[hjl@gnu-6 gcc]$ cat bar.cc class XXX { private: bool _enabled; public: bool on() const {return _enabled;} }; extern XXX xxx; extern bool foobar(const unsigned int); extern void foo (const char *); extern const unsigned int bar (void * p); extern void bar2(void * ptr) { static const unsigned int size_map[] = { 0, 1, 2, 0, 4, 0, 0, 0, 8}; const unsigned int old_width = bar (ptr); if(!(old_width <= 8)) if(xxx.on()) foo (""); unsigned int size = size_map[old_width]; if(!(size != 0)) if(xxx.on()) foo (""); if(!(foobar(size))) foo (""); } [hjl@gnu-6 gcc]$ ./xgcc -B./ -S -O2 -Wall bar.cc -Werror bar.cc: In function \u2018void bar2(void*)\u2019: bar.cc:19:41: error: array subscript is above array bounds [-Werror=array-bounds] unsigned int size = size_map[old_width]; ^ cc1plus: all warnings being treated as errors [hjl@gnu-6 gcc]$
It is caused by r205074.
This is not fully a bogus warning. The warning is true if xxx._enabled is false and bar returns something which is > 8. Here is a shorter testcase: extern bool foobar(const unsigned int); extern void foo (void); extern void bar2(bool *enabled, unsigned int old_width) { static const unsigned int size_map[] = { 0, 1, 2, 0, 4, 0, 0, 0, 8}; if(old_width > 8) if(*enabled) foo (); unsigned int size = size_map[old_width]; if(size == 0) if(*enabled) foo (); if(foobar(size)) foo (); } We are transforming the above into: extern bool foobar(const unsigned int); extern void foo (void); extern void bar2(bool *enabled, unsigned int old_width) { unsigned int size; static const unsigned int size_map[] = { 0, 1, 2, 0, 4, 0, 0, 0, 8}; if(old_width > 8) { if(*enabled) foo (); else { size = size_map[old_width]; goto t; } } size = size_map[old_width]; if(size == 0) if(*enabled) foo (); t: if(foobar(size)) foo (); } Which is correct and we are warning about the access under the else statement.
What source does this come from?
(In reply to Andrew Pinski from comment #3) > What source does this come from? This comes from a real application.
Yeah, nothing guards the size_map access if !(old_width <= 8). I'd say this report is invalid. Triggered by more elaborate jump-threading, btw.
Agreed. Nothing guards the reference to size_map[old_width].