[Bug tree-optimization/107561] [13 Regression] g++.dg/pr17488.C and [g++.dg/warn/Warray-bounds-16.C -m32] regression due to -Wstringop-overflow problem

[aldyh at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107561

Aldy Hernandez <aldyh at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|[13 Regression]             |[13 Regression]
                   |g++.dg/pr17488.C regression |g++.dg/pr17488.C and
                   |due to -Wstringop-overflow  |[g++.dg/warn/Warray-bounds-
                   |problem                     |16.C -m32] regression due
                   |                            |to -Wstringop-overflow
                   |                            |problem

--- Comment #2 from Aldy Hernandez <aldyh at gcc dot gnu.org> ---
The following test also fails for the same reason:

g++.dg/warn/Warray-bounds-16.C -m32 -O2

It is perhaps a better reduced test for the issue:

inline void* operator new (__SIZE_TYPE__, void * v)
{
  return v;
}

struct S
{
  int* p;
  int m;

  S (int i)
  {
    m = i;
    p = (int*) new unsigned char [sizeof (int) * m];

    for (int i = 0; i < m; i++)
      new (p + i) int (); /* { dg-bogus "bounds" "pr102690" { xfail *-*-* } }
*/
  }
};

S a (0);

$ ./cc1plus a.c -fdump-tree-all-details -quiet -I/tmp -O2 -std=gnu++98 -m32
In constructor ‘S::S(int)’,
    inlined from ‘void __static_initialization_and_destruction_0()’ at
a.c:26:7,
    inlined from ‘(static initializers for a.c)’ at a.c:26:8:
a.c:22:24: warning: ‘void* __builtin_memset(void*, int, unsigned int)’ writing
4 or more bytes into a region of size 0 overflows the destination
[-Wstringop-overflow=]
   22 |       new (p + i) int (); /* { dg-bogus "bounds" "pr102690" { xfail
*-*-* } } */
      |                        ^
a.c:19:51: note: destination object of size 0 allocated by ‘operator new []’
   19 |     p = (int*) new unsigned char [sizeof (int) * m];
      |                                                   ^
+ set +x

The ranges for some pointers are now different as early as .waccess1, even
though the IL is the same:

--- /tmp/a.c.025t.waccess1.orig.805839  2022-11-08 09:46:00.513031310 +0100
+++ /tmp/a.c.025t.waccess1.new.805839   2022-11-08 09:46:00.515031315 +0100
@@ -41,9 +41,9 @@
   max_depth:          2

 pointer_query cache contents:
-  3.0[5]: _3 = _17 (base0); size: unknown
+  3.0[5]: _3 = _17 (base0); size: [4, 2147483647]
   11.0[1]: this_11(D) = this_11(D); size: unknown
-  17.0[3]: _17 = _17 (base0); size: unknown
+  17.0[3]: _17 = _17 (base0); size: [4, 2147483647]

Similarly by evrp time:

-Global Exported: _15 = [irange] unsigned int [0, +INF] NONZERO 0xfffffffc
+Global Exported: _15 = [irange] unsigned int [0, 0][4, +INF] NONZERO
0xfffffffc

etc etc.

The range is correct, as it is the result of a multiplication by a power of 2:

    _15 = _2 * 4;

_15 can never be [1,3].