From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com [IPv6:2607:f8b0:4864:20::52e]) by sourceware.org (Postfix) with ESMTPS id CCEF83858432 for ; Tue, 14 May 2024 00:14:11 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CCEF83858432 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=chromium.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org CCEF83858432 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::52e ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1715645654; cv=none; b=rbRTtcCNU7HL26MbvrPvI640GIb6UQPVeHpM8d46c9gpftqylEEEpV83L2rjBJjlSVM9rphbCxKBICHQLVYr7xAoEGzgrpn2/roMedSwYsgu0XTyQ9sni5N/MfLX3W5vfeE+VcLKrkc0T5Asc0ElHx2IyQE9nwLypOYPi18ykmA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1715645654; c=relaxed/simple; bh=qlYn3uSlZjkYsS4PvwlwobbGtcSDn0dFePgA13mLyQI=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=dIo7CX8BRfmw0wtwaGDp53tI6Kn74JF0UGBCLy6IvCbCDk/qLgpzrzkdHcO708TcAPysg5GtQOdDulTAek1HUkI8YqWs8TXHJWwJS1yST0zN8Cn2zAdPU22tjbXhN3KW8bjQlspq2N/FtbYdGY8prqwtgMPk5FBhScgFPNgzGMc= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pg1-x52e.google.com with SMTP id 41be03b00d2f7-61c4ebd0c99so3229102a12.0 for ; Mon, 13 May 2024 17:14:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1715645650; x=1716250450; darn=gcc.gnu.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=pK6KlssMFxm0EzXJe3Y4ibwtP4TuI9QOw4WNZqPMZUg=; b=Q5sPcNmugxY+W4HAl5KpyTQr1PsSt62NRKZIeCwtASfZxbNNZSY3l6EGmP5ro/XT6H hCzg37sFoWciCvO5Qfss77LXLROJDzejdxPKpfwyeB0OhM0NHimGGBZ38N3EF2JmhVaU e9wucEdXENODujofXy+NhD4Fb0DABjdUd0lR4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715645650; x=1716250450; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=pK6KlssMFxm0EzXJe3Y4ibwtP4TuI9QOw4WNZqPMZUg=; b=SNSmTe3mcagfMJqEOcRm4bMJsFu4AohwQbvHjXkOBrc9TLR1rWgIqXgjtmDFrIGb1P 0hqmSauMgXsjjWUn6WM3uQH96PywPCqO+sct23Si/S75WaItrkEjwE2rZx93ikTYzBEx S0vhd3JXUl6a/BNJLwun9dpoScpfdgAlKABgP59XGzMqUWtF7f/Je/jyj65g/uqpE8XH lsI3iNQW84UYNbHFrwU+g6cWtawrf0bk5N1jtPGVjjLCnRc2+VBpFrk3UtD5lYWBOqiH mZDLos5Rq0Car/TwA+zAz9IE5+9m2nJfhOCh7HKFsB+Rgot9yDZu+ouA8dSTOTv0Z09Y 3fQw== X-Forwarded-Encrypted: i=1; AJvYcCXY2PpYxObu5ksjzI+WaLUWx6d+1OYM7QtFdhIIoI4XIlDO2uB2f+ZHQkXqpo45qiu+eE+VcEwVsx/kXXn6mXbXogg01v7RBg== X-Gm-Message-State: AOJu0YxkgqTU0M8zqRMF95095VQqZys3ufG/v0PCaUDKh+2UpDmsNJh4 5c8sy51lPQHHJ7wJlZMTllE2ltQl9UhjU5i21dV5a4xUe2QrWIE4K6Rs51X5H3t9MR9FVuEviUg = X-Google-Smtp-Source: AGHT+IEvpmE/buP3a3shJLVDO/JkizqUjODm6Fb12I6rc7BgvL7r09EJf4m2x6f9fXm/BgFsGQ9tcQ== X-Received: by 2002:a05:6a20:a124:b0:1a7:4f8b:6439 with SMTP id adf61e73a8af0-1afde0ecb90mr19739797637.34.1715645650037; Mon, 13 May 2024 17:14:10 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2b67178301esm8416725a91.49.2024.05.13.17.14.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 May 2024 17:14:09 -0700 (PDT) Date: Mon, 13 May 2024 17:14:08 -0700 From: Kees Cook To: Andrew Pinski Cc: Jeff Law , Qing Zhao , GCC Patches , Richard Guenther Subject: Re: [RFC][PATCH] PR tree-optimization/109071 - -Warray-bounds false positive warnings due to code duplication from jump threading Message-ID: <202405131658.40421DF@keescook> References: <20240513194830.1676938-1-qing.zhao@oracle.com> <3c479063-8e5d-49e4-bb9c-e5df942c85f6@gmail.com> <202405131428.5CFEDA3@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,JMQ_SPF_NEUTRAL,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, May 14, 2024 at 01:38:49AM +0200, Andrew Pinski wrote: > On Mon, May 13, 2024, 11:41 PM Kees Cook wrote: > > But it makes no sense to warn about: > > > > void sparx5_set (int * ptr, struct nums * sg, int index) > > { > > if (index >= 4) > > warn (); > > *ptr = 0; > > *val = sg->vals[index]; > > if (index >= 4) > > warn (); > > *ptr = *val; > > } > > > > Because at "*val = sg->vals[index];" the actual value range tracking for > > index is _still_ [INT_MIN,INT_MAX]. (Only within the "then" side of the > > "if" statements is the range tracking [4,INT_MAX].) > > > > However, in the case where jump threading has split the execution flow > > and produced a copy of "*val = sg->vals[index];" where the value range > > tracking for "index" is now [4,INT_MAX], is the warning valid. But it > > is only for that instance. Reporting it for effectively both (there is > > only 1 source line for the array indexing) is misleading because there > > is nothing the user can do about it -- the compiler created the copy and > > then noticed it had a range it could apply to that array index. > > > > "there is nothing the user can do about it" is very much false. They could > change warn call into a noreturn function call instead. (In the case of > the Linux kernel panic). There are things the user can do to fix the > warning and even get better code generation out of the compilers. This isn't about warn() not being noreturn. The warn() could be any function call; the jump threading still happens. GCC is warning about a compiler-constructed situation that cannot be reliably fixed on the source side (GCC emitting the warning is highly unstable in these cases), since the condition is not *always* true for the given line of code. If it is not useful to warn for "array[index]" being out of range when "index" is always [INT_MIN,INT_MAX], then it is not useful to warn when "index" MAY be [INT_MIN,INT_MAX] for a given line of code. -Kees -- Kees Cook