[Bug c/94247] Wrong char-subscripts warning for limited-range index

Mon, 23 Mar 2020 10:33:10 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94247

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |msebor at gcc dot gnu.org

--- Comment #5 from Martin Sebor <msebor at gcc dot gnu.org> ---
-Wchar-subscripts is far too primitive of an instrument to rely on to detect
real bugs with any fidelity.  Besides triggering regardless of whether char is
a signed or unsigned type (i.e., every instance of it on with -fno-signed-char
is a false positive), and besides not tracking values or ranges (leading to
another class of false positives evident in test cases like in comment #0), it
doesn't diagnose uses where the char subscript is a negative literal such as in

  int f (char *s)
  {
    return s['\xff'];   // missing warning
  }

or where it has been promoted from char, such as in:

  int f (char *s)
  {
    return s[*s + 1];   // missing warning
  }

Converting the char to signed char or any other type also suppresses the
warning without resolving the underlying problem (and, on -fno-signed-char
targets, could even introduce a bug into correct code).

Making the warning more discerning and detecting more real problems would
require running it later, after some basic optimizations.  But there already is
a flow-sensitive warning with the same ultimate goal of detecting out-of-bounds
array indices as -Wchar-subscripts: -Warray-bounds.  Unfortunately, because GCC
aggressively and rather indiscriminately folds references to static constant
arrays of types other than char very early on, negative subscripts in those are
not detected by it, and so erroneous expressions like in the snippet below are
not diagnosed:

  static const int a[] = { 1, 2, 3 };

  int f (void)
  {
    return a[-1];   // missing warning
  }

The out-of-bounds index above is diagnosed in accesses to non-constant arrays,
but only at -O2, because the -Warray-bounds warning runs only at that level. 
The only reason why it isn't detected at lower levels is because no effort has
been invested into it yet.  Patches are welcome :)

Reply via email to