[Bug analyzer/111213] -Wanalyzer-out-of-bounds false negative with `return arr[9];` at -O1 and above
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213 David Malcolm changed: What|Removed |Added Status|NEW |SUSPENDED --- Comment #4 from David Malcolm --- Marking this one as SUSPENDED since it would require the big rewrite for PR 111312.
[Bug analyzer/111213] -Wanalyzer-out-of-bounds false negative with `return arr[9];` at -O1 and above
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213 --- Comment #3 from mengli ming --- (In reply to David Malcolm from comment #1) > (In reply to mengli ming from comment #0) > > Thanks for filing this bug. > > > Hi, this case (https://godbolt.org/z/98PMz1KKz) contains an out-of-bound > > error (stmt: `return arr[9];`). At -O0, the analyzer can report this > > warning. However, at -O1, -O2, and -O3, the analyzer doesn't report that. > > This is a side-effect of how late the analyzer runs. Adding > -fdump-ipa-analyzer=stdder > shows that at -O1 and above, the "arr[9]" access is optimized away before > the analyzer "sees" it. > > See e.g.: > https://godbolt.org/z/YjffsMYW4 > > My hypothesis is that the optimizer sees the undefined behavior and > optimizes the function away (but I haven't looked into the details). > > If that's the case, that's a strong argument that the analyzer should run > earlier. I'm not sure if we have an existing bug about that. Many thanks!!!
[Bug analyzer/111213] -Wanalyzer-out-of-bounds false negative with `return arr[9];` at -O1 and above
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Last reconfirmed||2023-09-06 Ever confirmed|0 |1 --- Comment #2 from David Malcolm --- (In reply to David Malcolm from comment #1) [...] > If that's the case, that's a strong argument that the analyzer should run > earlier. I'm not sure if we have an existing bug about that. Filed as bug 111312; made this one block that one.
[Bug analyzer/111213] -Wanalyzer-out-of-bounds false negative with `return arr[9];` at -O1 and above
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213 David Malcolm changed: What|Removed |Added Summary|-Wanalyzer-out-of-bounds|-Wanalyzer-out-of-bounds |false negative with `return |false negative with `return |arr[9];`|arr[9];` at -O1 and above --- Comment #1 from David Malcolm --- (In reply to mengli ming from comment #0) Thanks for filing this bug. > Hi, this case (https://godbolt.org/z/98PMz1KKz) contains an out-of-bound > error (stmt: `return arr[9];`). At -O0, the analyzer can report this > warning. However, at -O1, -O2, and -O3, the analyzer doesn't report that. This is a side-effect of how late the analyzer runs. Adding -fdump-ipa-analyzer=stdder shows that at -O1 and above, the "arr[9]" access is optimized away before the analyzer "sees" it. See e.g.: https://godbolt.org/z/YjffsMYW4 My hypothesis is that the optimizer sees the undefined behavior and optimizes the function away (but I haven't looked into the details). If that's the case, that's a strong argument that the analyzer should run earlier. I'm not sure if we have an existing bug about that.
