From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 0957C3858407; Fri, 21 Jan 2022 12:50:02 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0957C3858407 From: "rguenth at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/99673] [11 Regression] bogus -Wstringop-overread warning with address sanitizer due to member address substitution Date: Fri, 21 Jan 2022 12:50:02 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 11.0 X-Bugzilla-Keywords: diagnostic, needs-bisection X-Bugzilla-Severity: normal X-Bugzilla-Who: rguenth at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 11.3 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: short_desc keywords cf_known_to_work cf_known_to_fail priority Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2022 12:50:03 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D99673 Richard Biener changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|[11/12 Regression] bogus |[11 Regression] bogus |-Wstringop-overread warning |-Wstringop-overread warning |with address sanitizer due |with address sanitizer due |to member address |to member address |substitution |substitution Keywords| |needs-bisection Known to work| |12.0 Known to fail| |11.2.1 Priority|P3 |P2 --- Comment #8 from Richard Biener --- On trunk the testcase no longer reproduces the issue, it's still present on= the GCC 11 branch though. I wonder what fixed it. Note before .asan we have [local count: 1073741824]: _1 =3D MEM[(struct B *)pc_2(D) + 1B].i; pd_4(D)->i =3D _1; _9 =3D (sizetype) i_6(D); _10 =3D _9 * 16; _11 =3D _10 + 4; _12 =3D &MEM[(struct B *)pc_2(D) + 1B]; psa_7 =3D _12 + _11; f (psa_7); and after [local count: 1073741824]: _13 =3D &MEM[(struct B *)pc_2(D) + 1B].i; .ASAN_CHECK (6, _13, 4, 4); _1 =3D MEM[(struct B *)pc_2(D) + 1B].i; _14 =3D &pd_4(D)->i; .ASAN_CHECK (7, _14, 4, 4); pd_4(D)->i =3D _1; _9 =3D (sizetype) i_6(D); _10 =3D _9 * 16; _11 =3D _10 + 4; _12 =3D &MEM[(struct B *)pc_2(D) + 1B]; psa_7 =3D _12 + _11; f (psa_7); so I see nothing wrong. Later FRE determines that _13 and _12 are equal (again correct but this confuses the diagnostics). On trunk we seem to have lowered _12 to a pointer-plus and VN fails to CSE the addresses. That's an optimization regression.=