/gcc-master/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/allocator.h:46,
                 from
/build/gcc-master/x86_64-pc-linux-gnu/libstdc++-v3/include/string:41,
                 from pr96188.C:2:
/build/gcc-master/x86_64-pc-linux-gnu/libstdc++-v3/include/ext/new_allocator.h:115:41:
note: at offset 112 to an object with size 0 allocated by ‘operator new’ here
  115 |  return static_cast<_Tp*>(::operator new(__n * sizeof(_Tp)));
      |                           ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~

The -Wstringop-overflow warning is based on the MEM store in the abbreviated IL
below (seen in the output of the -fdump-tree-strlen option):

  <bb 6> [local count: 268435456]:
  _87 = operator new (96);      ;; P

  <bb 15>
  __cur_167 = _87 + 32;         ;; P + 32

  <bb 23>
  __cur_172 = __cur_167 + 32;   ;; P + 64

  <bb 33>
  __cur_97 = __cur_172 + 32;    ;; P + 96

  <bb 52>
  MEM <__int128 unsigned> [(char * {ref-all})__cur_97 + 16B] = _119;   ;; P +
96 + 16 == P + 112

The size of the allocation is 96 (it's missing from the warning due to a known
limitation) but the offset is 112.  The warning is doing what it's designed to
do, but it's possible that bb 52 isn't reachable and GCC can't tell.  There's
one jump to bb 52, from bb 51 based on this condition:

  _84 = _87 + 96;
  if (_84 != __cur_97)
    goto <bb 52>; [82.57%]

so that would seem to confirm the theory.  GCC only does limited pointer value
analysis and has no support for pointer value ranges, which is why I suspect it
can't figure out that the inequality in bb 51 implies that bb 52 isn't
reachable.  There are a number of reports of this warning for code that
manipulates arrays and pointers this way.


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88443
[Bug 88443] [meta-bug] bogus/missing -Wstringop-overflow warnings