Re: [PATCH] gdb: Workaround stringop-overread warning in debuginfod-support.c on powerpc64

[Pedro Alves <pedro@palves.net>]

On 2022-06-06 12:27, Mark Wielaard wrote:
> Hi,
> 
> On Tue, 2022-05-31 at 12:51 +0200, Mark Wielaard wrote:
>> On Tue, 2022-05-31 at 10:46 +0100, Pedro Alves wrote:
>>> I wonder whether sticking in an assert so that the compiler
>>> knows the size of array, would make the warning go away:
>>
>>> diff --git c/gdb/debuginfod-support.c w/gdb/debuginfod-support.c
>>> index 6dc08fc29b6..d6fab39eac8 100644
>>> --- c/gdb/debuginfod-support.c
>>> +++ w/gdb/debuginfod-support.c
>>> @@ -187,6 +187,8 @@ debuginfod_is_enabled ()
>>>                     "from the following URLs:\n"));
>>>  
>>>        gdb::string_view url_view (urls);
>>> +      gdb_assert (url_view.size () < PTRDIFF_MAX);
>>> +
>>>        while (true)
>>>         {
>>>           size_t off = url_view.find_first_not_of (' ');
>>
>> I tried by hand, but that does result in the same warning (with the
>> DIAGNOSTIC_IGNORE_STRINGOP_OVERREAD removed):
> 
> So, since that didn't work, OK to push the original patch that simply
> suppresses the diagnostic always?

The code currently looks like:

      gdb::string_view url_view (urls);
      while (true)
	{
	  size_t off = url_view.find_first_not_of (' ');
	  if (off == gdb::string_view::npos)
	    break;
	  url_view = url_view.substr (off);
#if defined (__s390x__) || defined (__powerpc64__)
	  /* g++ 11.2.1 on s390x and g++ 11.3.1 on ppc64le seem convinced
	     url_view might be of SIZE_MAX length.  And so complains
	     because the length of an array can only be PTRDIFF_MAX.  */
	  DIAGNOSTIC_PUSH
	  DIAGNOSTIC_IGNORE_STRINGOP_OVERREAD
#endif
	  off = url_view.find_first_of (' ');
#if defined (__s390x__) || defined (__powerpc64__)
	  DIAGNOSTIC_POP
#endif


I suppose that the fact that the warning appears in the find_first_of
call, and not the find_first_not_of call above was already an indication
that the assert at that spot wouldn't work, otherwise, I'd think we'd
be seeing a similar warning in the find_first_not_of call.  I suspect that
for the gdb_assert to work, it would need to be put at the same spot where
the DIAGNOSTIC_PUSH is, after the url_view.substr.  The theory being that
substr returns a new string_view and it's that one that would need the
assert.  Like:

       gdb::string_view url_view (urls);
       while (true)
	 {
	   size_t off = url_view.find_first_not_of (' ');
	   if (off == gdb::string_view::npos)
	     break;
	   url_view = url_view.substr (off);
+          gdb_assert (url_view.size () < PTRDIFF_MAX);
 	   off = url_view.find_first_of (' ');


OTOH, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97185 suggests that
the root issue is with not eliminating builtin calls when sizes are 0, so maybe
the right thing to do would be to assert that the string_view isn't empty, like:

diff --git c/gdb/debuginfod-support.c w/gdb/debuginfod-support.c
index 6dc08fc29b6..9a4301f018c 100644
--- c/gdb/debuginfod-support.c
+++ w/gdb/debuginfod-support.c
@@ -193,17 +193,8 @@ debuginfod_is_enabled ()
          if (off == gdb::string_view::npos)
            break;
          url_view = url_view.substr (off);
-#if defined (__s390x__) || defined (__powerpc64__)
-         /* g++ 11.2.1 on s390x and g++ 11.3.1 on ppc64le seem convinced
-            url_view might be of SIZE_MAX length.  And so complains
-            because the length of an array can only be PTRDIFF_MAX.  */
-         DIAGNOSTIC_PUSH
-         DIAGNOSTIC_IGNORE_STRINGOP_OVERREAD
-#endif
+         gdb_assert (!url_view.empty ());
          off = url_view.find_first_of (' ');
-#if defined (__s390x__) || defined (__powerpc64__)
-         DIAGNOSTIC_POP
-#endif
 

Anyhow, your patch is OK with me.