[Bug tree-optimization/94675] [9 regression] -Warray-bounds false positive with -O2

rguenth at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Tue Apr 21 07:46:20 GMT 2020 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94675

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |9.4
            Version|unknown                     |9.3.0

--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
(In reply to Martin Sebor from comment #1)
> The false positive is not due a shortcoming of the warning but rather due to
> GCC not having a sufficiently sophisticated analysis of relationships of
> pointers into the same objects.  The same warning (and probably a numbers as
> well) can be reproduced with a simpler example.
> 
> $ cat pr94675.c && gcc -O2 -S -Wall -fdump-tree-vrp=/dev/stdout pr94675.c
> unsigned char c, n;
> 
> int f (void)
> {
>   if (n <= 7) return 0;
> 
>   unsigned char *p = &c, *q = p + n;
> 
>   if (q - p <= 7)   // not eliminated
>     return 0;

Not sure why you write not eliminated - it is eliminated.  I believe
your testcase is bogus - why would the p[7] access never happen?
Because p + n is invoking undefined behavior?

>   return p[7];      // spurious -Warray-bounds
> }
> 
> ;; Function f (f, funcdef_no=0, decl_uid=1932, cgraph_uid=1, symbol_order=2)
> 
> ;; 1 loops found
> ;;
> ;; Loop 0
> ;;  header 0, latch 1
> ;;  depth 0, outer -1
> ;;  nodes: 0 1 2 3 4
> ;; 2 succs { 4 3 }
> ;; 3 succs { 4 }
> ;; 4 succs { 1 }
> 
> Value ranges after VRP:
> 
> n.0_1: unsigned char VARYING
> _2: unsigned char VARYING
> _3: int [0, 255]
> _5: int [0, 255]
> 
> 
> pr94675.c: In function ‘f’:
> pr94675.c:12:11: warning: array subscript 7 is outside array bounds of
> ‘unsigned char[1]’ [-Warray-bounds]
>    12 |   return p[7];
>       |          ~^~~
> pr94675.c:1:15: note: while referencing ‘c’
>     1 | unsigned char c, n;
>       |               ^
> f ()
> {
>   unsigned char n.0_1;
>   unsigned char _2;
>   int _3;
>   int _5;
> 
>   <bb 2> [local count: 1073741824]:
>   n.0_1 = n;
>   if (n.0_1 <= 7)
>     goto <bb 4>; [34.00%]
>   else
>     goto <bb 3>; [66.00%]
> 
>   <bb 3> [local count: 708669601]:
>   _2 = MEM[(unsigned char *)&c + 7B];
>   _5 = (int) _2;
> 
>   <bb 4> [local count: 1073741824]:
>   # _3 = PHI <0(2), _5(3)>
>   return _3;
> 
> }
> 
> 
> 
> ;; Function f (f, funcdef_no=0, decl_uid=1932, cgraph_uid=1, symbol_order=2)
> 
> ;; 1 loops found
> ;;
> ;; Loop 0
> ;;  header 0, latch 1
> ;;  depth 0, outer -1
> ;;  nodes: 0 1 2 3 4
> ;; 2 succs { 4 3 }
> ;; 3 succs { 4 }
> ;; 4 succs { 1 }
> 
> Value ranges after VRP:
> 
> n.0_1: unsigned char VARYING
> _2: unsigned char VARYING
> _3: int [0, 255]
> _5: int [0, 255]
> 
> 
> f ()
> {
>   unsigned char n.0_1;
>   unsigned char _2;
>   int _3;
>   int _5;
> 
>   <bb 2> [local count: 1073741824]:
>   n.0_1 = n;
>   if (n.0_1 <= 7)
>     goto <bb 4>; [34.00%]
>   else
>     goto <bb 3>; [66.00%]
> 
>   <bb 3> [local count: 708669601]:
>   _2 = MEM[(unsigned char *)&c + 7B];
>   _5 = (int) _2;
> 
>   <bb 4> [local count: 1073741824]:
>   # _3 = PHI <_5(3), 0(2)>
>   return _3;
> 
> }

More information about the Gcc-bugs mailing list