https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103483
Jason Merrill <jason at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jeffreyalaw at gmail dot com Summary|context-sensitive ranges |[12 regression] |change triggers |context-sensitive ranges |stringop-overread |change triggers | |stringop-overread --- Comment #15 from Jason Merrill <jason at gcc dot gnu.org> --- Jeff, I remember running into similar issues in the past with jump-threading creating nonsensical blocks which we would then give other warnings about, and I think you fixed at least one of those. Do you have any input that could help guide us to a resolution of this problem? Note that the original testcase no longer warns on trunk because <string> disables the warning entirely. To simplify my example a bit (compile with -O -Wall) char *sink; int mystrlen (const char *p); inline void copy(const char *p) { int L = mystrlen (p); if (L < 5) /* Small string magic. */; else __builtin_memcpy (sink, p, L); } void f() { copy ("12"); // bogus warning } I see that this actually warns as far back as GCC 8; I guess this is an older problem that has only gotten more problematic with improvements in value range propagation. I don't see any plausible way for the user to guard this perfectly reasonable code against this warning, other than disabling it. Again, at the point of the memcpy we don't know anything about the probability of different values of L. With or without the if condition, if we try to memcpy 5 bytes out of "12" we get undefined behavior; that doesn't become more likely because we want to handle small L differently. It creates a branch that is all undefined behavior, but that doesn't make the branch reachable.