From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-help-return-62375-listarch-gcc-help=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 91330 invoked by alias); 1 Aug 2018 21:07:12 -0000
Mailing-List: contact gcc-help-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-help.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-help/>
List-Post: <mailto:gcc-help@gcc.gnu.org>
List-Help: <mailto:gcc-help-help@gcc.gnu.org>
Sender: gcc-help-owner@gcc.gnu.org
Received: (qmail 91294 invoked by uid 89); 1 Aug 2018 21:07:11 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=
X-HELO: mail-qk0-f194.google.com
Received: from mail-qk0-f194.google.com (HELO mail-qk0-f194.google.com) (209.85.220.194) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 01 Aug 2018 21:07:09 +0000
Received: by mail-qk0-f194.google.com with SMTP id u21-v6so24471qku.2        for <gcc-help@gcc.gnu.org>; Wed, 01 Aug 2018 14:07:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=gmail.com; s=20161025;        h=subject:to:references:from:message-id:date:user-agent:mime-version         :in-reply-to:content-transfer-encoding;        bh=IXPUGTVyJadaPoQk/gpGUzLNDfMwtKwcvJA5FXgHd+c=;        b=L53ru9aaa0Ghf7QPB0XMJox9x5g5bqBqqwM4ofFmlxWUuRE75JpsFCCxNhT8f4VNeT         gqs9Rt9PTd/wf5KpYx9IPRWlplUc6sDq9dWenPRr9dw1XWTcyCfYiHjDiERlUJkcuiKm         AX+s8NV889GoixfVqjq0DcnogI9hkuPeSQ4ruwXD4eU9K9/iImX4LEZ9KLZJjt62QXe3         InSJbmwK7i7zIlB0RFberrdoGSZgz21paN0BunbvXg2HRRqF8kG0uA4YYDJuCLLck2tn         OcFgJiOmgGQ8YfilZdyBKWefxeN13p567uaLHfpWo9/sG7f0B5h5WlkzktXOhJLr04oc         lorA==
Return-Path: <msebor@gmail.com>
Received: from localhost.localdomain (97-118-124-30.hlrn.qwest.net. [97.118.124.30])        by smtp.gmail.com with ESMTPSA id 49-v6sm13757qtu.0.2018.08.01.14.07.06        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);        Wed, 01 Aug 2018 14:07:06 -0700 (PDT)
Subject: Re: Gcc 8.1, -O2 optimisation build failure
To: Wei Liu <wei.liu2@citrix.com>, gcc-help@gcc.gnu.org
References: <20180730080831.vf25eawbpygnfas2@citrix.com>
From: Martin Sebor <msebor@gmail.com>
Message-ID: <0b94be38-a339-d7ce-1b3c-4755e3261744@gmail.com>
Date: Wed, 01 Aug 2018 21:07:00 -0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <20180730080831.vf25eawbpygnfas2@citrix.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
X-SW-Source: 2018-08/txt/msg00006.txt.bz2

On 07/30/2018 02:08 AM, Wei Liu wrote:
> Hello,
>
> We have a program which fails to build with gcc 8.1 -m32 -O2 (version
> Debian 8.1.0-12). We couldn't figure out how the optimiser came up with
> the idea that array bounds could become negative. Any help would be
> appreciated. The attached code has been simplified from the original to
> reproduce the issue.

It looks like a bug in the implementation of the warning.
The offset is determined not to be in the range [-205, -716]
(pointer offsets are in ptrdiff_t) or (since the variable is
unsigned) in [4294966580, 4294967091].  That means that it
can be either in the range [0, 4294966579] or in [4294967092,
UINT_MAX].  But the warning code seems to get this anti-range
wrong and treats it as [-204, -717].

If you have an account in GCC Bugzilla, can you please open
a bug with this test case?  (If you don't let me know and I
will open one for you.)

Thanks
Martin

>
> The same code snippet builds find with 8.1 debug build and older
> versions of gcc.
>
> $ gcc  -m32 -march=i686 -std=gnu99 -Wall -O2   -Werror   -c -o t.o t.c
> t.c: In function 'func':
> t.c:41:9: error: 'memcpy' offset [-204, -717] is out of the bounds [0, 216] of object 'ctrl' with type 'struct kdd_ctrl' [-Werror=array-bounds]
>          memcpy(buf, ((uint8_t *)&ctrl.c32) + offset, len);
>          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> t.c:27:21: note: 'ctrl' declared here
>      struct kdd_ctrl ctrl;
>
> <code>
> #include <stdint.h>
> #include <string.h>
>
> struct kdd_ctrl_32 {
>     uint8_t _[84];
> };
>
> struct kdd_ctrl_64 {
>     uint8_t _[216];
> };
>
> struct kdd_ctrl {
>     union {
>         struct kdd_ctrl_32 c32;
>         struct kdd_ctrl_64 c64;
>     };
> };
>
> typedef struct {
>     uint8_t buf[17 + 65536];
>     uint32_t length_req;
>     uint64_t addr;
> } kdd_state;
>
> void func(kdd_state *s)
> {
>     struct kdd_ctrl ctrl;
>     uint8_t *buf = s->buf + 17 + 57;
>     uint32_t len = s->length_req;
>     uint64_t addr = s->addr;
>
>     uint32_t offset = addr;
>
>     /* 32-bit control-register space starts at 0x[2]cc, for 84 bytes */
>     if (offset > 0x200)
>         offset -= 0x200;
>     offset -= 0xcc;
>     if (offset > sizeof ctrl.c32 || offset + len > sizeof ctrl.c32) {
>         len = 0;
>     } else {
>         memcpy(buf, ((uint8_t *)&ctrl.c32) + offset, len);
>     }
> }
> </code>
>
> Regards,
> Wei.
>