https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89699
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Blocks| |88443
Resolution|--- |INVALID
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
The warning here is by design. When the value's range is negative and includes
zero it's taken to be strictly negative because it's so much more likely. We
could adjust this heuristic if we thought it necessary (simply by passing
allow_zero = true to get_size_range()) but since as Jakub said the size would
more appropriately be represented as unsigned (otherwise a large strlen result
could result in min being negative), I don't believe it is. Thus this is not a
false positive.
The following is a simplified version of the test case.
$ cat z.c && gcc -O2 -S -Wall -fdump-tree-vrp1=/dev/stdout z.c
int f (const char *s1, const char *s2, int i)
{
int min = i < 0 ? i : 0;
return __builtin_memcmp (s1, s2, min);
}
;; Function f (f, funcdef_no=0, decl_uid=1908, cgraph_uid=1, symbol_order=0)
;; 1 loops found
;;
;; Loop 0
;; header 0, latch 1
;; depth 0, outer -1
;; nodes: 0 1 2
;; 2 succs { 1 }
Value ranges after VRP:
_1: long unsigned int ~[1, 18446744071562067967]
i_2(D): VARYING
min_3: int [-INF, 0]
s1_5(D): VARYING
s2_6(D): VARYING
_7: VARYING
f (const char * s1, const char * s2, int i)
{
int min;
long unsigned int _1;
int _7;
<bb 2> [local count: 1073741824]:
min_3 = MIN_EXPR <i_2(D), 0>;
_1 = (long unsigned int) min_3;
_7 = __builtin_memcmp (s1_5(D), s2_6(D), _1);
return _7;
}
z.c: In function ‘f’:
z.c:4:10: warning: ‘__builtin_memcmp’ specified size between
18446744071562067968 and 18446744073709551615 exceeds maximum object size
9223372036854775807 [-Wstringop-overflow=]
4 | return __builtin_memcmp (s1, s2, min);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88443
[Bug 88443] [meta-bug] bogus/missing -Wstringop-overflow warnings
