[Bug ipa/105690] -Warray-bounds sensitive false positive with -O2
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105690
--- Comment #3 from Franz Sirl ---
I managed to minimize the testcase a bit more:
unsigned int gvar1;
void fun1(int);
void fun2(unsigned int, char *);
int fun2_maxlen;
typedef struct {
int exist;
int mode;
} table_t;
table_t gtable[20];
void fun3(unsigned int idx)
{
char buffer[257];
if (idx >= 20)
return;
fun2(idx, buffer);
if (gtable[idx].mode)
fun2(idx, buffer);
}
void fun4()
{
unsigned int idx = gvar1;
fun3(idx);
}
void fun2(unsigned int idx, char * text)
{
if (!(idx >= 20 || gtable[idx].exist == 0))
fun1(fun2_maxlen);
}
and this is the resulting code modeled after the 085i.inline dump:
unsigned int gvar1;
void fun1(unsigned int);
int fun2_maxlen;
typedef struct {
int exist;
int mode;
} table_t;
table_t gtable[20];
__attribute__((noinline))
static void fun3_part_0(unsigned int idx)
{
if (idx >= 20)
goto lab1;
if (gtable[idx].exist != 0)
fun1(fun2_maxlen);
lab1:
if (gtable[idx].mode != 0) {
if (idx >= 20)
return;
if (gtable[idx].exist != 0)
fun1(fun2_maxlen);
}
}
void fun3(unsigned int idx)
{
if (idx >= 20)
return;
fun3_part_0(idx);
}
void fun4()
{
unsigned int idx = gvar1;
if (idx >= 20)
return;
fun3_part_0(idx);
}
And so I wonder why the duplicated "if (idx >= 20) return" wasn't moved to
fun3.part.0?
If the reason is conflicting optimization goals, could something like an
"incoming range" be attached to the parameter of fun3.part.0? That would
probably help both the warning code and the following optimization passes.
BTW, is there a way to dump more details between 084i.fnsummary and
085i.inline?
[Bug ipa/105690] -Warray-bounds sensitive false positive with -O2
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105690 --- Comment #2 from Martin Jambor --- (In reply to Richard Biener from comment #1) > somehow function splitting exposes this, With options: -O2 -Warray-bounds -S -fno-inline-functions-called-once --param inline-unit-growth=0 --param max-inline-insns-auto=0 the warning also goes away, so it might be re-inlining the split functions together that exposes it. > but since all calls to > .part.0 are properly guarded this is senseless doing (maybe IPA with VRP > info does something odd here with the signed/unsigned promotion) IPA-VRP (or IPA-CP in general) does not seem to play a role, or at least disabling them does not seem to have any effect.
[Bug ipa/105690] -Warray-bounds sensitive false positive with -O2
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105690
Richard Biener changed:
What|Removed |Added
Component|c |ipa
Status|UNCONFIRMED |NEW
Blocks||56456
Keywords||wrong-debug
Ever confirmed|0 |1
Last reconfirmed||2022-05-23
CC||hubicka at gcc dot gnu.org,
||marxin at gcc dot gnu.org
--- Comment #1 from Richard Biener ---
OK, so the diagnostic is misleading:
else if (vr && vr->kind () == VR_ANTI_RANGE)
{
if (up_bound
&& TREE_CODE (up_sub) == INTEGER_CST
&& (ignore_off_by_one
? tree_int_cst_lt (up_bound, up_sub)
: tree_int_cst_le (up_bound, up_sub))
&& TREE_CODE (low_sub) == INTEGER_CST
&& tree_int_cst_le (low_sub, low_bound))
warned = warning_at (location, OPT_Warray_bounds,
"array subscript [%E, %E] is outside "
"array bounds of %qT",
low_sub, up_sub, artype);
it should say
warning: array subscript ~[0, 19] is outside array bounds of ...
or given anti-ranges are odd maybe say
warning: array subscript [..., 0[ U ]19, ...] is outside of array bounds ...
or
warning: array subscript not in [0, 19] is outside of array ...
?
Note it's odd we somehow end up with
[local count: 1073741824]:
idx.2_8 = (unsigned int) idx_1(D);
if (idx.2_8 <= 19)
goto ; [50.00%]
else
goto ; [50.00%]
[local count: 536870912]:
_11 = gtable[idx_6].mode;
goto ; [100.00%]
somehow function splitting exposes this, but since all calls to
.part.0 are properly guarded this is senseless doing (maybe IPA with VRP
info does something odd here with the signed/unsigned promotion)
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456
[Bug 56456] [meta-bug] bogus/missing -Warray-bounds
