92381 – missing -Warray-bounds on negative index with very large magnitude

Bug 92381 - missing -Warray-bounds on negative index with very large magnitude

Summary: missing -Warray-bounds on negative index with very large magnitude

Status:	NEW

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	middle-end (show other bugs)
Version:	10.0

Importance:	P3 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:	diagnostic

Depends on:
Blocks:	Warray-bounds
	Show dependency tree / graph

Reported:	2019-11-05 16:10 UTC by Martin Sebor
Modified:	2021-09-21 08:10 UTC (History)
CC List:	0 users

See Also:	86611 86613
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:	2020-01-30 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Sebor 2019-11-05 16:10:13 UTC

More extensive testing of the fix for pr92341 reveals that yet another optimization gets in the way of diagnosing negative out-of-bounds indices with a very large magnitude:

$ cat b.c && gcc -O2 -S -Wall -fdump-tree-ccp1-details=/dev/stdout b.c
int f (void)
{
  int *p = (int[]){ 1 };
  __PTRDIFF_TYPE__ i = -__PTRDIFF_MAX__ - 1;
  return p[i];   // missing warning
}

;; Function f (f, funcdef_no=0, decl_uid=1930, cgraph_uid=1, symbol_order=0)

Adding destination of edge (0 -> 2) to worklist

Simulating block 2

Visiting statement:
p_6 = &D.1933;
which is likely CONSTANT
Lattice value changed to CONSTANT &D.1933.  Adding SSA edges to worklist.
marking stmt to be not simulated again

Visiting statement:
i_7 = -9223372036854775808;
which is likely CONSTANT
Lattice value changed to CONSTANT -9223372036854775808.  Adding SSA edges to worklist.
marking stmt to be not simulated again

Visiting statement:
i.0_1 = (long unsigned int) i_7;
which is likely CONSTANT
Match-and-simplified (long unsigned int) i_7 to 9223372036854775808
Lattice value changed to CONSTANT 9223372036854775808.  Adding SSA edges to worklist.
marking stmt to be not simulated again

Visiting statement:
_2 = i.0_1 * 4;
which is likely CONSTANT
Match-and-simplified i.0_1 * 4 to 0
Lattice value changed to CONSTANT 0.  Adding SSA edges to worklist.
marking stmt to be not simulated again

Visiting statement:
_3 = p_6 + _2;
which is likely CONSTANT
Match-and-simplified p_6 + _2 to &D.1933
Lattice value changed to CONSTANT &D.1933.  Adding SSA edges to worklist.
marking stmt to be not simulated again

Visiting statement:
_8 = *_3;
which is likely CONSTANT
Lattice value changed to VARYING.  Adding SSA edges to worklist.

Visiting statement:
return _8;
No interesting values produced.  Marked VARYING.

Substituting values and folding statements

Folding statement: D.1933[0] = 1;
Not folded
Folding statement: _8 = *_3;
Folded into: _8 = MEM[(int *)&D.1933];

Folding statement: D.1933 ={v} {CLOBBER};
Not folded
Folding statement: return _8;
Not folded
Removing dead stmt _3 = p_6 + _2;

Removing dead stmt _2 = i.0_1 * 4;

Removing dead stmt i.0_1 = (long unsigned int) i_7;

Removing dead stmt i_7 = -9223372036854775808;

Removing dead stmt p_6 = &D.1933;

No longer having address taken: D.1933
f ()
{
  long int i;
  int D.1933[1];
  int * p;
  int _8;

  <bb 2> :
  D.1933[0] = 1;
  _8 = MEM[(int *)&D.1933];
  D.1933 ={v} {CLOBBER};
  return _8;

}

Comment 1 Martin Sebor 2019-11-05 16:11:03 UTC

See also pr86611 for a similar test case with apparently yet another root cause.