From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id CCF1F385802C; Thu, 3 Dec 2020 01:08:00 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CCF1F385802C From: "msebor at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/98109] Seemingly wrong warnings from -Wnonnull when combined with -O2 -fsanitize=undefined Date: Thu, 03 Dec 2020 01:08:00 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: middle-end X-Bugzilla-Version: 11.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: msebor at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cf_reconfirmed_on everconfirmed keywords cc blocked bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2020 01:08:00 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D98109 Martin Sebor changed: What |Removed |Added ---------------------------------------------------------------------------- Last reconfirmed| |2020-12-03 Ever confirmed|0 |1 Keywords| |diagnostic CC| |msebor at gcc dot gnu.org Blocks| |95507 Status|UNCONFIRMED |NEW --- Comment #1 from Martin Sebor --- The warings are caused by the null tests inserted by the sanitizer that jump threading turns into calls with constant nulls. See below. Adding attribu= te nonnull also to swap_1000 avoids both the warnings and the sanitization. This is a known problem with the sanitizer and the late warnings and there probably is a report like this one in Bugzilla somewhere. I suppose the warning code could look for calls __builtin___ubsan_handle_nonnull_arg (and similar) preceding the statement it's about to diagnose and avoid triggerin= g if it's found. Until something like this is implemented the guidance is to li= ve with these warnings when using the sanitizer or suppress them by -Wno-xxx. $ gcc -O2 -S -Wall -fsanitize=3Dundefined -fdump-tree-ubsan=3D/dev/stdout -fdump-tree-dom2=3D/dev/stdout pr98109.c ;; Function swap_1000 (swap_1000, funcdef_no=3D0, decl_uid=3D2388, cgraph_u= id=3D1, symbol_order=3D0) Introduced new external node (__builtin___ubsan_handle_nonnull_arg/3). Symbols to be put in SSA form { D.2392 } Incremental SSA update started at block: 0 Number of blocks in CFG: 15 Number of blocks to update: 14 ( 93%) void swap_1000 (char * elem1, char * elem2, size_t element_size) { char buffer[1000]; : if (&buffer =3D=3D 0B) goto ; [0.05%] else goto ; [99.95%] : __builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data0); : if (elem1_2(D) =3D=3D 0B) goto ; [0.05%] else goto ; [99.95%] : __builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data1); : my_memcpy (&buffer, elem1_2(D), 1000); if (elem1_2(D) =3D=3D 0B) goto ; [0.05%] else goto ; [99.95%] : __builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data2); : if (elem2_4(D) =3D=3D 0B) goto ; [0.05%] else goto ; [99.95%] : __builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data3); : my_memcpy (elem1_2(D), elem2_4(D), 1000); if (elem2_4(D) =3D=3D 0B) goto ; [0.05%] else goto ; [99.95%] : __builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data4); : if (&buffer =3D=3D 0B) goto ; [0.05%] else goto ; [99.95%] : __builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data5); : my_memcpy (elem2_4(D), &buffer, 1000); buffer =3D{v} {CLOBBER}; return; } ;; Function swap_1000 (swap_1000, funcdef_no=3D0, decl_uid=3D2388, cgraph_u= id=3D1, symbol_order=3D0) ;; 1 loops found ;; ;; Loop 0 ;; header 0, latch 1 ;; depth 0, outer -1 ;; nodes: 0 1 2 3 4 5 6 7 8 ;; 2 succs { 8 3 } ;; 3 succs { 4 } ;; 4 succs { 7 5 } ;; 5 succs { 6 } ;; 6 succs { 1 } ;; 7 succs { 6 } ;; 8 succs { 4 } void swap_1000 (char * elem1, char * elem2, size_t element_size) { char buffer[1000]; [local count: 1073741824]: if (elem1_2(D) =3D=3D 0B) goto ; [0.00%] else goto ; [100.00%] [count: 0]: __builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data1); my_memcpy (&buffer, 0B, 1000); __builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data2); [local count: 1073741824]: if (elem2_4(D) =3D=3D 0B) goto ; [0.00%] else goto ; [100.00%] [count: 0]: __builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data3); my_memcpy (elem1_2(D), 0B, 1000); __builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data4); [local count: 1073741824]: my_memcpy (elem2_4(D), &buffer, 1000); buffer =3D{v} {CLOBBER}; return; [local count: 1073741824]: my_memcpy (elem1_2(D), elem2_4(D), 1000); goto ; [100.00%] [local count: 1073741824]: my_memcpy (&buffer, elem1_2(D), 1000); goto ; [100.00%] } pr98109.c: In function =E2=80=98swap_1000=E2=80=99: pr98109.c:11:5: warning: argument 2 is null but the corresponding size argu= ment 3 value is 1000 [-Wnonnull] 11 | my_memcpy(buffer, elem1, 1000); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pr98109.c:3:7: note: in a call to function =E2=80=98my_memcpy=E2=80=99 decl= ared with attribute =E2=80=98access (read_only, 2, 3)=E2=80=99 3 | void *my_memcpy(void *destination, const void *source, size_t size) | ^~~~~~~~~ pr98109.c:12:5: warning: argument 2 is null but the corresponding size argu= ment 3 value is 1000 [-Wnonnull] 12 | my_memcpy(elem1, elem2, 1000); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pr98109.c:3:7: note: in a call to function =E2=80=98my_memcpy=E2=80=99 decl= ared with attribute =E2=80=98access (read_only, 2, 3)=E2=80=99 3 | void *my_memcpy(void *destination, const void *source, size_t size) | ^~~~~~~~~ Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D95507 [Bug 95507] [meta-bug] bogus/missing -Wnonnull=