Bug 98484 - missing -Wstringop-overflow on invalid accesses to the same object by distinct functions
Summary: missing -Wstringop-overflow on invalid accesses to the same object by distinc...
Status: NEW
Alias: None
Product: gcc
Classification: Unclassified
Component: middle-end (show other bugs)
Version: 11.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords: diagnostic
Depends on:
Blocks: Wstringop-overflow
  Show dependency treegraph
 
Reported: 2020-12-30 22:29 UTC by Martin Sebor
Modified: 2021-09-26 09:26 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2021-09-26 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Sebor 2020-12-30 22:29:08 UTC
GCC 11 diagnoses invalid accesses by built-in functions like memcpy made in inlined calls to functions defined in system headers, but apparently only for a single level of inlining.  When the function that does the invalid access is itself called from another inline function it isn't diagnosed.  (I noticed this while looking into pr98465.)

$ cat b.c && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout b.c
# 1 "a.h" 1 3 4
# 2 "a.h" 3 4
static inline void f0 (void *p)
{
  __builtin_memcpy (p, "12345678", 8);
}

static inline void f1 (void *p)
{
  f0 (p);
}

# 1 "b.c" 1

static inline void f2 (void *p)
{
  f0 (p);
}

extern char a[8];

void g0 (void)
{
  f0 (a + 4);   // missing warning
}

void g1 (void)
{
  f1 (a + 4);   // missing warning
}


void g2 (void)
{
  f2 (a + 4);   // missing warning
}


;; Function g0 (g0, funcdef_no=3, decl_uid=1953, cgraph_uid=4, symbol_order=3)

void g0 ()
{
  <bb 2> [local count: 1073741824]:
  __builtin_memcpy (&MEM <char[8]> [(void *)&a + 4B], "12345678", 8); [tail call]
  return;

}


In file included from b.c:1:
In function ‘f0’,
    inlined from ‘g0’ at b.c:11:3:
a.h:4:3: warning: ‘__builtin_memcpy’ writing 8 bytes into a region of size 4 overflows the destination [-Wstringop-overflow=]
    4 | 
      |   ^                                  
In file included from a.h:12,
                 from b.c:1:
a.h: In function ‘g0’:
b.c:7:13: note: at offset 4 into destination object ‘a’ of size 8
    7 | 
      |             ^

;; Function g1 (g1, funcdef_no=7, decl_uid=1956, cgraph_uid=5, symbol_order=4)

void g1 ()
{
  <bb 2> [local count: 1073741824]:
  __builtin_memcpy (&MEM <char[8]> [(void *)&a + 4B], "12345678", 8); [tail call]
  return;

}



;; Function g2 (g2, funcdef_no=9, decl_uid=1959, cgraph_uid=6, symbol_order=5)

void g2 ()
{
  <bb 2> [local count: 1073741824]:
  __builtin_memcpy (&MEM <char[8]> [(void *)&a + 4B], "12345678", 8); [tail call]
  return;

}
Comment 1 Martin Sebor 2020-12-30 22:43:54 UTC
Actually, the warning is issued if the accessed object is different, so the false negative is most likely due to the TREE_NO_WARNING bit and not related to inlining or system headers.  It might be okay to issue just one warning for multiple invalid accesses to the same object in a single (out-of-line) function, but the suppression should probably be reset for each new (out-of-line) function.
Comment 2 Andrew Pinski 2021-09-26 09:26:56 UTC
Confirmed. -Wsystem-headers enables all of the warnings ...

What is interesting is in GCC 10, we don't even get the warning for g0 without -Wsystem-headers.
In GCC 9 -Wsystem-headers does not enable the warning for g1 or g2 either.