[Bug sanitizer/86899] [10/11/12/13 regression] TSAN incorrect warning: control reaches end of non-void function
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86899 --- Comment #11 from Dmitry G. Dyachenko --- r13-1213 PASS for me r13-1164 FAIL for me
[Bug sanitizer/104934] -fsanitize=undefined codegen err
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104934 --- Comment #2 from Dmitry G. Dyachenko --- (In reply to Jakub Jelinek from comment #1) > And the bug is? > The S class doesn't have the key method defined, so some other TU needs to > define it and thus provide the vtable and rtti for it. > Without -fsanitize=vptr the typeinfo isn't needed on this particular > testcase and the vtable isn't needed either, which is why you don't get an > undefined symbol in that case and you get it with -fsanitize=vptr or > -fsanitize=undefined that implies that. Thank you, Jakub. So, close as 'INVALID'?
[Bug sanitizer/104934] New: -fsanitize=undefined codegen err
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104934
Bug ID: 104934
Summary: -fsanitize=undefined codegen err
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: dimhen at gmail dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
r12-7608 FAIL
Probably FAIL long ago: gcc-8 FAIL
gcc version 8.0.1 20180125 (experimental) [trunk revision 257061] (GCC)
$ g++ -fsanitize=undefined -c -o x.o x.ii && nm -u --reverse-sort x.o
U _ZTI1S
$ g++ -c -o x.o x.ii && nm -u --reverse-sort x.o
$ cat x.ii
struct a {};
struct b {
a c;
};
struct S : a {
virtual int d();
};
struct e : b {
unsigned f();
};
unsigned e::f() { static_cast(); return 0; }
$ ~/arch-gcc/gcc_current/bin/g++ -v
Using built-in specs.
COLLECT_GCC=/home/dimhen/arch-gcc/gcc_current/bin/g++
COLLECT_LTO_WRAPPER=/home/dimhen/arch-gcc/gcc_current/libexec/gcc/x86_64-pc-linux-gnu/12.0.1/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
Target: x86_64-pc-linux-gnu
Configured with: /home/dimhen/src/gcc_current/configure
--prefix=/home/dimhen/arch-gcc/gcc_current
--enable-checking=yes,df,fold,rtl,extra --enable-languages=c,c++,lto
--disable-multilib --enable-shared --enable-threads=posix --enable-__cxa_atexit
--enable-gnu-unique-object --enable-linker-build-id
--with-linker-hash-style=gnu --enable-plugin --enable-initfini-array --with-isl
--enable-offload-targets=nvptx-none --without-cuda-driver
--enable-gnu-indirect-function --enable-cet --with-tune=native
--enable-libstdcxx-debug
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 12.0.1 20220311 (experimental) [master r12-7608-g5e28be89665] (GCC)
[Bug analyzer/104863] New: [12 regression] ICE in operator[], at vec.h:889
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104863
Bug ID: 104863
Summary: [12 regression] ICE in operator[], at vec.h:889
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dimhen at gmail dot com
Target Milestone: ---
r12-6649 PASS
r12-6793 FAIL
r12-7557 FAIL
$ $ cat y.i
extern void g();
struct a {
} b(int c, int d) {
struct a *e = 0;
int f;
if (c & 1 || !(c & 2))
return *e;
f = 0;
for (; f < d - 1; f++)
g(e[1]);
}
$ gcc -fpreprocessed -O1 -fanalyzer -fanalyzer-transitivity y.i
during IPA pass: analyzer
y.i: In function ‘b’:
y.i:9:12: internal compiler error: in operator[], at vec.h:889
9 | for (; f < d - 1; f++)
| ~~^~~
0xd3c09c vec::operator[](unsigned int)
/home/dimhen/src/gcc_current/gcc/vec.h:889
0xd3c54d vec::operator[](unsigned int)
/home/dimhen/src/gcc_current/gcc/analyzer/constraint-manager.cc:2031
0xd3c54d vec::operator[](unsigned int)
/home/dimhen/src/gcc_current/gcc/vec.h:1495
0xd3c54d ana::constraint_manager::get_equiv_class_by_index(unsigned int)
/home/dimhen/src/gcc_current/gcc/analyzer/constraint-manager.h:428
0xd3c54d ana::equiv_class_id::get_obj(ana::constraint_manager&) const
/home/dimhen/src/gcc_current/gcc/analyzer/constraint-manager.cc:1462
0xd3c54d ana::constraint_manager::add_constraint_internal(ana::equiv_class_id,
ana::constraint_op, ana::equiv_class_id)
/home/dimhen/src/gcc_current/gcc/analyzer/constraint-manager.cc:1982
0x24e1671 ana::constraint_manager::add_unknown_constraint(ana::equiv_class_id,
tree_code, ana::equiv_class_id)
/home/dimhen/src/gcc_current/gcc/analyzer/constraint-manager.cc:1931
0x24e5ab0 ana::constraint_manager::add_constraint(ana::svalue const*,
tree_code, ana::svalue const*)
/home/dimhen/src/gcc_current/gcc/analyzer/constraint-manager.cc:1823
0x1783a70 ana::region_model::add_constraint(ana::svalue const*, tree_code,
ana::svalue const*, ana::region_model_context*)
/home/dimhen/src/gcc_current/gcc/analyzer/region-model.cc:3049
0x1784221 ana::region_model::add_constraint(tree_node*, tree_code, tree_node*,
ana::region_model_context*, ana::rejected_constraint**)
/home/dimhen/src/gcc_current/gcc/analyzer/region-model.cc:3077
0x177011f ana::program_state::on_edge(ana::exploded_graph&,
ana::exploded_node*, ana::superedge const*, ana::uncertainty_t*)
/home/dimhen/src/gcc_current/gcc/analyzer/program-state.cc:1035
0x175deba ana::exploded_graph::process_node(ana::exploded_node*)
/home/dimhen/src/gcc_current/gcc/analyzer/engine.cc:3976
0x175f252 ana::exploded_graph::process_worklist()
/home/dimhen/src/gcc_current/gcc/analyzer/engine.cc:3186
0x17615bd ana::impl_run_checkers(ana::logger*)
/home/dimhen/src/gcc_current/gcc/analyzer/engine.cc:5765
0x176241e ana::run_checkers()
/home/dimhen/src/gcc_current/gcc/analyzer/engine.cc:5836
0x17520a8 execute
/home/dimhen/src/gcc_current/gcc/analyzer/analyzer-pass.cc:87
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See
[Bug sanitizer/90347] [UBSAN] __attribute__((weak))__ results in "declared weak after being used" error
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90347 --- Comment #7 from Dmitry G. Dyachenko --- r12-5761 PASS for me r12-5648 FAIL r12-5761 PASS
[Bug middle-end/77721] -Wformat-truncation not uses arg range for converted vars
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77721
--- Comment #7 from Dmitry G. Dyachenko ---
Sounds like gcc-8.0.1 PASS for me
r257061 FAIL
r258034 PASS
r12-5546 PASS
$ ~/arch-gcc/SVN/gcc_258034/bin/gcc --version
gcc (GCC) 8.0.1 20180227 (experimental) [trunk revision 258034]
$ ~/arch-gcc/SVN/gcc_258034/bin/gcc -O2 -S -Wall -Woverflow -Wconversion
-Wpedantic -Wformat-truncation=2 -xc x.c
$ cat x.c
int snprintf (char*, __SIZE_TYPE__, const char*, ...);
void foo(unsigned j, char *p)
{
if(j > 999)
return;
snprintf(p, 4, "%3u", j);
}
void bar(int j, char *p)
{
const unsigned k = (unsigned) j;
if(k > 999)
return;
snprintf(p, 4, "%3u", k);
}
[Bug tree-optimization/102814] New: [12 regression] quadratique/exponential time complexity for max-jump-thread-duplication-stmts
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102814
Bug ID: 102814
Summary: [12 regression] quadratique/exponential time
complexity for max-jump-thread-duplication-stmts
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: dimhen at gmail dot com
Target Milestone: ---
r12-4256 FAST
r12- SLOW
g++ -fpreprocessed -std=c++98 -O2 --param max-jump-thread-duplication-stmts=NNN
-c x.ii
r12-4256 r12-
1800.5s 0.21s
1810.8s > 100s
1901.0s 52s
cat x.ii # cvise'd from proprietary codebase
struct a {
a operator+(int);
};
void *operator new(unsigned long, void *c) { return c; }
struct d {
void h(int *j) { new (j) int(); }
};
struct k {
struct {
int e;
int f;
} g;
};
struct n : k {
a m_fn2();
a o();
int m_fn4();
int operator[](int);
int ae;
void s() {
if (g.e != g.f) {
d l;
int *b;
l.h(b);
}
a m = o();
t(m, ae);
}
template void u(a, af, af);
void t(a, unsigned char);
};
int ah;
struct v {
n w();
};
void x() {
v p;
n ak = p.w(), al, rapdu;
int q(ak.m_fn4());
int r;
for (int i = 0; q; i++) {
if (i == q - 1) {
al.s();
r = ak.m_fn4();
}
al.s();
al.s();
al.s();
al.s();
a am, an = ak.m_fn2(), ao = an + 1, ap = ak.m_fn2(), aq = ap + ah,
ar = aq + r;
al.u(am, ao, ar);
if (i == q - 1)
al.s();
i &[1];
}
}
g++ -v
Using built-in specs.
COLLECT_GCC=/home/dimhen/arch-gcc/gcc_current/bin/g++
COLLECT_LTO_WRAPPER=/home/dimhen/arch-gcc/gcc_current/libexec/gcc/x86_64-pc-linux-gnu/12.0.0/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
Target: x86_64-pc-linux-gnu
Configured with: /home/dimhen/src/gcc_current/configure
--prefix=/home/dimhen/arch-gcc/gcc_current
--enable-checking=yes,df,fold,rtl,extra --enable-languages=c,c++,lto
--disable-multilib --enable-shared --enable-threads=posix --enable-__cxa_atexit
--enable-gnu-unique-object --enable-linker-build-id
--with-linker-hash-style=gnu --enable-plugin --enable-initfini-array --with-isl
--enable-offload-targets=nvptx-none --without-cuda-driver
--enable-gnu-indirect-function --enable-cet --with-tune=native
--enable-libstdcxx-debug
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 12.0.0 20211015 (experimental) [master r12--ga01704fc45a] (GCC)
[Bug c/102797] ice in useless_type_conversion_p, at gimple-expr.c:87
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102797
--- Comment #2 from Dmitry G. Dyachenko ---
r12-4256 PASS
r12- FAIL
$ cat x.ii
struct b {
b(int);
};
void d() {
int c = 1;
do
try {
b a = 1;
while (1) {
c++;
a = 1;
}
} catch (...) {
}
while (1);
}
$ g++ -fpreprocessed -O2 -std=c++98 -c x.ii
during GIMPLE pass: evrp
x.ii: In function 'void d()':
x.ii:16:1: internal compiler error: tree check: expected class 'type', have
'exceptional' (error_mark) in useless_type_conversion_p, at gimple-expr.c:87
16 | }
| ^
0x90e691 tree_class_check_failed(tree_node const*, tree_code_class, char
const*, int, char const*)
/home/dimhen/src/gcc_current/gcc/tree.c:8739
0x7fcfb1 tree_class_check(tree_node*, tree_code_class, char const*, int, char
const*)
/home/dimhen/src/gcc_current/gcc/tree.h:3556
0x7fcfb1 useless_type_conversion_p(tree_node*, tree_node*)
/home/dimhen/src/gcc_current/gcc/gimple-expr.c:87
0x169677a verify_gimple_phi
/home/dimhen/src/gcc_current/gcc/tree-cfg.c:5128
0x169677a verify_gimple_in_cfg(function*, bool)
/home/dimhen/src/gcc_current/gcc/tree-cfg.c:5457
0x154ad27 execute_function_todo
/home/dimhen/src/gcc_current/gcc/passes.c:2042
0x154b73c execute_todo
/home/dimhen/src/gcc_current/gcc/passes.c:2096
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See
[Bug middle-end/102386] New: [12 regression] bogus -Wrestrict for unreachable memcpy()
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102386
Bug ID: 102386
Summary: [12 regression] bogus -Wrestrict for unreachable
memcpy()
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: dimhen at gmail dot com
Target Milestone: ---
r12-3456 PASS
r12-3545 FAIL
$ cat x.i
static int GetHashParam_HP_OPAQUEBLOB_pdwDataLen = 0;
void *memcpy(void *, const void *, unsigned long);
typedef struct {
int tSimpleBlobHeader;
int bCurrKey[];
} CRYPT_OPAQUEHASHBLOB;
int GetHashParam_HP_OPAQUEBLOB() {
CRYPT_OPAQUEHASHBLOB *pBlb;
if (GetHashParam_HP_OPAQUEBLOB_pdwDataLen) {
void *pcn = pBlb->bCurrKey, *pdwBuff = pBlb->bCurrKey;
int dwDWBufLen = 8;
memcpy(pcn, pdwBuff, sizeof(1) * dwDWBufLen);
}
return 1;
}
$ gcc -fpreprocessed -O --param max-early-inliner-iterations=2 -Wrestrict -c
x.i
x.i: In function 'GetHashParam_HP_OPAQUEBLOB':
x.i:12:5: warning: 'memcpy' accessing 32 bytes at offsets 4 and 4 overlaps 32
bytes at offset 4 [-Wrestrict]
12 | memcpy(pcn, pdwBuff, sizeof(1) * dwDWBufLen);
| ^~~~
Test extracted from private codebase.
Key part:
static inline void foo(void *p, void *q, int N)
{
if(p != q)
memcpy(p, q, N);
}
void bar(void q, void p, int N)
{
foo(p, q, N);
}
[Bug analyzer/96894] Analyzer assumes pointer is NULL, even if pointer was tested to be non-null before
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96894 Dmitry G. Dyachenko changed: What|Removed |Added CC||dimhen at gmail dot com --- Comment #2 from Dmitry G. Dyachenko --- gcc version 11.0.0 20210212 (experimental) [master revision 0c27fe96f81:d6ccd7dde1c:8c4137c7ead515baaf1ac8340edeb3a442388b5b] PASS for me
[Bug analyzer/95000] -fanalyzer confused by switch on non-int type
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95000 --- Comment #5 from Dmitry G. Dyachenko --- gcc version 11.0.0 20210210 (experimental) [master revision bd0e37f68a3:deed5164277:72932511053596091ad291539022b51d9f2ba418] PASS for me
[Bug analyzer/94713] Analyzer is buggy on uninitialized pointer
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94713 Dmitry G. Dyachenko changed: What|Removed |Added CC||dimhen at gmail dot com --- Comment #1 from Dmitry G. Dyachenko --- gcc version 11.0.0 20210210 (experimental) [master revision bd0e37f68a3:deed5164277:72932511053596091ad291539022b51d9f2ba418] PASS for me
[Bug analyzer/93695] Allocation and freeing memory for array members in loops is not handled properly by the analyzer
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93695 Dmitry G. Dyachenko changed: What|Removed |Added CC||dimhen at gmail dot com --- Comment #2 from Dmitry G. Dyachenko --- gcc version 11.0.0 20210210 (experimental) [master revision bd0e37f68a3:deed5164277:72932511053596091ad291539022b51d9f2ba418] PASS for me
[Bug analyzer/99064] New: [11 regression] ICE analyzer::print_mem_ref
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99064
Bug ID: 99064
Summary: [11 regression] ICE analyzer::print_mem_ref
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dimhen at gmail dot com
Target Milestone: ---
gcc version 11.0.0 20210104 (experimental) [master revision
7f2b7317566:9da1da01aec:39bd65faee3bafe2dc067e5fedb5079896551a8a] (GCC)
r11-6442 PASS
gcc version 11.0.0 20210108 (experimental) [master revision
bdcde150450:e18dcf9fcae:b407f233d7c18534fbfe8f74af7f0232498fb0c4] (GCC)
r11-6550 FAIL
gcc version 11.0.0 20210210 (experimental) [master revision
bd0e37f68a3:deed5164277:72932511053596091ad291539022b51d9f2ba418] (GCC)
r11-7168 FAIL
$ cat x.ii
template struct iterator_traits;
template struct iterator_traits<_Tp *> {
typedef _Tp
};
template struct __normal_iterator {
_Iterator _M_current;
__normal_iterator(_Iterator &__i) : _M_current(__i) {}
typename iterator_traits<_Iterator>::reference operator*() {
return *_M_current;
}
};
template struct allocator;
template struct allocator_traits;
template struct allocator_traits> {
using pointer = _Tp *;
};
struct TPkcs11Token;
struct __alloc_traits : allocator_traits> {};
struct _Vector_base {
typedef __alloc_traits::pointer pointer;
struct {
pointer _M_start;
} _M_impl;
};
struct : _Vector_base {
__normal_iterator begin() { return _M_impl._M_start; }
} list_tokens_token_list;
struct TPkcs11Token {
int *add_info;
};
void list_tokens() {
for (__normal_iterator base = list_tokens_token_list.begin();;) {
int *add_info = new int;
(*base).add_info = add_info;
}
}
// cvise'd from private codebase
$ gcc_current/bin/g++ -fpreprocessed -O2 -fanalyzer -c x.ii
during IPA pass: analyzer
x.ii:34:22: internal compiler error: Segmentation fault
34 | (*base).add_info = add_info;
| ~^~
0x12baa3f crash_signal
/home/dimhen/src/gcc_current/gcc/toplev.c:327
0xd7f150 print_mem_ref
/home/dimhen/src/gcc_current/gcc/c-family/c-pretty-print.c:2006
0xb7b035 dump_expr
/home/dimhen/src/gcc_current/gcc/cp/error.c:2367
0xb80640 expr_to_string(tree_node*)
/home/dimhen/src/gcc_current/gcc/cp/error.c:3188
0xb80d7c cp_printer
/home/dimhen/src/gcc_current/gcc/cp/error.c:4356
0x1f28c86 pp_format(pretty_printer*, text_info*)
/home/dimhen/src/gcc_current/gcc/pretty-print.c:1475
0x16533cc ana::evdesc::event_desc::formatted_print(char const*, ...) const
/home/dimhen/src/gcc_current/gcc/analyzer/pending-diagnostic.cc:64
0x1eb67a6 ana::warning_event::get_desc(bool) const
/home/dimhen/src/gcc_current/gcc/analyzer/checker-path.cc:885
0x1eb60f2 ana::checker_event::prepare_for_emission(ana::checker_path*,
ana::pending_diagnostic*, diagnostic_event_id_t)
/home/dimhen/src/gcc_current/gcc/analyzer/checker-path.cc:149
0x1ec64f3 ana::checker_path::prepare_for_emission(ana::pending_diagnostic*)
/home/dimhen/src/gcc_current/gcc/analyzer/checker-path.h:559
0x1ec64f3 ana::diagnostic_manager::emit_saved_diagnostic(ana::exploded_graph
const&, ana::saved_diagnostic const&, ana::exploded_path const&, gimple const*,
int)
/home/dimhen/src/gcc_current/gcc/analyzer/diagnostic-manager.cc:668
0x1ec8a80 ana::dedupe_winners::emit_best(ana::diagnostic_manager*,
ana::exploded_graph const&)
/home/dimhen/src/gcc_current/gcc/analyzer/diagnostic-manager.cc:569
0x1ec68c8 ana::diagnostic_manager::emit_saved_diagnostics(ana::exploded_graph
const&)
/home/dimhen/src/gcc_current/gcc/analyzer/diagnostic-manager.cc:622
0x1649d32 ana::impl_run_checkers(ana::logger*)
/home/dimhen/src/gcc_current/gcc/analyzer/engine.cc:4744
0x164aafe ana::run_checkers()
/home/dimhen/src/gcc_current/gcc/analyzer/engine.cc:4801
0x163d568 execute
/home/dimhen/src/gcc_current/gcc/analyzer/analyzer-pass.cc:87
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See
[Bug tree-optimization/98568] [11 regression] ICE in verify_gimple() during GIMPLE pass: store-merging
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98568 --- Comment #1 from Dmitry G. Dyachenko --- $ ~/arch-gcc/r11-6475/bin/gcc -v Using built-in specs. COLLECT_GCC=/home/dimhen/arch-gcc/r11-6475/bin/gcc COLLECT_LTO_WRAPPER=/home/dimhen/arch-gcc/r11-6475/bin/../libexec/gcc/x86_64-pc-linux-gnu/11.0.0/lto-wrapper OFFLOAD_TARGET_NAMES=nvptx-none Target: x86_64-pc-linux-gnu Configured with: /home/dimhen/src/gcc_current/configure --prefix=/home/dimhen/arch-gcc/gcc_current --enable-checking=yes,df,fold,rtl,extra --enable-languages=c,c++,lto --disable-multilib --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-gnu-unique-object --enable-linker-build-id --with-linker-hash-style=gnu --enable-plugin --enable-initfini-array --with-isl --enable-offload-targets=nvptx-none --without-cuda-driver --enable-gnu-indirect-function --enable-cet --with-tune=native Thread model: posix Supported LTO compression algorithms: zlib zstd gcc version 11.0.0 20210105 (experimental) [master revision 26b5062be99:3cf8b6daf8d:27aad521570cbc1050ba957c0ee47aed18033dc1] (GCC)
[Bug tree-optimization/98568] New: [11 regression] ICE in verify_gimple() during GIMPLE pass: store-merging
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98568
Bug ID: 98568
Summary: [11 regression] ICE in verify_gimple() during GIMPLE
pass: store-merging
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: dimhen at gmail dot com
Target Milestone: ---
r11-6442 PASS
r11-6475 FAIL
$ cat x.i
char a[2];
void c()
{
int b;
a[1] = b >> 8;
a[0] = b;
}
// creduced from openssl-1.1.0/ssl/s3_cbc.c
$ ~/arch-gcc/r11-6475/bin/gcc -fpreprocessed -O3 -c x.i
x.i: In function 'c':
x.i:2:6: error: conversion of register to a different size in
'view_convert_expr'
2 | void c()
| ^
VIEW_CONVERT_EXPR(b_4(D));
_12 = VIEW_CONVERT_EXPR(b_4(D));
during GIMPLE pass: store-merging
x.i:2:6: internal compiler error: verify_gimple failed
0x10420ba verify_gimple_in_cfg(function*, bool)
/home/dimhen/src/gcc_current/gcc/tree-cfg.c:5467
0xef8497 execute_function_todo
/home/dimhen/src/gcc_current/gcc/passes.c:2042
0xef8ebb execute_todo
/home/dimhen/src/gcc_current/gcc/passes.c:2096
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See
[Bug middle-end/94195] missing warning reading a smaller object via an lvalue of a larger type
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94195
Dmitry G. Dyachenko changed:
What|Removed |Added
CC||dimhen at gmail dot com
--- Comment #3 from Dmitry G. Dyachenko ---
(In reply to CVS Commits from comment #2)
> The master branch has been updated by Martin Sebor :
>
> https://gcc.gnu.org/g:3f9a497d1b0dd9da87908a11b59bf364ad40ddca
>
> commit r11-3306-g3f9a497d1b0dd9da87908a11b59bf364ad40ddca
> Author: Martin Sebor
> Date: Sat Sep 19 17:47:29 2020 -0600
>
> Extend -Warray-bounds to detect out-of-bounds accesses to array
> parameters.
>
> gcc/ChangeLog:
>
> PR middle-end/82608
> PR middle-end/94195
> PR c/50584
> PR middle-end/84051
> * gimple-array-bounds.cc (get_base_decl): New function.
> (get_ref_size): New function.
> (trailing_array): New function.
> (array_bounds_checker::check_array_ref): Call them. Handle
> arrays
> declared in function parameters.
> (array_bounds_checker::check_mem_ref): Same. Handle references
> to
> dynamically allocated arrays.
>
> gcc/testsuite/ChangeLog:
>
> PR middle-end/82608
> PR middle-end/94195
> PR c/50584
> PR middle-end/84051
> * c-c++-common/Warray-bounds.c: Adjust.
> * gcc.dg/Wbuiltin-declaration-mismatch-9.c: Adjust.
> * gcc.dg/Warray-bounds-63.c: New test.
> * gcc.dg/Warray-bounds-64.c: New test.
> * gcc.dg/Warray-bounds-65.c: New test.
> * gcc.dg/Warray-bounds-66.c: New test.
> * gcc.dg/Warray-bounds-67.c: New test.
I am a bit confused -- now gcc produces warning.
But access is not out of allocated memory.
Is it expected?
$ cat x.c
#include
struct S1 {
unsigned x;
};
struct S {
struct S1 s1;
int z;
};
void f1()
{
struct S *pS = (struct S*) calloc(sizeof(struct S1),1);
if(pS->s1.x == 0)
return;
free(pS);
}
$ gcc -O2 -Wall -c x.i
x.c: In function 'f1':
x.c:18:8: warning: array subscript 'struct S[0]' is partly outside array bounds
of 'unsigned char[4]' [-Warray-bounds]
18 | if(pS->s1.x == 0)
|^~
x.c:17:30: note: referencing an object of size 4 allocated by 'calloc'
17 | struct S *pS = (struct S*) calloc(sizeof(struct S1),1);
| ^~~
