[Webkit-unassigned] [Bug 224782] New: -Warray-bounds warning in AirAllocateRegistersByGraphColoring.cpp with GCC 11
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 19 13:35:58 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=224782
Bug ID: 224782
Summary: -Warray-bounds warning in
AirAllocateRegistersByGraphColoring.cpp with GCC 11
Product: WebKit
Version: WebKit Nightly Build
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at gnome.org
With GCC 11, we have a nice -Warray-bounds warning spam coming from AirAllocateRegistersByGraphColoring.cpp:
[254/1653] Building CXX object Source/JavaScriptCore/CMak...edSources/unified-sources/UnifiedSource-23a5fd0e-10.cpp.o
In file included from JavaScriptCore/DerivedSources/unified-sources/UnifiedSource-23a5fd0e-10.cpp:7:
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp: In member function ‘void JSC::B3::Air::{anonymous}::GraphColoringRegisterAllocation::allocateOnBank() [with JSC::B3::Bank bank = JSC::B3::GP]’:
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1559:29: warning: array subscript ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::GP, JSC::B3::Air::{anonymous}::IRC, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> >[0]’ is partly outside array bounds of ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::GP, JSC::B3::Air::{anonymous}::Briggs, JSC::B3::Air::{anonymous}::InterferenceEdge<unsigned int, long unsigned int> > [1]’ [-Warray-bounds]
1559 | m_coloredTmp.resize(m_lastPrecoloredRegisterIndex + 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1895:91: note: while referencing ‘allocator’
1895 | ColoringAllocator<bank, Briggs, InterferenceEdge<uint32_t, uint64_t>> allocator(m_code, m_tmpWidth, m_useCounts, unspillableTmps);
| ^~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1560:35: warning: array subscript ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::GP, JSC::B3::Air::{anonymous}::IRC, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> >[0]’ is partly outside array bounds of ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::GP, JSC::B3::Air::{anonymous}::Briggs, JSC::B3::Air::{anonymous}::InterferenceEdge<unsigned int, long unsigned int> > [1]’ [-Warray-bounds]
1560 | for (unsigned i = 1; i <= m_lastPrecoloredRegisterIndex; ++i) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1895:91: note: while referencing ‘allocator’
1895 | ColoringAllocator<bank, Briggs, InterferenceEdge<uint32_t, uint64_t>> allocator(m_code, m_tmpWidth, m_useCounts, unspillableTmps);
| ^~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1559:29: warning: array subscript ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::GP, JSC::B3::Air::{anonymous}::IRC, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> >[0]’ is partly outside array bounds of ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::GP, JSC::B3::Air::{anonymous}::Briggs, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> > [1]’ [-Warray-bounds]
1559 | m_coloredTmp.resize(m_lastPrecoloredRegisterIndex + 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1892:91: note: while referencing ‘allocator’
1892 | ColoringAllocator<bank, Briggs, InterferenceEdge<uint16_t, uint32_t>> allocator(m_code, m_tmpWidth, m_useCounts, unspillableTmps);
| ^~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1560:35: warning: array subscript ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::GP, JSC::B3::Air::{anonymous}::IRC, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> >[0]’ is partly outside array bounds of ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::GP, JSC::B3::Air::{anonymous}::Briggs, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> > [1]’ [-Warray-bounds]
1560 | for (unsigned i = 1; i <= m_lastPrecoloredRegisterIndex; ++i) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1892:91: note: while referencing ‘allocator’
1892 | ColoringAllocator<bank, Briggs, InterferenceEdge<uint16_t, uint32_t>> allocator(m_code, m_tmpWidth, m_useCounts, unspillableTmps);
| ^~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp: In member function ‘void JSC::B3::Air::{anonymous}::GraphColoringRegisterAllocation::allocateOnBank() [with JSC::B3::Bank bank = JSC::B3::FP]’:
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1559:29: warning: array subscript ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::IRC, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> >[0]’ is partly outside array bounds of ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::Briggs, JSC::B3::Air::{anonymous}::InterferenceEdge<unsigned int, long unsigned int> > [1]’ [-Warray-bounds]
1559 | m_coloredTmp.resize(m_lastPrecoloredRegisterIndex + 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1895:91: note: while referencing ‘allocator’
1895 | ColoringAllocator<bank, Briggs, InterferenceEdge<uint32_t, uint64_t>> allocator(m_code, m_tmpWidth, m_useCounts, unspillableTmps);
| ^~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1560:35: warning: array subscript ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::IRC, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> >[0]’ is partly outside array bounds of ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::Briggs, JSC::B3::Air::{anonymous}::InterferenceEdge<unsigned int, long unsigned int> > [1]’ [-Warray-bounds]
1560 | for (unsigned i = 1; i <= m_lastPrecoloredRegisterIndex; ++i) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1895:91: note: while referencing ‘allocator’
1895 | ColoringAllocator<bank, Briggs, InterferenceEdge<uint32_t, uint64_t>> allocator(m_code, m_tmpWidth, m_useCounts, unspillableTmps);
| ^~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1544:21: warning: array subscript ‘const JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::IRC, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> >[0]’ is partly outside array bounds of ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::Briggs, JSC::B3::Air::{anonymous}::InterferenceEdge<unsigned int, long unsigned int> > [1]’ [-Warray-bounds]
1544 | dataLog(m_code);
| ^~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1895:91: note: while referencing ‘allocator’
1895 | ColoringAllocator<bank, Briggs, InterferenceEdge<uint32_t, uint64_t>> allocator(m_code, m_tmpWidth, m_useCounts, unspillableTmps);
| ^~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1544:21: warning: array subscript ‘const JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::IRC, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> >[0]’ is partly outside array bounds of ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::Briggs, JSC::B3::Air::{anonymous}::InterferenceEdge<unsigned int, long unsigned int> > [1]’ [-Warray-bounds]
1544 | dataLog(m_code);
| ^~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1895:91: note: while referencing ‘allocator’
1895 | ColoringAllocator<bank, Briggs, InterferenceEdge<uint32_t, uint64_t>> allocator(m_code, m_tmpWidth, m_useCounts, unspillableTmps);
| ^~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1544:21: warning: array subscript ‘const JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::IRC, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> >[0]’ is partly outside array bounds of ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::Briggs, JSC::B3::Air::{anonymous}::InterferenceEdge<unsigned int, long unsigned int> > [1]’ [-Warray-bounds]
1544 | dataLog(m_code);
| ^~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1895:91: note: while referencing ‘allocator’
1895 | ColoringAllocator<bank, Briggs, InterferenceEdge<uint32_t, uint64_t>> allocator(m_code, m_tmpWidth, m_useCounts, unspillableTmps);
| ^~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1559:29: warning: array subscript ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::IRC, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> >[0]’ is partly outside array bounds of ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::Briggs, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> > [1]’ [-Warray-bounds]
1559 | m_coloredTmp.resize(m_lastPrecoloredRegisterIndex + 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1892:91: note: while referencing ‘allocator’
1892 | ColoringAllocator<bank, Briggs, InterferenceEdge<uint16_t, uint32_t>> allocator(m_code, m_tmpWidth, m_useCounts, unspillableTmps);
| ^~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1560:35: warning: array subscript ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::IRC, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> >[0]’ is partly outside array bounds of ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::Briggs, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> > [1]’ [-Warray-bounds]
1560 | for (unsigned i = 1; i <= m_lastPrecoloredRegisterIndex; ++i) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1892:91: note: while referencing ‘allocator’
1892 | ColoringAllocator<bank, Briggs, InterferenceEdge<uint16_t, uint32_t>> allocator(m_code, m_tmpWidth, m_useCounts, unspillableTmps);
| ^~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1544:21: warning: array subscript ‘const JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::IRC, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> >[0]’ is partly outside array bounds of ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::Briggs, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> > [1]’ [-Warray-bounds]
1544 | dataLog(m_code);
| ^~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1892:91: note: while referencing ‘allocator’
1892 | ColoringAllocator<bank, Briggs, InterferenceEdge<uint16_t, uint32_t>> allocator(m_code, m_tmpWidth, m_useCounts, unspillableTmps);
| ^~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1544:21: warning: array subscript ‘const JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::IRC, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> >[0]’ is partly outside array bounds of ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::Briggs, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> > [1]’ [-Warray-bounds]
1544 | dataLog(m_code);
| ^~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1892:91: note: while referencing ‘allocator’
1892 | ColoringAllocator<bank, Briggs, InterferenceEdge<uint16_t, uint32_t>> allocator(m_code, m_tmpWidth, m_useCounts, unspillableTmps);
| ^~~~~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1544:21: warning: array subscript ‘const JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::IRC, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> >[0]’ is partly outside array bounds of ‘JSC::B3::Air::{anonymous}::ColoringAllocator<JSC::B3::FP, JSC::B3::Air::{anonymous}::Briggs, JSC::B3::Air::{anonymous}::InterferenceEdge<short unsigned int, unsigned int> > [1]’ [-Warray-bounds]
1544 | dataLog(m_code);
| ^~~~~~
../../Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp:1892:91: note: while referencing ‘allocator’
1892 | ColoringAllocator<bank, Briggs, InterferenceEdge<uint16_t, uint32_t>> allocator(m_code, m_tmpWidth, m_useCounts, unspillableTmps);
| ^~~~~~~~~
The warnings can be silenced like this:
diff --git a/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp b/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp
index e7a20e90ab28..82067c5b3c2b 100644
--- a/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp
+++ b/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGraphColoring.cpp
@@ -1541,7 +1541,9 @@ public:
if (!reg) {
dataLog("FATAL: No color for ", tmp, "\n");
dataLog("Code:\n");
+IGNORE_WARNINGS_BEGIN("array-bounds")
dataLog(m_code);
+IGNORE_WARNINGS_END
RELEASE_ASSERT_NOT_REACHED();
}
return reg;
@@ -1556,12 +1558,14 @@ protected:
void initializePrecoloredTmp()
{
+IGNORE_WARNINGS_BEGIN("array-bounds")
m_coloredTmp.resize(m_lastPrecoloredRegisterIndex + 1);
for (unsigned i = 1; i <= m_lastPrecoloredRegisterIndex; ++i) {
Tmp tmp = TmpMapper::tmpFromAbsoluteIndex(i);
ASSERT(tmp.isReg());
m_coloredTmp[i] = tmp.reg();
}
+IGNORE_WARNINGS_END
}
bool mayBeCoalesced(Arg left, Arg right)
I'm baffled because the first case does not appear to contain any array access, while the second case appears to be clearly safe given that m_coloredTmp is resized to m_lastPrecoloredRegisterIndex + 1 and the code does not go any higher than this. Looks like a false-positive to me, so my proposal is to just commit the IGNORE_WARNINGS macros unless somebody else wants to investigate further.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210419/f4365a56/attachment-0001.htm>
More information about the webkit-unassigned
mailing list