Failures building glibc with mainline GCC

[Martin Sebor]

On 7/30/21 10:45 AM, Jeff Law via Gcc wrote:
> 
> 
> On 7/30/2021 10:19 AM, Aldy Hernandez via Libc-alpha wrote:
>> There's a new jump threader in GCC which is much more aggressive, and
>> may trigger latent problems with other warning passes, especially
>> -Warray-bounds, -Woverflow, and -Wuninitialized.
> [ ... ]
> Ugh.  First attempt got blocked as message was slightly too big.
> 
> I think this is pretty generic as I've seen it on multiple ports and 
> Joseph mentioned them as well.
> 
> With an s390-linux-gnu (not s390x!) cross compiler you should be able to 
> trigger:
> 
> bash-5.1# s390-linux-gnu-gcc -std=gnu99 -O2 -Wall -mlong-double-128 *.i
> In file included from t.61.c:437:
> In function 'from_t_61_single',
>      inlined from 'gconv' at ../iconv/skeleton.c:568:15:
> ../iconv/loop.c:440:22: warning: writing 1 byte into a region of size 0 
> [-Wstringop-overflow=]
> In file included from t.61.c:437:
> ../iconv/loop.c: In function 'gconv':
> ../iconv/loop.c:382:17: note: at offset 2 into destination object 
> 'bytebuf' of size 2
> 
> 
> I don't know if it's a real failure or a false positive.  I haven't even 
> bisected, but I suspect the new threader is the triggering change. 
> Ideally the threader threaded a path we hadn't previously and by some 
> chain of events exposed a out of bounds write that needs to be fixed.

The warning is valid for the IL.  Bytebuf is unsigned char[2] and
in bb 25 the warning sees:

   <bb 25> [local count: 2288797]:
   _613 = *inptr_96;
   bytebuf[2] = _613;               <<< -Wstringop-overflow
   goto <bb 32>; [100.00%]

GCC can't tell if the code is reachable and neither can I.  As
far as I can see it's the result of unrolling one if the loops
in the function, likely this one:

   do
     bytebuf[inlen++] = *inptr++;
   while (inlen < 2 && inptr < inend);

Adding:

   if (inlen >= 2) __builtin_unreachable ();

just above it avoids the warning.

Martin