Bug 164233 - __builtin_object_size result incorrect
__builtin_object_size result incorrect
Product: Fedora
Classification: Fedora
Component: gcc (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Depends On:
  Show dependency treegraph
Reported: 2005-07-26 00:37 EDT by Ulrich Drepper
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-07-26 15:17:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
test case for wrong bos (452 bytes, text/plain)
2005-07-26 00:37 EDT, Ulrich Drepper
no flags Details

  None (edit)
Description Ulrich Drepper 2005-07-26 00:37:49 EDT
Description of problem:
I'll attach some code where gcc has to work hard to get the correct buffer size.
 Currently the result is wrong.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.compile the attached code with
gcc -c -g -O -D_FORTIFY_SOURCE u.c -DN=5
Actual results:
No warning message.

Expected results:
bos-bug.c: In function ‘s’:
bos-bug.c:25: warning: call to __builtin___snprintf_chk will always overflow
destination buffer

Only for N == 17 and higher should the warning disappear.

Additional info:
Comment 1 Ulrich Drepper 2005-07-26 00:37:49 EDT
Created attachment 117140 [details]
test case for wrong bos
Comment 2 Jakub Jelinek 2005-07-26 15:17:21 EDT
This is actually quite hard to solve.  The __bos computation pass can't run
too late, as otherwise the builtins aren't properly folded, and unfortunately
all the loop optimizations are run extremely late.  So tree-object-size.c
doesn't see the above as counted loop that is executed exactly 5 times,
but just sees that bb0 (whatever is before loop) falls through into the
loop body, followed by either jump back to the loop body start or fall through
into the last bb (which calls __bos).  As bb0 increments it twice and loop
body 3 times, this means from tree-object-size.c's POV that cp - buf >= 5.

This is certainly not feasible to fix in either 4.0 or 4.1, Diego wants his
new propagator to be used by __bos in 4.2 timeframe and if perhaps that
propagator could be thought about really simple counted loops, then maybe.

Note You need to log in before you can comment on or make changes to this bug.