Bug 44848 - Bogus "array subscript is below array bounds" with loops
Summary: Bogus "array subscript is below array bounds" with loops
Status: NEW
Alias: None
Product: gcc
Classification: Unclassified
Component: middle-end (show other bugs)
Version: 4.5.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords: diagnostic
Depends on:
Blocks:
 
Reported: 2010-07-06 21:31 UTC by Eli Friedman
Modified: 2013-09-11 21:32 UTC (History)
3 users (show)

See Also:
Host:
Target: x86-64-pc-linux-gnu
Build:
Known to work:
Known to fail: 4.6.0
Last reconfirmed: 2010-07-24 18:35:06


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Eli Friedman 2010-07-06 21:31:42 UTC
Testcase (derived from ffmpeg):

void av_solve_lls(double (*factor)[33], int count, int min_order){
    int i,j,k;
    for(i=0; i<count; i++){
        for(j=i; j<count; j++){
            double sum = factor[i][j];

            for(k=i-1; k>=0; k--)
                sum -= factor[i][k]*factor[j][k];

            factor[i][i]= sum;
        }
    }

    for(j=count-1; j>=min_order; j--){
        for(i=j; i>=0; i--){
            factor[0][j]= 0;
        }
        factor[0][j] = 0;
        for(i=0; i<=j; i++){
            factor[0][j] += 0;
        }
    }
}

With the following command-line:
gcc l.c -S -Wall -O2

Gives the following warning:
/tmp/l.c: In function ‘av_solve_lls’:
/tmp/l.c:18:18: warning: array subscript is below array bounds

Using gcc 4.5.0 on x86-64-pc-linux-gnu, built from source, configured with "configure --enable-languages=c --disable-bootstrap".

The testcase is a little large, but I can't figure out how to reduce it more; the issue seems very sensitive to the precise structure of the code.
Comment 1 Richard Biener 2010-07-07 10:08:01 UTC
This is the same as PR43270 (and the fix for it cures it).

*** This bug has been marked as a duplicate of 43270 ***
Comment 2 Eli Friedman 2010-07-08 03:08:13 UTC
I'm afraid I mis-reduced the issue; try the following (which reproduces on both trunk r161941 and 4.5.0):

typedef struct LLSModel{
    double variance[32];
    int indep_count;
}LLSModel;

void av_solve_lls(LLSModel *m, double (*factor)[33], int count, int min_order){
    int i,j,k;

    for(i=0; i<count; i++){
        for(j=i; j<count; j++){
            double sum= factor[i][j];

            for(k=i-1; k>=0; k--)
                sum -= factor[i][k];

            factor[j][i] = sum;
        }
    }
    for(j=count-1; j>=min_order; j--){
        for(i=j; i>=0; i--)
            factor[j][i]= 1 / factor[i][i];

        m->variance[j]= factor[0][0];
        for(i=0; i<=j; i++)
            m->variance[j] += factor[j][i];
    }
}
Comment 3 Andrew Pinski 2010-07-24 18:35:06 UTC
j_64: [min_order_29(D), +INF]  EQUIVALENCES: { j_5 } (1 elements)
Comment 4 Eero Tamminen 2013-09-11 21:32:00 UTC
(In reply to Richard Biener from comment #1)
> This is the same as PR43270 (and the fix for it cures it).
> 
> *** This bug has been marked as a duplicate of 43270 ***

Current status is still NEW, but there's no comment why duplicate status was changed back to NEW.  Did the fix to (already verified) bug 43270 fix also this bug (i.e. should this also be verified) or not?