Bug 69249

Summary: Array-boundary offending code is silently discarded without warnings
Product: gcc Reporter: Ilia Kolominsky <ilia.kolominsky>
Component: tree-optimizationAssignee: Not yet assigned to anyone <unassigned>
Status: NEW ---    
Severity: enhancement CC: manu
Priority: P3 Keywords: diagnostic
Version: 4.8.2   
Target Milestone: ---   
Host: Target:
Build: Known to work:
Known to fail: 5.3.0 Last reconfirmed: 2016-01-13 00:00:00

Description Ilia Kolominsky 2016-01-12 16:11:24 UTC 
Hello team!
Recently, our team upgraded to gcc ver 4.8.2 (from 4.7.3) and started to experience incorrect behavior in various components of the software product.
We figured that some our components contain bogus code that violate array bounds, which go unnoticed during the compilation and the runtime.
The issue with the newer gcc is that such code is completely discarded from the resulting object, silently, without warnings.

It can be seen clearly using the following simple code that I tested using https://gcc.godbolt.org/

#include <stdio.h>
#define ARR_SIZE 64

char arr1[ARR_SIZE];
char arr2[ARR_SIZE];

int main(int argc, char * argv[])
{
  int i = 0;

  scanf("%s",arr1);
  scanf("%s",arr2);
  while ((arr1[i] != arr2[i]) && i <= ARR_SIZE) /* Array bounds violation */
  {
    i++;
  }
  
  if (i == ARR_SIZE)
  {
    return 0xaa55;
  }

  return 0;
}

The compilation options are: -O3 -Wall
It can be seen from the resulting assembly code that all the code bellow the second scanf is simply discarded and main always returns 0.
Despite -Wall, no warning are produced related to this issue...

Regards,
Ilia Kolominsky
Comment 1 Manuel López-Ibáñez 2016-01-12 22:02:01 UTC 
No warning: -O3 -Waggressive-loop-optimizations -Warray-bounds -Wextra -Wall -Wstrict-aliasing=3 -Wstrict-overflow=5
Comment 2 Richard Biener 2016-01-13 11:33:11 UTC 
Confirmed as diagnostic enhancement request.
Comment 3 Arnd Bergmann 2017-09-12 19:21:47 UTC 
I see the same behavior on incorrect code (off-by-one bug accessing beyond the array, in my case with a negative index) on Linux kernel code: The following snippet produces a warning with all versions up to 4.7, but not with 4.8 or later (latest tried: gcc-8.0.0):

8<----
#define MEDIA_BUS_FMT_YUYV8_2X8                 0x2008
#define MEDIA_BUS_FMT_YVYU8_2X8                 0x2009
#define MEDIA_BUS_FMT_UYVY8_2X8                 0x2006
#define MEDIA_BUS_FMT_VYUY8_2X8                 0x2007

static const unsigned int camif_mbus_formats[4] = {
        MEDIA_BUS_FMT_YUYV8_2X8,
        MEDIA_BUS_FMT_YVYU8_2X8,
        MEDIA_BUS_FMT_UYVY8_2X8,
        MEDIA_BUS_FMT_VYUY8_2X8,
};

int __camif_subdev_try_format(unsigned int code)
{
	int i = sizeof(camif_mbus_formats) / sizeof(camif_mbus_formats[0]);

        while (i-- >= 0)
                if (camif_mbus_formats[i] == code)
                        break;

	return i;
}