https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97410
Bug ID: 97410
Summary: missing -Warray-bounds with constant index from second
array element
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The out of bounds access in the function below isn't diagnosed even though the
dump shows GCC knows that q cannot point to the beginning of a (q_6: char *
[1B, +INF]).
$ cat xx.c && gcc -O2 -S -Wall -fdump-tree-vrp1=/dev/stdout xx.c
int f (int i)
{
char a[4] = "", *p = a, *q = &a[i];
if (p == q) return -1;
return q[3]; // missing -Warray-bounds
}
;; Function f (f, funcdef_no=0, decl_uid=1931, cgraph_uid=1, symbol_order=0)
;; 1 loops found
;;
;; Loop 0
;; header 0, latch 1
;; depth 0, outer -1
;; nodes: 0 1 2 3 4
;; 2 succs { 4 3 }
;; 3 succs { 4 }
;; 4 succs { 1 }
SSA replacement table
N_i -> { O_1 ... O_j } means that N_i replaces O_1, ..., O_j
q_9 -> { q_6 }
Incremental SSA update started at block: 2
Number of blocks in CFG: 5
Number of blocks to update: 2 ( 40%)
Value ranges after VRP:
_1: char VARYING
_2: int [-128, 127]
i_5(D): int VARYING
q_6: char * [1B, +INF]
_7: int [-128, 127]
q_9: char[4] * ~[&a, &a] EQUIVALENCES: { q_6 } (1 elements)
f (int i)
{
char * q;
char a[4];
char _1;
int _2;
int _7;
<bb 2> [local count: 1073741824]:
a = "";
q_6 = &a[i_5(D)];
if (&a == q_6)
goto <bb 4>; [0.45%]
else
goto <bb 3>; [99.55%]
<bb 3> [local count: 1068909985]:
_1 = MEM[(char *)q_6 + 3B];
_7 = (int) _1;
<bb 4> [local count: 1073741824]:
# _2 = PHI <-1(2), _7(3)>
a ={v} {CLOBBER};
return _2;
}
