[Bug tree-optimization/79132] New: False positive for -Walloc-size-larger-than= with -fsanitize=address aka. bootstrap-asan breakage

marxin at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Wed Jan 18 15:11:00 GMT 2017 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79132

            Bug ID: 79132
           Summary: False positive for -Walloc-size-larger-than= with
                    -fsanitize=address aka. bootstrap-asan breakage
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: marxin at gcc dot gnu.org
  Target Milestone: ---

Following code snippet block my bootstrap-asan:

struct A;
template <typename = A> struct B
{
  unsigned length ();
};
template <> struct B<>
{
  unsigned
  length ()
  {
    return m_vec ? m_vec->length () : 0;
  }
  B<int> *m_vec;
};
int rewrite_expr_tree_parallel_i;

B<> ops;

void
rewrite_expr_tree_parallel ()
{
  int *stmt;
  int stmt_num = ops.length () - 1;
  int **stmts = (int **) __builtin_alloca (stmt_num);
  stmts[1] = stmt;
  rewrite_expr_tree_parallel_i = 2;
  for (; rewrite_expr_tree_parallel_i; rewrite_expr_tree_parallel_i--)
    for (; stmt_num; rewrite_expr_tree_parallel_i++)
      ;
}


$ ./gcc/xgcc -B gcc -c -Walloc-size-larger-than=10000 tc.ii -O2
-fsanitize=address
tc.ii: In function ‘void rewrite_expr_tree_parallel()’:
tc.ii:24:52: warning: argument 1 value ‘18446744073709551615’ exceeds maximum
object size 10000 [-Walloc-size-larger-than=]
   int **stmts = (int **) __builtin_alloca (stmt_num);

while
$ ./gcc/xgcc -B gcc -c -Walloc-size-larger-than=10000 tc.ii -O2

is fine.

It's cause by tc.ii.178t.thread3 where:

  <bb 2> [2.65%]:
  _19 = ops.m_vec;
  if (_19 != 0B)
    goto <bb 3>; [53.47%]
  else
    goto <bb 4>; [46.53%]

  <bb 3> [1.42%]:
  _20 = B<int>::length (_19);
  _42 = _20 + 4294967295;
  _44 = (int) _42;
  _45 = (long unsigned int) _44;

  <bb 4> [2.66%]:
  # prephitmp_46 = PHI <18446744073709551615(2), _45(3)>
  # prephitmp_47 = PHI <-1(2), _44(3)>
  stmts_13 = __builtin_alloca (prephitmp_46);

is transformed to:

  <bb 2> [2.65%]:
  _19 = ops.m_vec;
  if (_19 != 0B)
    goto <bb 4>; [53.47%]
  else
    goto <bb 3>; [46.53%]

  <bb 3> [1.23%]:
  # prephitmp_26 = PHI <18446744073709551615(2)>
  # prephitmp_30 = PHI <-1(2)>
  stmts_27 = __builtin_alloca (prephitmp_26);

Following patch fixes that:

diff --git a/gcc/tree-ssa-reassoc.c b/gcc/tree-ssa-reassoc.c
index 503edd3870d..4a796f48864 100644
--- a/gcc/tree-ssa-reassoc.c
+++ b/gcc/tree-ssa-reassoc.c
@@ -4407,6 +4407,7 @@ rewrite_expr_tree_parallel (gassign *stmt, int width,
 {
   enum tree_code opcode = gimple_assign_rhs_code (stmt);
   int op_num = ops.length ();
+  gcc_assert (op_num > 0);
   int stmt_num = op_num - 1;
   gimple **stmts = XALLOCAVEC (gimple *, stmt_num);
   int op_index = op_num - 1;

Thanks,
Martin

More information about the Gcc-bugs mailing list