[Bug c++/68354] New: -Warray-bounds on a flexible array member in C++

["msebor at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68354

            Bug ID: 68354
           Summary: -Warray-bounds on a flexible array member in C++
           Product: gcc
           Version: 6.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

In C++ mode (but not in C mode), g++ silently (without -Wpedantic) accepts both
a definition of a struct with a flexible array member and an object of such a
type without an initializer but issues a warning for accesses to the array (see
below).  Debugging reveals that unlike the C front end, the C++ front end sets
the bounds on flexible arrays to [0, SIZE_MAX].  The code in check_array_ref in
tree-vrp.c then trips up on such an array because it first assumes that
flexible arrays have no bounds, and further assumes that no array has an upper
bound of SIZE_MAX when adding one to the bound.  When the computation wraps
around to zero, the function incorrectly deduces that the array is empty and
issues a warning.

It seems wrong for the C++ front end to set the upper bound to SIZE_MAX for any
array.  First, because GCC itself assumes that no object is larger than
SIZE_MAX / 2.  Second, when the size of the array element is greater than 1 as
in the case below, even the most permissive upper bound cannot be SIZE_MAX.

$ cat u.cpp && /build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc -O2 -S
-Wall -Wextra -o/dev/null u.cpp 
struct S {
    int n;
    int a[];
} s;

int i;

void f ()
{
    i = s.a [0];
}

u.cpp: In function âvoid f()â:
u.cpp:10:15: warning: array subscript is above array bounds [-Warray-bounds]
     i = s.a [0];
               ^