https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102006
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |56456
CC| |msebor at gcc dot gnu.org
Keywords| |diagnostic
Component|c++ |tree-optimization
--- Comment #5 from Martin Sebor <msebor at gcc dot gnu.org> ---
I ca confirm the warning but not yet that it's a bug or limitation in GCC.
The IL does show an access via an out-of-bounds pointer to a local object:
(struct Element *)&holder + -32B, so it's working as designed. I can't tell if
the access itself, adjusted for the offset of the member, is valid (i.e.,
what's D.146911's offset within holder), but even if it is, the warning
validates pointers without considering subsequent adjustments so if something
earlier ends up emitting one that's out-of-bounds the warning will trigger.
The out-of-bounds offset first shows up in the fixup_cfg3 dump. ListHolder is
multiply derived from the same base class whose members freely cast the this
pointer to the derived class so maybe that somehow results in the intermediate
negative offset. The translation unit is almost 90,000 of twisty C++ code so
it will take a bit of time to reduce to something manageable.
void List_TestFunc (const struct TestContext & context)
{
...
struct ListHolder holder;
...
<bb 3> [local count: 1073741824]:
_15 = MEM[(struct base_single_link *)&holder].pNext;
if (_15 != 0B)
goto <bb 4>; [85.10%]
else
goto <bb 5>; [14.90%]
<bb 4> [local count: 913754293]:
iftmp.2_16 = &MEM[(struct Element *)_15 + -32B].D.146911;
<bb 5> [local count: 1073741821]:
# i$m_p_24 = PHI <iftmp.2_16(4), 0B(3)>
goto <bb 8>; [100.00%]
...
<bb 8> [local count: 9761289345]:
# i$m_p_21 = PHI <i$m_p_24(5), _22(7)>
if (&MEM[(struct Element *)&holder + -32B].D.146911 != i$m_p_21) <<<
-Warray-bounds
goto <bb 6>; [89.00%]
else
goto <bb 27>; [11.00%]
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456
[Bug 56456] [meta-bug] bogus/missing -Warray-bounds
