https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99159
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
CC| |msebor at gcc dot gnu.org
Severity|normal |enhancement
Last reconfirmed| |2021-02-19
Summary|Confusing -Warray-bounds |missing -Wnonull on member
|warning |access through null
Ever confirmed|0 |1
Blocks| |95507
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
To expand on what Andrew said in comment #1: The code in test2() is undefined
because it dereferences a null pointer. It's diagnosed by -Warray-bounds and
(with it disabled) by -Wstringop-overread, both of which expect objects to be
allocated at valid addresses.
-Wnonnull would arguably be a better warning to issue for this case but it
doesn't have the same logic as the other two. In addition, and by the time
-Wnonnull runs, the null pointer has already been replaced by the non-null
address of the member:
void test2 ()
{
struct s2 * p;
struct s2 * pb.0_2;
struct s1 * _3;
<bb 2> :
pb.0_2 = pb;
_3 = &pb.0_2->y;
__builtin_memcpy (_3, 4B, 12);
return;
}
Issuing -Wnonull here would mean either running the warning earlier (which runs
the risk of issuing more false positives) or also assuming that objects don't
live at constant addresses.
The code test1() is "conditionally undefined" (it's defined when f is zero) and
isn't diagnosed only because -Wnonnull doesn't handle conditionals (PHI nodes).
A simple test case that shows the limitation is:
void f (void)
{
char *q = 0;
__builtin_puts (q); // -Wnonnull
}
void g (char *p)
{
char *q = *p ? p : 0;
__builtin_puts (q); // -Wnonnull
}
I can confirm this as an enhancement request for -Wnonull to diagnose both
problem(s). That should automatically disable any subsequent warnings for the
same bug.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95507
[Bug 95507] [meta-bug] bogus/missing -Wnonnull
