public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug middle-end/96900] New: bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end
@ 2020-09-02 16:50 msebor at gcc dot gnu.org
2020-09-02 16:51 ` [Bug middle-end/96900] [9/10/11 Regression] " msebor at gcc dot gnu.org
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-09-02 16:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96900
Bug ID: 96900
Summary: bogus -Warray-bounds on strlen with valid pointer
obtained from just-past-the-end
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
When a valid pointer into an array that has been derived from a past-the-end
pointer to a member array of an initialized constant struct is used in a call
to a string built-in like strlen GCC issues a bogus -Warray-bounds warning
indicating that the offset into the array is out of its bounds.
$ cat q.c && gcc -S -Wall q.c
struct S { char n, a[3]; };
const char a[3] = { 2, 1, 0 };
const struct S s = { 3, { 2, 1, 0 } };
int f (void)
{
const char *p = &a[sizeof a];
return __builtin_strlen (p - sizeof a); // no warning (good)
}
int g (void)
{
const char *p = &s.a[sizeof s.a];
return __builtin_strlen (p - sizeof s.a); // bogus -Warray-bounds
}
q.c: In function ‘g’:
q.c:15:10: warning: offset ‘1’ outside bounds of constant string
[-Warray-bounds]
15 | return __builtin_strlen (p - sizeof s.a); // bogus -Warray-bounds
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
q.c:4:16: note: ‘s’ declared here
4 | const struct S s = { 3, { 2, 1, 0 } };
| ^
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/96900] [9/10/11 Regression] bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end
2020-09-02 16:50 [Bug middle-end/96900] New: bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end msebor at gcc dot gnu.org
@ 2020-09-02 16:51 ` msebor at gcc dot gnu.org
2020-09-02 18:57 ` msebor at gcc dot gnu.org
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-09-02 16:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96900
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |diagnostic
Known to fail| |10.2.0, 11.0, 9.3.0
Summary|bogus -Warray-bounds on |[9/10/11 Regression] bogus
|strlen with valid pointer |-Warray-bounds on strlen
|obtained from |with valid pointer obtained
|just-past-the-end |from just-past-the-end
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
The false positive was introduced in r274837:
commit 14b7950f126f84fa585e3a057940ff10d4c5b3f8
Author: Martin Sebor <msebor@redhat.com>
Date: Thu Aug 22 23:09:26 2019 +0000
PR middle-end/91490 - bogus argument missing terminating nul warning on
strlen of a flexible array member
gcc/c-family/ChangeLog:
PR middle-end/91490
* c-common.c (braced_list_to_string): Add argument and overload.
Handle flexible length arrays and unions.
gcc/ChangeLog:
PR middle-end/91490
* builtins.c (c_strlen): Rename argument and introduce new local.
Set no-warning bit on original argument.
* expr.c (string_constant): Pass argument type to
fold_ctor_reference.
Fold empty and zero constructors into empty strings.
* gimple-fold.c (fold_nonarray_ctor_reference): Return a STRING_CST
for missing initializers.
* tree.c (build_string_literal): Handle optional argument.
* tree.h (build_string_literal): Add defaulted argument.
* gimple-ssa-warn-restrict.c (maybe_diag_access_bounds): Check
no-warning bit on original expression.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/96900] [9/10/11 Regression] bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end
2020-09-02 16:50 [Bug middle-end/96900] New: bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end msebor at gcc dot gnu.org
2020-09-02 16:51 ` [Bug middle-end/96900] [9/10/11 Regression] " msebor at gcc dot gnu.org
@ 2020-09-02 18:57 ` msebor at gcc dot gnu.org
2020-09-03 6:15 ` rguenth at gcc dot gnu.org
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-09-02 18:57 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96900
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
The underlying cause is fold_nonarray_ctor_reference() returning a scalar zero
for apparently out-of-bounds references when determining the initializer for
s.a from &s.a[sizeof s.a]. Its caller, constant_byte_string(), then interprets
that as an array of single element initialized to zero, but it incorrectly
returns the offset from the beginning of s (i.e., 4 rather than 3 minus 3 for
sizeof s.a). Its caller, c_strlen(), then uses the size of the one-element
initializer (for "") and the offset (positive 1) as the basis for issuing the
warning.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/96900] [9/10/11 Regression] bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end
2020-09-02 16:50 [Bug middle-end/96900] New: bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end msebor at gcc dot gnu.org
2020-09-02 16:51 ` [Bug middle-end/96900] [9/10/11 Regression] " msebor at gcc dot gnu.org
2020-09-02 18:57 ` msebor at gcc dot gnu.org
@ 2020-09-03 6:15 ` rguenth at gcc dot gnu.org
2020-09-03 23:37 ` msebor at gcc dot gnu.org
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2020-09-03 6:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96900
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |9.4
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/96900] [9/10/11 Regression] bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end
2020-09-02 16:50 [Bug middle-end/96900] New: bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end msebor at gcc dot gnu.org
` (2 preceding siblings ...)
2020-09-03 6:15 ` rguenth at gcc dot gnu.org
@ 2020-09-03 23:37 ` msebor at gcc dot gnu.org
2021-01-14 9:19 ` rguenth at gcc dot gnu.org
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-09-03 23:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96900
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |missed-optimization
--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
This is also a missed optimization opportunity. Another test case that shows
both the bogus warning and the suboptimal codegen is the following. Because
there is no explicit initializer for a.b, fold_nonarray_ctor_reference()
returns a scalar zero, which again triggers the warning and prevents the strlen
call from being folded. The optimization never worked in this case so that
part is not a regression.
$ cat z.c && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout z.c
struct A { char n, a[4], b[4]; };
const struct A a = { };
int f (void)
{
const char *p = &a.b[2];
return __builtin_strlen (p - 2);
}
z.c: In function ‘f’:
z.c:7:10: warning: offset ‘5’ outside bounds of constant string
[-Warray-bounds]
7 | return __builtin_strlen (p - 2);
| ^~~~~~~~~~~~~~~~~~~~~~~~
z.c:2:16: note: ‘a’ declared here
2 | const struct A a = { };
| ^
;; Function f (f, funcdef_no=0, decl_uid=1935, cgraph_uid=1, symbol_order=1)
f ()
{
long unsigned int _1;
int _3;
<bb 2> [local count: 1073741824]:
_1 = __builtin_strlen (&MEM <const char> [(void *)&a + 5B]);
_3 = (int) _1;
return _3;
}
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/96900] [9/10/11 Regression] bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end
2020-09-02 16:50 [Bug middle-end/96900] New: bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end msebor at gcc dot gnu.org
` (3 preceding siblings ...)
2020-09-03 23:37 ` msebor at gcc dot gnu.org
@ 2021-01-14 9:19 ` rguenth at gcc dot gnu.org
2021-02-14 0:26 ` msebor at gcc dot gnu.org
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2021-01-14 9:19 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96900
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P2
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/96900] [9/10/11 Regression] bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end
2020-09-02 16:50 [Bug middle-end/96900] New: bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end msebor at gcc dot gnu.org
` (4 preceding siblings ...)
2021-01-14 9:19 ` rguenth at gcc dot gnu.org
@ 2021-02-14 0:26 ` msebor at gcc dot gnu.org
2021-06-01 8:18 ` [Bug middle-end/96900] [9/10/11/12 " rguenth at gcc dot gnu.org
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-02-14 0:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96900
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2021-02-14
Blocks| |56456
Ever confirmed|0 |1
See Also| |https://gcc.gnu.org/bugzill
| |a/show_bug.cgi?id=84050
Status|UNCONFIRMED |NEW
--- Comment #4 from Martin Sebor <msebor at gcc dot gnu.org> ---
Confirmed. See also pr84050 for another bug caused by
fold_nonarray_ctor_reference() returning a scalar zero for out-of-bounds
references (that one is a false negative).
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456
[Bug 56456] [meta-bug] bogus/missing -Warray-bounds
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/96900] [9/10/11/12 Regression] bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end
2020-09-02 16:50 [Bug middle-end/96900] New: bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end msebor at gcc dot gnu.org
` (5 preceding siblings ...)
2021-02-14 0:26 ` msebor at gcc dot gnu.org
@ 2021-06-01 8:18 ` rguenth at gcc dot gnu.org
2022-05-27 9:43 ` [Bug middle-end/96900] [10/11/12/13 " rguenth at gcc dot gnu.org
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2021-06-01 8:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96900
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|9.4 |9.5
--- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 9.4 is being released, retargeting bugs to GCC 9.5.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/96900] [10/11/12/13 Regression] bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end
2020-09-02 16:50 [Bug middle-end/96900] New: bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end msebor at gcc dot gnu.org
` (6 preceding siblings ...)
2021-06-01 8:18 ` [Bug middle-end/96900] [9/10/11/12 " rguenth at gcc dot gnu.org
@ 2022-05-27 9:43 ` rguenth at gcc dot gnu.org
2022-06-28 10:41 ` jakub at gcc dot gnu.org
2023-07-07 10:38 ` [Bug middle-end/96900] [11/12/13/14 " rguenth at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-05-27 9:43 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96900
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|9.5 |10.4
--- Comment #6 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 9 branch is being closed
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/96900] [10/11/12/13 Regression] bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end
2020-09-02 16:50 [Bug middle-end/96900] New: bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end msebor at gcc dot gnu.org
` (7 preceding siblings ...)
2022-05-27 9:43 ` [Bug middle-end/96900] [10/11/12/13 " rguenth at gcc dot gnu.org
@ 2022-06-28 10:41 ` jakub at gcc dot gnu.org
2023-07-07 10:38 ` [Bug middle-end/96900] [11/12/13/14 " rguenth at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: jakub at gcc dot gnu.org @ 2022-06-28 10:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96900
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|10.4 |10.5
--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
GCC 10.4 is being released, retargeting bugs to GCC 10.5.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/96900] [11/12/13/14 Regression] bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end
2020-09-02 16:50 [Bug middle-end/96900] New: bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end msebor at gcc dot gnu.org
` (8 preceding siblings ...)
2022-06-28 10:41 ` jakub at gcc dot gnu.org
@ 2023-07-07 10:38 ` rguenth at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-07-07 10:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96900
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|10.5 |11.5
--- Comment #8 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 10 branch is being closed.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2023-07-07 10:38 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-02 16:50 [Bug middle-end/96900] New: bogus -Warray-bounds on strlen with valid pointer obtained from just-past-the-end msebor at gcc dot gnu.org
2020-09-02 16:51 ` [Bug middle-end/96900] [9/10/11 Regression] " msebor at gcc dot gnu.org
2020-09-02 18:57 ` msebor at gcc dot gnu.org
2020-09-03 6:15 ` rguenth at gcc dot gnu.org
2020-09-03 23:37 ` msebor at gcc dot gnu.org
2021-01-14 9:19 ` rguenth at gcc dot gnu.org
2021-02-14 0:26 ` msebor at gcc dot gnu.org
2021-06-01 8:18 ` [Bug middle-end/96900] [9/10/11/12 " rguenth at gcc dot gnu.org
2022-05-27 9:43 ` [Bug middle-end/96900] [10/11/12/13 " rguenth at gcc dot gnu.org
2022-06-28 10:41 ` jakub at gcc dot gnu.org
2023-07-07 10:38 ` [Bug middle-end/96900] [11/12/13/14 " rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).