[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757 Richard Biener changed: What|Removed |Added Target Milestone|12.4|12.5 --- Comment #10 from Richard Biener --- GCC 12.4 is being released, retargeting bugs to GCC 12.5.
[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757 --- Comment #9 from Jonathan Leffler --- I can confirm that GCC 14.1.0 does not report the problems, after all. GCC 13.2.0 and GCC 12.1.0 and 12.2.0 do. Apologies for the confusion.
[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757 --- Comment #8 from Jonathan Leffler --- I beg your pardon — I thought I was using GCC 14.1.0 when I was actually using GCC 13.2.0. My previous comment applies to GCC 13.2.0, with the spec. $ /usr/gcc/v13.2.0/bin/gcc -v Using built-in specs. COLLECT_GCC=/usr/gcc/v13.2.0/bin/gcc COLLECT_LTO_WRAPPER=/work1/gcc/v13.2.0/bin/../libexec/gcc/x86_64-pc-linux-gnu/13.2.0/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: ../gcc-13.2.0/configure --prefix=/usr/gcc/v13.2.0 CC=/usr/gcc/v12.2.0/bin/gcc CXX=/usr/gcc/v12.2.0/bin/g++ Thread model: posix Supported LTO compression algorithms: zlib gcc version 13.2.0 (GCC) $ Now to build 14.1.0 for this machine too and see whether there's still a problem. On another machine with 14.1.0 installed, the code compiles cleanly.
[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757 --- Comment #7 from Jonathan Leffler --- GCC 14.1.0 seems to produce "error: writing 8 bytes into a region of size 5 [-Werror=stringop-overflow=]" for two extra occurrences of almost the same code in the original source file. It still generates the original 4 warnings that triggered this bug report. The code now has 6 comments (instead of just 4) pointing out that the warning is probably incorrect and probably due to GCC bug 106757. I have not reduced the new situations to a bug like I did for the "error: writing 1 byte into a region of size 0" version of the message.
[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757 Jeffrey A. Law changed: What|Removed |Added Summary|[12/13/14 Regression] |[12/13 Regression] |Incorrect "writing 1 byte |Incorrect "writing 1 byte |into a region of size 0" on |into a region of size 0" on |a vectorized loop |a vectorized loop CC||law at gcc dot gnu.org --- Comment #6 from Jeffrey A. Law --- Works correctly on the trunk. Adjusting regression markers.
[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757 Richard Biener changed: What|Removed |Added Keywords||missed-optimization --- Comment #4 from Richard Biener --- (In reply to Peter Bergner from comment #3) > Is this the same bug, so just a simpler test case? > > bergner@fowler:LTC193379$ cat bug.c > int len = 16; > extern char *src; > char dst[16]; > > void > foo (void) > { > #ifdef OK > for (int i = 0; i < 16; i++) > #else > for (int i = 0; i < len; i++) > #endif > dst[i] = src[i]; > } > > bergner@fowler:LTC193379$ > /home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc/xgcc > -B/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc -S -O3 -DOK > -ftree-vectorize bug.c > > bergner@fowler:LTC193379$ > /home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc/xgcc > -B/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc -S -O3 -UOK > -fno-tree-vectorize bug.c > > bergner@fowler:LTC193379$ > /home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc/xgcc > -B/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc -S -O3 -UOK > -ftree-vectorize bug.c > bug.c: In function ‘foo’: > bug.c:13:12: warning: writing 1 byte into a region of size 0 > [-Wstringop-overflow=] >13 | dst[i] = src[i]; > | ~~~^~~~ > bug.c:3:6: note: at offset 16 into destination object ‘dst’ of size 16 > 3 | char dst[16]; > | ^~~ > bug.c:13:12: warning: writing 1 byte into a region of size 0 > [-Wstringop-overflow=] >13 | dst[i] = src[i]; > | ~~~^~~~ > bug.c:3:6: note: at offset 17 into destination object ‘dst’ of size 16 > 3 | char dst[16]; > | ^~~ > > I'll note that -fno-unroll-loops doesn't affect anything. It looks similar. Note the code we warn is isolated by DOM threading after loop opts here. The unrolling done is also a bit excessive but that's because we estimate an upper bound on the epilogue based on the array size accessed. The IL we diagnose is definitely bogus but unreachable at runtime which we don't see so it's also a code size issue.
[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757 Richard Biener changed: What|Removed |Added Priority|P3 |P2
[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757 Peter Bergner changed: What|Removed |Added CC||bergner at gcc dot gnu.org --- Comment #3 from Peter Bergner --- Is this the same bug, so just a simpler test case? bergner@fowler:LTC193379$ cat bug.c int len = 16; extern char *src; char dst[16]; void foo (void) { #ifdef OK for (int i = 0; i < 16; i++) #else for (int i = 0; i < len; i++) #endif dst[i] = src[i]; } bergner@fowler:LTC193379$ /home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc/xgcc -B/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc -S -O3 -DOK -ftree-vectorize bug.c bergner@fowler:LTC193379$ /home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc/xgcc -B/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc -S -O3 -UOK -fno-tree-vectorize bug.c bergner@fowler:LTC193379$ /home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc/xgcc -B/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc -S -O3 -UOK -ftree-vectorize bug.c bug.c: In function ‘foo’: bug.c:13:12: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 13 | dst[i] = src[i]; | ~~~^~~~ bug.c:3:6: note: at offset 16 into destination object ‘dst’ of size 16 3 | char dst[16]; | ^~~ bug.c:13:12: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 13 | dst[i] = src[i]; | ~~~^~~~ bug.c:3:6: note: at offset 17 into destination object ‘dst’ of size 16 3 | char dst[16]; | ^~~ I'll note that -fno-unroll-loops doesn't affect anything.
[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757 --- Comment #2 from Richard Biener --- The unroller has code to put unreachable()s in paths like those but it's imperfect.
[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757 Martin Sebor changed: What|Removed |Added Last reconfirmed||2022-08-26 Blocks||88443 CC||msebor at gcc dot gnu.org Ever confirmed|0 |1 Status|UNCONFIRMED |NEW Summary|[12/13 Regression] |[12/13 Regression] |Incorrect "writing 1 byte |Incorrect "writing 1 byte |into a region of size 0"|into a region of size 0" on |warning |a vectorized loop --- Comment #1 from Martin Sebor --- GCC unrolls the loop, and GCC 12 also vectorizes it. The combination of the two isolates stores from the loop that are out of bounds but that GCC cannot prove cannot happen: it has no insight into what value pqr_mbc_len() might return and if it's 5 or more the code would indeed write past the end. The warning just points it out. To "fix" this the unroller could use the bounds of the destination array to avoid emitting code for iterations of the loop that end up accessing objects outside their bounds (there already is logic that does that, controlled by the -faggressive-loop-optimizations option). Until then, if the function is guaranteed to return a value between 0 and 4 then adding the following assertion both avoids the warning and improves the emitted code. if (len < 0 || MBC_MAX < len) __builtin_unreachable (); The invalid stores can be seen in the IL output by the -fdump-tree-strlen=/dev/stdout developer option: [local count: 76354976]: bnd.6_47 = _26 >> 2; vect__3.11_53 = MEM [(char *)mbs_22]; MEM [(char *)&tmpchar] = vect__3.11_53; vectp_mbs.9_52 = mbs_22 + 4; niters_vector_mult_vf.7_48 = bnd.6_47 << 2; tmp.8_49 = (int) niters_vector_mult_vf.7_48; if (_26 == niters_vector_mult_vf.7_48) goto ; [25.00%] else goto ; [75.00%] [local count: 57266232]: _75 = (sizetype) tmp.8_49; _76 = vectp_mbs.9_52; _77 = MEM[(char *)vectp_mbs.9_52]; tmpchar[tmp.8_49] = _77; <<< -Wstringop-overflow k_79 = tmp.8_49 + 1; if (len_12 > 5) goto ; [80.00%] else goto ; [20.00%] [local count: 45812986]: _82 = 5; _83 = mbs_22 + 5; _84 = *_83; tmpchar[5] = _84; <<< -Wstringop-overflow k_86 = tmp.8_49 + 2; if (len_12 > k_86) goto ; [80.00%] else goto ; [20.00%] Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88443 [Bug 88443] [meta-bug] bogus/missing -Wstringop-overflow warnings