[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop

[rguenth at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757

Richard Biener  changed:

   What|Removed |Added

   Target Milestone|12.4|12.5

--- Comment #10 from Richard Biener  ---
GCC 12.4 is being released, retargeting bugs to GCC 12.5.

[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop

[jonathan.leffler at gmail dot com via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757

--- Comment #9 from Jonathan Leffler  ---
I can confirm that GCC 14.1.0 does not report the problems, after all.

GCC 13.2.0 and GCC 12.1.0 and 12.2.0 do.

Apologies for the confusion.

[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop

[jonathan.leffler at gmail dot com via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757

--- Comment #8 from Jonathan Leffler  ---
I beg your pardon — I thought I was using GCC 14.1.0 when I was actually using
GCC 13.2.0.  My previous comment applies to GCC 13.2.0, with the spec.

$ /usr/gcc/v13.2.0/bin/gcc -v
Using built-in specs.
COLLECT_GCC=/usr/gcc/v13.2.0/bin/gcc
COLLECT_LTO_WRAPPER=/work1/gcc/v13.2.0/bin/../libexec/gcc/x86_64-pc-linux-gnu/13.2.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: ../gcc-13.2.0/configure --prefix=/usr/gcc/v13.2.0
CC=/usr/gcc/v12.2.0/bin/gcc CXX=/usr/gcc/v12.2.0/bin/g++
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 13.2.0 (GCC)
$

Now to build 14.1.0 for this machine too and see whether there's still a
problem.  On another machine with 14.1.0 installed, the code compiles cleanly.

[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop

[jonathan.leffler at gmail dot com via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757

--- Comment #7 from Jonathan Leffler  ---
GCC 14.1.0 seems to produce "error: writing 8 bytes into a region of size 5
[-Werror=stringop-overflow=]" for two extra occurrences of almost the same code
in the original source file.  It still generates the original 4 warnings that
triggered this bug report.  The code now has 6 comments (instead of just 4)
pointing out that the warning is probably incorrect and probably due to GCC bug
106757.  I have not reduced the new situations to a bug like I did for the
"error: writing 1 byte into a region of size 0" version of the message.

[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop

[law at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757

Jeffrey A. Law  changed:

   What|Removed |Added

Summary|[12/13/14 Regression]   |[12/13 Regression]
   |Incorrect "writing 1 byte   |Incorrect "writing 1 byte
   |into a region of size 0" on |into a region of size 0" on
   |a vectorized loop   |a vectorized loop
 CC||law at gcc dot gnu.org

--- Comment #6 from Jeffrey A. Law  ---
Works correctly on the trunk.  Adjusting regression markers.

[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop

[rguenth at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757

Richard Biener  changed:

   What|Removed |Added

   Keywords||missed-optimization

--- Comment #4 from Richard Biener  ---
(In reply to Peter Bergner from comment #3)
> Is this the same bug, so just a simpler test case?
> 
> bergner@fowler:LTC193379$ cat bug.c
> int len = 16;
> extern char *src;
> char dst[16];
> 
> void
> foo (void)
> {
> #ifdef OK
>   for (int i = 0; i < 16; i++)
> #else
>   for (int i = 0; i < len; i++)
> #endif
> dst[i] = src[i];
> }
> 
> bergner@fowler:LTC193379$
> /home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc/xgcc
> -B/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc -S -O3 -DOK
> -ftree-vectorize bug.c
> 
> bergner@fowler:LTC193379$
> /home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc/xgcc
> -B/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc -S -O3 -UOK
> -fno-tree-vectorize bug.c
> 
> bergner@fowler:LTC193379$
> /home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc/xgcc
> -B/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc -S -O3 -UOK
> -ftree-vectorize bug.c
> bug.c: In function ‘foo’:
> bug.c:13:12: warning: writing 1 byte into a region of size 0
> [-Wstringop-overflow=]
>13 | dst[i] = src[i];
>   | ~~~^~~~
> bug.c:3:6: note: at offset 16 into destination object ‘dst’ of size 16
> 3 | char dst[16];
>   |  ^~~
> bug.c:13:12: warning: writing 1 byte into a region of size 0
> [-Wstringop-overflow=]
>13 | dst[i] = src[i];
>   | ~~~^~~~
> bug.c:3:6: note: at offset 17 into destination object ‘dst’ of size 16
> 3 | char dst[16];
>   |  ^~~
> 
> I'll note that -fno-unroll-loops doesn't affect anything.

It looks similar.  Note the code we warn is isolated by DOM threading
after loop opts here.  The unrolling done is also a bit excessive but
that's because we estimate an upper bound on the epilogue based on
the array size accessed.

The IL we diagnose is definitely bogus but unreachable at runtime which
we don't see so it's also a code size issue.

[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop

[rguenth at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757

Richard Biener  changed:

   What|Removed |Added

   Priority|P3  |P2

[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop

[bergner at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757

Peter Bergner  changed:

   What|Removed |Added

 CC||bergner at gcc dot gnu.org

--- Comment #3 from Peter Bergner  ---
Is this the same bug, so just a simpler test case?

bergner@fowler:LTC193379$ cat bug.c
int len = 16;
extern char *src;
char dst[16];

void
foo (void)
{
#ifdef OK
  for (int i = 0; i < 16; i++)
#else
  for (int i = 0; i < len; i++)
#endif
dst[i] = src[i];
}

bergner@fowler:LTC193379$
/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc/xgcc
-B/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc -S -O3 -DOK
-ftree-vectorize bug.c

bergner@fowler:LTC193379$
/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc/xgcc
-B/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc -S -O3 -UOK
-fno-tree-vectorize bug.c

bergner@fowler:LTC193379$
/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc/xgcc
-B/home/bergner/gcc/build/gcc-fsf-mainline-ltc193379-debug/gcc -S -O3 -UOK
-ftree-vectorize bug.c
bug.c: In function ‘foo’:
bug.c:13:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
   13 | dst[i] = src[i];
  | ~~~^~~~
bug.c:3:6: note: at offset 16 into destination object ‘dst’ of size 16
3 | char dst[16];
  |  ^~~
bug.c:13:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
   13 | dst[i] = src[i];
  | ~~~^~~~
bug.c:3:6: note: at offset 17 into destination object ‘dst’ of size 16
3 | char dst[16];
  |  ^~~

I'll note that -fno-unroll-loops doesn't affect anything.

[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop

[rguenth at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757

--- Comment #2 from Richard Biener  ---
The unroller has code to put unreachable()s in paths like those but it's
imperfect.

[Bug tree-optimization/106757] [12/13 Regression] Incorrect "writing 1 byte into a region of size 0" on a vectorized loop

[msebor at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757

Martin Sebor  changed:

   What|Removed |Added

   Last reconfirmed||2022-08-26
 Blocks||88443
 CC||msebor at gcc dot gnu.org
 Ever confirmed|0   |1
 Status|UNCONFIRMED |NEW
Summary|[12/13 Regression]  |[12/13 Regression]
   |Incorrect "writing 1 byte   |Incorrect "writing 1 byte
   |into a region of size 0"|into a region of size 0" on
   |warning |a vectorized loop

--- Comment #1 from Martin Sebor  ---
GCC unrolls the loop, and GCC 12 also vectorizes it.  The combination of the
two isolates stores from the loop that are out of bounds but that GCC cannot
prove cannot happen: it has no insight into what value pqr_mbc_len() might
return and if it's 5 or more the code would indeed write past the end.  The
warning just points it out.  To "fix" this the unroller could use the bounds of
the destination array to avoid emitting code for iterations of the loop that
end up accessing objects outside their bounds (there already is logic that does
that, controlled by the -faggressive-loop-optimizations option).  Until then,
if the function is guaranteed to return a value between 0 and 4 then adding the
following assertion both avoids the warning and improves the emitted code.

if (len < 0 || MBC_MAX < len)
  __builtin_unreachable ();

The invalid stores can be seen in the IL output by the
-fdump-tree-strlen=/dev/stdout developer option:

   [local count: 76354976]:
  bnd.6_47 = _26 >> 2;
  vect__3.11_53 = MEM  [(char *)mbs_22];
  MEM  [(char *)&tmpchar] = vect__3.11_53;
  vectp_mbs.9_52 = mbs_22 + 4;
  niters_vector_mult_vf.7_48 = bnd.6_47 << 2;
  tmp.8_49 = (int) niters_vector_mult_vf.7_48;
  if (_26 == niters_vector_mult_vf.7_48)
goto ; [25.00%]
  else
goto ; [75.00%]

   [local count: 57266232]:
  _75 = (sizetype) tmp.8_49;
  _76 = vectp_mbs.9_52;
  _77 = MEM[(char *)vectp_mbs.9_52];
  tmpchar[tmp.8_49] = _77;   <<< -Wstringop-overflow
  k_79 = tmp.8_49 + 1;
  if (len_12 > 5)
goto ; [80.00%]
  else
goto ; [20.00%]

   [local count: 45812986]:
  _82 = 5;
  _83 = mbs_22 + 5;
  _84 = *_83;
  tmpchar[5] = _84;  <<< -Wstringop-overflow
  k_86 = tmp.8_49 + 2;
  if (len_12 > k_86)
goto ; [80.00%]
  else
goto ; [20.00%]


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88443
[Bug 88443] [meta-bug] bogus/missing -Wstringop-overflow warnings