User account creation filtered due to spam.

Bug 35903 - false Warray-bounds warning when passing quoted string to function strcmp(arg,"no");
Summary: false Warray-bounds warning when passing quoted string to function strcmp(arg...
Status: NEW
Alias: None
Product: gcc
Classification: Unclassified
Component: middle-end (show other bugs)
Version: 4.3.1
: P3 minor
Target Milestone: ---
Assignee: Not yet assigned to anyone
Keywords: diagnostic
Depends on: 35392
  Show dependency treegraph
Reported: 2008-04-10 18:43 UTC by Ryan S. Arnold
Modified: 2010-02-20 00:19 UTC (History)
4 users (show)

See Also:
Host: n/a
Target: n/a
Build: n/a
Known to work:
Known to fail:
Last reconfirmed: 2010-01-02 19:24:39

preprocessed test-ildouble.c file. (59.73 KB, application/octet-stream)
2008-04-10 18:57 UTC, Ryan S. Arnold
Preprocessed file of the testcase (6.84 KB, application/octet-stream)
2009-10-22 18:30 UTC, Alfonso Cepeda Caballos

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan S. Arnold 2008-04-10 18:43:40 UTC
When building libm-test.c (part of the GLIBC make check math test suite for GLIBC CVS head as of April 10, 2008) with GCC 4.3 I get the following warning:

math/libm-test.c: In function 'parse_opt':
math/libm-test.c:6102: warning: array subscript is above array bounds

In relation to the following code:

      if (strcmp (arg, "yes") == 0)

This warning goes away if replaced with:
      char yes[] = "yes";
      if (strcmp (arg,yes) == 0)

Andrew Pinski says this is a false warning and that I should file a bug report.
Comment 1 Ryan S. Arnold 2008-04-10 18:57:21 UTC
Created attachment 15465 [details]
preprocessed test-ildouble.c file.

strcmp on line 16036 seems to be the problematic one.
Comment 2 Ryan S. Arnold 2008-04-10 18:58:51 UTC
Compiled with:
cd /home/ryanarn/glibc/stages/stage_lround/glibc/math

/opt/at43/bin/gcc -m32 test-ildoubl.c -save-temps -c -std=gnu99 -fgnu89-inline -O2 -Wall -Winline -Wwrite-strings -fmerge-all-constants -g -mcpu=power4 -mlong-double-128 -mnew-mnemonics -Wstrict-prototypes -mlong-double-128    -Wno-uninitialized -D__NO_MATH_INLINES -D__LIBC_INTERNAL_MATH_INLINES -I../include -I/home/ryanarn/glibc/stages/stage_lround/build/glibc32_power4/math -I/home/ryanarn/glibc/stages/stage_lround/build/glibc32_power4 -I../sysdeps/powerpc/powerpc32/elf -I../sysdeps/powerpc/elf -I../sysdeps/unix/sysv/linux/powerpc/powerpc32/power4/fpu -I../sysdeps/powerpc/powerpc32/power4/fpu -I../sysdeps/unix/sysv/linux/powerpc/powerpc32/power4 -I../sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu -I../sysdeps/powerpc/powerpc32/fpu -I../nptl/sysdeps/unix/sysv/linux/powerpc/powerpc32 -I../sysdeps/unix/sysv/linux/powerpc/powerpc32 -I../nptl/sysdeps/unix/sysv/linux/powerpc -I../sysdeps/unix/sysv/linux/powerpc -I../sysdeps/ieee754/ldbl-128ibm -I../sysdeps/ieee754/ldbl-opt -I../nptl/sysdeps/unix/sysv/linux -I../nptl/sysdeps/pthread -I../sysdeps/pthread -I../sysdeps/unix/sysv/linux -I../sysdeps/gnu -I../sysdeps/unix/common -I../sysdeps/unix/mman -I../sysdeps/unix/inet -I../nptl/sysdeps/unix/sysv -I../sysdeps/unix/sysv -I../sysdeps/unix/powerpc -I../nptl/sysdeps/unix -I../sysdeps/unix -I../sysdeps/posix -I../sysdeps/powerpc/powerpc32/power4 -I../sysdeps/powerpc/powerpc32 -I../sysdeps/wordsize-32 -I../sysdeps/powerpc/fpu -I../sysdeps/powerpc/math -I../nptl/sysdeps/powerpc -I../sysdeps/powerpc -I../sysdeps/ieee754/dbl-64 -I../sysdeps/ieee754/flt-32 -I../sysdeps/ieee754 -I../sysdeps/generic/elf -I../sysdeps/generic -I../nptl  -I.. -I../libio -I. -nostdinc -isystem /opt/at43/lib/gcc/powerpc64-linux/4.3.0/include -isystem /opt/at43/lib/gcc/powerpc64-linux/4.3.0/include-fixed -isystem /usr/include -D_LIBC_REENTRANT -include ../include/libc-symbols.h   -DNOT_IN_libc=1 -U__LIBC_INTERNAL_MATH_INLINES -D__FAST_MATH__ -DTEST_FAST_MATH -fno-builtin   -o /home/ryanarn/glibc/stages/stage_lround/build/glibc32_power4/math/test-ildoubl.o -MD -MP -MF /home/ryanarn/glibc/stages/stage_lround/build/glibc32_power4/math/test-ildoubl.o.dt -MT /home/ryanarn/glibc/stages/stage_lround/build/glibc32_power4/math/test-ildoubl.o
Comment 3 Alfonso Cepeda Caballos 2009-10-16 16:51:29 UTC
This bug has no changed for months, I think it is still active.

It seems not to work only when size of char[] is 3 (2+'\0'). A test case is this:
// Begin of code
#include <stdio.h>
#include <string.h>

int main(int argc, char **argv)
   printf("%d",strcmp(argv[0],"A")); //  NO warning
   printf("%d",strcmp(argv[0],"AA")); //  warning: array subscript
   printf("%d",strcmp(argv[0],"AAA")); //  NO warning
   return 0;
// End of code

The compilation says:

$ gcc -v -save-temps -O3 -fno-builtin -funsigned-char  -Wall test.c
Using built-in specs.
Target: i486-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 4.4.1-4ubuntu8' --with-bugurl=file:///usr/share/doc/gcc-4.4/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared --enable-multiarch --enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.4 --program-suffix=-4.4 --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-targets=all --disable-werror --with-arch-32=i486 --with-tune=generic --enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu
Thread model: posix
gcc version 4.4.1 (Ubuntu 4.4.1-4ubuntu8) 
COLLECT_GCC_OPTIONS='-v' '-save-temps' '-O3' '-fno-builtin' '-funsigned-char' '-Wall' '-mtune=generic' '-march=i486'
 /usr/lib/gcc/i486-linux-gnu/4.4.1/cc1 -E -quiet -v test.c -D_FORTIFY_SOURCE=2 -mtune=generic -march=i486 -Wall -fno-builtin -funsigned-char -O3 -fpch-preprocess -fstack-protector -o test.i
ignoring nonexistent directory "/usr/local/include/i486-linux-gnu"
ignoring nonexistent directory "/usr/lib/gcc/i486-linux-gnu/4.4.1/../../../../i486-linux-gnu/include"
ignoring nonexistent directory "/usr/include/i486-linux-gnu"
#include "..." search starts here:
#include <...> search starts here:
End of search list.
COLLECT_GCC_OPTIONS='-v' '-save-temps' '-O3' '-fno-builtin' '-funsigned-char' '-Wall' '-mtune=generic' '-march=i486'
 /usr/lib/gcc/i486-linux-gnu/4.4.1/cc1 -fpreprocessed test.i -quiet -dumpbase test.c -mtune=generic -march=i486 -auxbase test -O3 -Wall -version -fno-builtin -funsigned-char -fstack-protector -o test.s
GNU C (Ubuntu 4.4.1-4ubuntu8) version 4.4.1 (i486-linux-gnu)
	compiled by GNU C version 4.4.1, GMP version 4.3.1, MPFR version 2.4.1-p2.
GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
Compiler executable checksum: 293503c4ddf766b61fc5ff6a5ff38cdc
test.c: In function ‘main’:
test.c:7: warning: array subscript is above array bounds
COLLECT_GCC_OPTIONS='-v' '-save-temps' '-O3' '-fno-builtin' '-funsigned-char' '-Wall' '-mtune=generic' '-march=i486'
 as -V -Qy -o test.o test.s
GNU assembler version 2.19.92 (i486-linux-gnu) using BFD version (GNU Binutils for Ubuntu)
COLLECT_GCC_OPTIONS='-v' '-save-temps' '-O3' '-fno-builtin' '-funsigned-char' '-Wall' '-mtune=generic' '-march=i486'
 /usr/lib/gcc/i486-linux-gnu/4.4.1/collect2 --build-id --eh-frame-hdr -m elf_i386 --hash-style=both -dynamic-linker /lib/ -z relro /usr/lib/gcc/i486-linux-gnu/4.4.1/../../../../lib/crt1.o /usr/lib/gcc/i486-linux-gnu/4.4.1/../../../../lib/crti.o /usr/lib/gcc/i486-linux-gnu/4.4.1/crtbegin.o -L/usr/lib/gcc/i486-linux-gnu/4.4.1 -L/usr/lib/gcc/i486-linux-gnu/4.4.1 -L/usr/lib/gcc/i486-linux-gnu/4.4.1/../../../../lib -L/lib/../lib -L/usr/lib/../lib -L/usr/lib/gcc/i486-linux-gnu/4.4.1/../../.. -L/usr/lib/i486-linux-gnu test.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/i486-linux-gnu/4.4.1/crtend.o /usr/lib/gcc/i486-linux-gnu/4.4.1/../../../../lib/crtn.o

Comment 4 Manuel López-Ibáñez 2009-10-17 11:03:24 UTC
(In reply to comment #3)
> This bug has no changed for months, I think it is still active.

Newer higher priority bugs often make us forget about old inactive bugs. Going through old bugs and testing whether they still exist in a recent GCC would be extremely helpful.

> It seems not to work only when size of char[] is 3 (2+'\0'). A test case is
> this:

Could you produce a preprocessed testcase? Is the printf needed? If not, please take it and stdio.h out of the testcase to make it even simpler.
Comment 5 Manuel López-Ibáñez 2009-10-22 17:56:12 UTC

We need the preprocessed testcase. See my previous comment.
Comment 6 Alfonso Cepeda Caballos 2009-10-22 18:30:39 UTC
Created attachment 18870 [details]
Preprocessed file of the testcase
Comment 7 Alfonso Cepeda Caballos 2009-10-22 18:31:44 UTC
Unfortunately and surprisely, printf is needed in this testcase. I think that a different testcase without the printf can be found because the bigger code that I used had not got the printf.

I have attatched the preproccessed testcase.
Comment 8 Richard Biener 2010-01-02 19:24:39 UTC
Similar to PR35392 this only happens with -funsigned-char, thus these may
as well be dups.
Comment 9 Manuel López-Ibáñez 2010-02-19 23:56:12 UTC
This is not an uninitialized issue. 

The reason this requires -O2 is that -Warray-bounds requires VRP to warn. The gimple output already looks quite different.


        [pr35903.i : 309:15] D.1567 = __s1D.796 + 3;
        [pr35903.i : 309:15] D.1568 = [pr35903.i : 309] *D.1567;
        [pr35903.i : 310:11] D.1569 = (intD.0) D.1568;
        [pr35903.i : 318:12] D.1570 = [pr35903.i : 311] &[pr35903.i : 311] "AA"[0] + 3;
        [pr35903.i : 318:12] D.1571 = [pr35903.i : 318] *D.1570;
        [pr35903.i : 310:11] D.1572 = (intD.0) D.1571;
        [pr35903.i : 308:10] __resultD.797 = D.1569 - D.1572;


        [pr35903.i : 309:15] D.1568 = __s1D.796 + 3;
        [pr35903.i : 309:15] D.1569 = [pr35903.i : 309] *D.1568;
        [pr35903.i : 310:11] D.1570 = (intD.0) D.1569;
        [pr35903.i : 311:12] D.1540 = (const unsigned charD.10 *) [pr35903.i : 318] "AA";
        [pr35903.i : 318:12] D.1571 = D.1540 + 3;
        [pr35903.i : 318:12] D.1572 = [pr35903.i : 318] *D.1571;
        [pr35903.i : 310:11] D.1573 = (intD.0) D.1572;
        [pr35903.i : 308:10] __resultD.797 = D.1570 - D.1573;
Comment 10 Manuel López-Ibáñez 2010-02-20 00:19:14 UTC
Reduced testcase:

extern int strlen (__const char *__s);
int echo (int);
int main(int argc, char **argv)
  echo (({ int __s1_len, __s2_len;
  (__builtin_constant_p (argv[0]) && __builtin_constant_p ("AA") &&
   (__s1_len = strlen (argv[0]), __s2_len = strlen ("AA"),
    (!((int)(const void *)((argv[0]) + 1) - (int)(const void *)(argv[0]) == 1)
     || __s1_len >= 4)
    (!((int)(const void *)(("AA") + 1) - (int)(const void *)("AA") == 1)
     || __s2_len >= 4))
   ? 1
   : (__builtin_constant_p (argv[0])
      && ((int)(const void *)((argv[0]) + 1) - (int)(const void *)(argv[0]) == 1)
      && (__s1_len = strlen (argv[0]), __s1_len < 4)
      ? 1
      : (__builtin_constant_p ("AA") && ((int)(const void *)(("AA") + 1) - (int)(const void *)("AA") == 1)
         && (__s2_len = strlen ("AA"), __s2_len < 4)
         ? (__builtin_constant_p (argv[0])
            && ((int)(const void *)((argv[0]) + 1) - (int)(const void *)(argv[0]) == 1)
            ? 1
            : (({
              __const unsigned char *__s1 = (__const unsigned char *) (__const char *) (argv[0]);
              register int __result = __s1[0] - ((__const unsigned char *) (__const char *) ("AA"))[0];
              if (__s2_len > 0 && __result == 0)
                  __result = (__s1[1] - ((__const unsigned char *) (__const char *) ("AA"))[1]);
                  if (__s2_len > 1 && __result == 0)
                      __result = (__s1[2] - ((__const unsigned char *) (__const char *) ("AA"))[2]);
                      if (__s2_len > 2 && __result == 0)
                        __result = (__s1[3] - ((__const  unsigned  char  *) (__const  char  *) ("AA"))[3]);
         : 0))); }));

  return 0;