[Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095 --- Comment #5 from mengli ming --- Created attachment 56202 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=56202=edit Under the `-O0` optimization level, irrelevant code affects whether the analyzer will report an out-of-bound warning.
[Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095 --- Comment #4 from mengli ming --- (In reply to David Malcolm from comment #1) > Thanks for filing this bug. > > This looks similar to bug 111213. > > Adding -fdump-ipa-analyzer=stderr shows that at -O1 and above, the entire > body of the function is optimized away before the analyzer even sees it > (presumably due to undefined behavior). > > My hypothesis is that the optimizer sees the undefined behavior and > optimizes the function away (but I haven't checked the details). > > If that's the case, that's a strong argument that the analyzer should run > earlier. I'll open a bug about that. Hi David, Under the -O0 optimization level, I found another issue with this case. After commenting out irrelevant code like `for (int i = 0; i < 1; i++) ;` or `union a h;`, the analyzer reports an out-of-bound warning. Moreover, changing `*g = 0;` to `*g = 1;` also triggers the out-of-bound warning. It's puzzling.
[Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095 --- Comment #3 from mengli ming --- (In reply to David Malcolm from comment #1) > Thanks for filing this bug. > > This looks similar to bug 111213. > > Adding -fdump-ipa-analyzer=stderr shows that at -O1 and above, the entire > body of the function is optimized away before the analyzer even sees it > (presumably due to undefined behavior). > > My hypothesis is that the optimizer sees the undefined behavior and > optimizes the function away (but I haven't checked the details). > > If that's the case, that's a strong argument that the analyzer should run > earlier. I'll open a bug about that. Thank you for the detailed explanation, David. I appreciate it.
[Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095 --- Comment #2 from David Malcolm --- (In reply to David Malcolm from comment #1) [...] > I'll open a bug about that. Filed as bug 111312; made this one block that one.
[Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Ever confirmed|0 |1 Summary|-Wanalyzer-out-of-bounds|-Wanalyzer-out-of-bounds |false negative with `return |false negative with `return |l_1322[9];` |l_1322[9];` at -O1 and ||above Last reconfirmed||2023-09-06 --- Comment #1 from David Malcolm --- Thanks for filing this bug. This looks similar to bug 111213. Adding -fdump-ipa-analyzer=stderr shows that at -O1 and above, the entire body of the function is optimized away before the analyzer even sees it (presumably due to undefined behavior). My hypothesis is that the optimizer sees the undefined behavior and optimizes the function away (but I haven't checked the details). If that's the case, that's a strong argument that the analyzer should run earlier. I'll open a bug about that.
