Bug 69249 - Array-boundary offending code is silently discarded without warnings
Summary: Array-boundary offending code is silently discarded without warnings
Status: NEW
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 4.8.2
: P3 enhancement
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords: diagnostic
Depends on:
Blocks:
 
Reported: 2016-01-12 16:11 UTC by Ilia Kolominsky
Modified: 2017-10-24 16:33 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail: 5.3.0
Last reconfirmed: 2016-01-13 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ilia Kolominsky 2016-01-12 16:11:24 UTC
Hello team!
Recently, our team upgraded to gcc ver 4.8.2 (from 4.7.3) and started to experience incorrect behavior in various components of the software product.
We figured that some our components contain bogus code that violate array bounds, which go unnoticed during the compilation and the runtime.
The issue with the newer gcc is that such code is completely discarded from the resulting object, silently, without warnings.

It can be seen clearly using the following simple code that I tested using https://gcc.godbolt.org/

#include <stdio.h>
#define ARR_SIZE 64

char arr1[ARR_SIZE];
char arr2[ARR_SIZE];

int main(int argc, char * argv[])
{
  int i = 0;

  scanf("%s",arr1);
  scanf("%s",arr2);
  while ((arr1[i] != arr2[i]) && i <= ARR_SIZE) /* Array bounds violation */
  {
    i++;
  }
  
  if (i == ARR_SIZE)
  {
    return 0xaa55;
  }

  return 0;
}

The compilation options are: -O3 -Wall
It can be seen from the resulting assembly code that all the code bellow the second scanf is simply discarded and main always returns 0.
Despite -Wall, no warning are produced related to this issue...

Regards,
Ilia Kolominsky
Comment 1 Manuel López-Ibáñez 2016-01-12 22:02:01 UTC
No warning: -O3 -Waggressive-loop-optimizations -Warray-bounds -Wextra -Wall -Wstrict-aliasing=3 -Wstrict-overflow=5
Comment 2 Richard Biener 2016-01-13 11:33:11 UTC
Confirmed as diagnostic enhancement request.
Comment 3 Arnd Bergmann 2017-09-12 19:21:47 UTC
I see the same behavior on incorrect code (off-by-one bug accessing beyond the array, in my case with a negative index) on Linux kernel code: The following snippet produces a warning with all versions up to 4.7, but not with 4.8 or later (latest tried: gcc-8.0.0):

8<----
#define MEDIA_BUS_FMT_YUYV8_2X8                 0x2008
#define MEDIA_BUS_FMT_YVYU8_2X8                 0x2009
#define MEDIA_BUS_FMT_UYVY8_2X8                 0x2006
#define MEDIA_BUS_FMT_VYUY8_2X8                 0x2007

static const unsigned int camif_mbus_formats[4] = {
        MEDIA_BUS_FMT_YUYV8_2X8,
        MEDIA_BUS_FMT_YVYU8_2X8,
        MEDIA_BUS_FMT_UYVY8_2X8,
        MEDIA_BUS_FMT_VYUY8_2X8,
};

int __camif_subdev_try_format(unsigned int code)
{
	int i = sizeof(camif_mbus_formats) / sizeof(camif_mbus_formats[0]);

        while (i-- >= 0)
                if (camif_mbus_formats[i] == code)
                        break;

	return i;
}