[Bug tree-optimization/94675] [9 regression] -Warray-bounds false positive with -O2
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94675
Richard Biener changed:
What|Removed |Added
Target Milestone|--- |9.4
Version|unknown |9.3.0
--- Comment #3 from Richard Biener ---
(In reply to Martin Sebor from comment #1)
> The false positive is not due a shortcoming of the warning but rather due to
> GCC not having a sufficiently sophisticated analysis of relationships of
> pointers into the same objects. The same warning (and probably a numbers as
> well) can be reproduced with a simpler example.
>
> $ cat pr94675.c && gcc -O2 -S -Wall -fdump-tree-vrp=/dev/stdout pr94675.c
> unsigned char c, n;
>
> int f (void)
> {
> if (n <= 7) return 0;
>
> unsigned char *p = , *q = p + n;
>
> if (q - p <= 7) // not eliminated
> return 0;
Not sure why you write not eliminated - it is eliminated. I believe
your testcase is bogus - why would the p[7] access never happen?
Because p + n is invoking undefined behavior?
> return p[7]; // spurious -Warray-bounds
> }
>
> ;; Function f (f, funcdef_no=0, decl_uid=1932, cgraph_uid=1, symbol_order=2)
>
> ;; 1 loops found
> ;;
> ;; Loop 0
> ;; header 0, latch 1
> ;; depth 0, outer -1
> ;; nodes: 0 1 2 3 4
> ;; 2 succs { 4 3 }
> ;; 3 succs { 4 }
> ;; 4 succs { 1 }
>
> Value ranges after VRP:
>
> n.0_1: unsigned char VARYING
> _2: unsigned char VARYING
> _3: int [0, 255]
> _5: int [0, 255]
>
>
> pr94675.c: In function ‘f’:
> pr94675.c:12:11: warning: array subscript 7 is outside array bounds of
> ‘unsigned char[1]’ [-Warray-bounds]
>12 | return p[7];
> | ~^~~
> pr94675.c:1:15: note: while referencing ‘c’
> 1 | unsigned char c, n;
> | ^
> f ()
> {
> unsigned char n.0_1;
> unsigned char _2;
> int _3;
> int _5;
>
>[local count: 1073741824]:
> n.0_1 = n;
> if (n.0_1 <= 7)
> goto ; [34.00%]
> else
> goto ; [66.00%]
>
>[local count: 708669601]:
> _2 = MEM[(unsigned char *) + 7B];
> _5 = (int) _2;
>
>[local count: 1073741824]:
> # _3 = PHI <0(2), _5(3)>
> return _3;
>
> }
>
>
>
> ;; Function f (f, funcdef_no=0, decl_uid=1932, cgraph_uid=1, symbol_order=2)
>
> ;; 1 loops found
> ;;
> ;; Loop 0
> ;; header 0, latch 1
> ;; depth 0, outer -1
> ;; nodes: 0 1 2 3 4
> ;; 2 succs { 4 3 }
> ;; 3 succs { 4 }
> ;; 4 succs { 1 }
>
> Value ranges after VRP:
>
> n.0_1: unsigned char VARYING
> _2: unsigned char VARYING
> _3: int [0, 255]
> _5: int [0, 255]
>
>
> f ()
> {
> unsigned char n.0_1;
> unsigned char _2;
> int _3;
> int _5;
>
>[local count: 1073741824]:
> n.0_1 = n;
> if (n.0_1 <= 7)
> goto ; [34.00%]
> else
> goto ; [66.00%]
>
>[local count: 708669601]:
> _2 = MEM[(unsigned char *) + 7B];
> _5 = (int) _2;
>
>[local count: 1073741824]:
> # _3 = PHI <_5(3), 0(2)>
> return _3;
>
> }
[Bug tree-optimization/94675] [9 regression] -Warray-bounds false positive with -O2
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94675 Martin Liška changed: What|Removed |Added Last reconfirmed||2020-04-21 CC||marxin at gcc dot gnu.org Ever confirmed|0 |1 Status|UNCONFIRMED |NEW
[Bug tree-optimization/94675] [9 regression] -Warray-bounds false positive with -O2
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94675 --- Comment #2 from Xavier --- Note that in our code, we are not even dereferencing the pointer, it's just ps->s += len. And since we always keep a pointer right after the array (p_end / s_end), won't that be a source of problems for Warray-bounds ?
[Bug tree-optimization/94675] [9 regression] -Warray-bounds false positive with -O2
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94675
Martin Sebor changed:
What|Removed |Added
CC||msebor at gcc dot gnu.org
--- Comment #1 from Martin Sebor ---
The false positive is not due a shortcoming of the warning but rather due to
GCC not having a sufficiently sophisticated analysis of relationships of
pointers into the same objects. The same warning (and probably a numbers as
well) can be reproduced with a simpler example.
$ cat pr94675.c && gcc -O2 -S -Wall -fdump-tree-vrp=/dev/stdout pr94675.c
unsigned char c, n;
int f (void)
{
if (n <= 7) return 0;
unsigned char *p = , *q = p + n;
if (q - p <= 7) // not eliminated
return 0;
return p[7]; // spurious -Warray-bounds
}
;; Function f (f, funcdef_no=0, decl_uid=1932, cgraph_uid=1, symbol_order=2)
;; 1 loops found
;;
;; Loop 0
;; header 0, latch 1
;; depth 0, outer -1
;; nodes: 0 1 2 3 4
;; 2 succs { 4 3 }
;; 3 succs { 4 }
;; 4 succs { 1 }
Value ranges after VRP:
n.0_1: unsigned char VARYING
_2: unsigned char VARYING
_3: int [0, 255]
_5: int [0, 255]
pr94675.c: In function ‘f’:
pr94675.c:12:11: warning: array subscript 7 is outside array bounds of
‘unsigned char[1]’ [-Warray-bounds]
12 | return p[7];
| ~^~~
pr94675.c:1:15: note: while referencing ‘c’
1 | unsigned char c, n;
| ^
f ()
{
unsigned char n.0_1;
unsigned char _2;
int _3;
int _5;
[local count: 1073741824]:
n.0_1 = n;
if (n.0_1 <= 7)
goto ; [34.00%]
else
goto ; [66.00%]
[local count: 708669601]:
_2 = MEM[(unsigned char *) + 7B];
_5 = (int) _2;
[local count: 1073741824]:
# _3 = PHI <0(2), _5(3)>
return _3;
}
;; Function f (f, funcdef_no=0, decl_uid=1932, cgraph_uid=1, symbol_order=2)
;; 1 loops found
;;
;; Loop 0
;; header 0, latch 1
;; depth 0, outer -1
;; nodes: 0 1 2 3 4
;; 2 succs { 4 3 }
;; 3 succs { 4 }
;; 4 succs { 1 }
Value ranges after VRP:
n.0_1: unsigned char VARYING
_2: unsigned char VARYING
_3: int [0, 255]
_5: int [0, 255]
f ()
{
unsigned char n.0_1;
unsigned char _2;
int _3;
int _5;
[local count: 1073741824]:
n.0_1 = n;
if (n.0_1 <= 7)
goto ; [34.00%]
else
goto ; [66.00%]
[local count: 708669601]:
_2 = MEM[(unsigned char *) + 7B];
_5 = (int) _2;
[local count: 1073741824]:
# _3 = PHI <_5(3), 0(2)>
return _3;
}
