[Bug analyzer/108432] Analyzer fails to detect out-of-bounds issues within loops

dmalcolm at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Mon Jan 23 16:34:23 GMT 2023


--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
(In reply to Segher Boessenkool from comment #1)
> Many warning messages are also dependent on optimisation level.  And the
> actual generated code is as well ;-)
> -O0 means do the least possible work to generate correct code.  There is
> friction between that and having -fanalyzer do deep inspection of the code.
> I think we should document -fanalyzer needs some optimisation enabled (does
> it need -O2 in some cases, or just -O1 always, btw?)
> The suggestion to at least check the last loop iteration is good of course.

Unfortunately, some analyzer warnings work better with optimization *disabled*.
 -fanalyzer runs much later than most other static analyzers.

For example, -Wanalyzer-deref-before-check doesn't work well with optimization,
as the dereference means that that optimized can remove the checks before the
analyzer "sees" them.

I think there's a natural tension between optimization and detecting undefined
behavior, in that -fanalyzer wants to report on possible undefined behavior,
whereas optimization wants to take advantage of undefined behavior.

More information about the Gcc-bugs mailing list