[Bug tree-optimization/86611] New: missing -Warray-bounds on a large negative index into a string in lp64

msebor at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Fri Jul 20 16:08:00 GMT 2018 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86611

            Bug ID: 86611
           Summary: missing -Warray-bounds on a large negative index into
                    a string in lp64
           Product: gcc
           Version: 9.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

With bug 84047 fixed, the out-of-bounds index in the following test case is
still diagnosed in ilp32 but not in lp64.  In ilp32 the MEM_REF makes it all
the way to VRP where it's diagnosed, but in lp64 it's folded in fre1:

$ cat c.c && gcc -O2 -S -Warray-bounds -Wno-stringop-overflow
-fdump-tree-ealias=/dev/stdout -fdump-tree-fre1=/dev/stdout c.c
void f (int);

void g (void)
{
  const char *p = "123";
  __PTRDIFF_TYPE__ i = -__PTRDIFF_MAX__ - 1;
  f (p[i + 1]);
}

;; Function g (g, funcdef_no=0, decl_uid=1900, cgraph_uid=1, symbol_order=0)

Points-to analysis

Constraints:

ANYTHING = &ANYTHING
ESCAPED = *ESCAPED
ESCAPED = ESCAPED + UNKNOWN
*ESCAPED = NONLOCAL
NONLOCAL = &NONLOCAL
NONLOCAL = &ESCAPED
INTEGER = &ANYTHING
_5 = _4
ESCAPED = _5

Collapsing static cycles and doing variable substitution
Building predecessor graph
Detecting pointer and location equivalences
Rewriting constraints and unifying variables
Uniting pointer but not location equivalent variables
Finding indirect cycles
Solving graph

Points-to sets

ANYTHING = { ANYTHING }
ESCAPED = { }
NONLOCAL = { ESCAPED NONLOCAL }
STOREDANYTHING = { }
INTEGER = { ANYTHING }
f = { }
_4 = { }
_5 = { }


Alias information for g

Aliased symbols


Call clobber information

ESCAPED, points-to vars: { }

Flow-insensitive points-to information


g ()
{
  long int i;
  const char * p;
  char _4;
  int _5;

  <bb 2> :
  _4 = MEM[(const char *)"123" + -9223372036854775807B];
  _5 = (int) _4;
  f (_5);
  return;

}



;; Function g (g, funcdef_no=0, decl_uid=1900, cgraph_uid=1, symbol_order=0)

g ()
{
  long int i;
  const char * p;

  <bb 2> :
  f (50);
  return;

}

More information about the Gcc-bugs mailing list