False positive from -Warray-bounds?

Ian Lance Taylor iant@google.com
Thu Dec 29 23:57:00 GMT 2011


Lars Gullik Bjønnes <larsbj@gullik.org> writes:

> On Thu, Dec 29, 2011 at 23:02, Ian Lance Taylor <iant@google.com> wrote:
>> Lars Gullik Bjønnes <larsbj@gullik.org> writes:
>>
>>> I have this code:
>>>
>>> --------------
>>> unsigned int f(unsigned int value)
>>> {
>>>     unsigned int i = (value & 0xffff);
>>>     return (i == 0xffff ? 0xffffffff : i);
>>> }
>>>
>>>
>>> static int *arr1[10];
>>>
>>> void t(unsigned int s)
>>> {
>>>     arr1[f(s)] = 0;
>>>     arr1[f(s)] = 0;
>>> }
>>> ------------------
>>>
>>>
>>> When compiled with 'gcc -Wall -Wextra -c' I get a warning about
>>> "subscript is above array bounds".
>>> Shouldn't the -Warray-bounds only warn if will _always_ be out-of-bounds?
>>>
>>> Is this a false positive, or is there something that I am completely missing?
>>>
>>> I see this with gcc from trunk (some days ago), and with redhat gcc 4.6.2-1.
>>
>> The warning triggers if there is some code path in which the index is
>> provably out of bounds.  That is true of this code.  I don't think I
>> would describe this as a false positive.  I think it is a case where, as
>> the -Wall documentation says, the code should be modified to avoid the
>> warning.
>
> I won't argue too hard against that :-)
>
> But I do not read the -Warray-bounds documentation that way:
>
>            "It warns about subscripts to arrays that are always
>            out of bounds."
>
> So according to that I assumed (right...) that it not warn if there
> exists a path that will not trigger out-of-bounds.

I guess it's a matter of perspective.  What that text is intended to say
is: the compiler can prove that the array access is out of bounds.  It
is not intended to say: there is some conditional that guards the array
access and the conditional may or may not be true.

In this case there is an array access that is out of bounds, and there
is a conditional that guards the access.  The compiler can't tell
whether the conditional is true or not.  So it warns about the array
access.

The case where the compiler will not warn is
    a[i]
when the compiler does not know the value of i, or in general can not
prove that i will be out of bounds.

Ian



More information about the Gcc-help mailing list