[Bug middle-end/66031] Spurious array bounds warning

[slash.tmp at free dot fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66031

Mason  changed:

   What|Removed |Added

 CC||slash.tmp at free dot fr

--- Comment #2 from Mason  ---
FWIW, the following code looks somewhat fishy to me:

unsigned char f = 10;
extern unsigned char p[1];
char check(unsigned int n)
{
   if (n - 1 >= f) return p[n];
   return 1;
}

p[n] is well-defined iff n = 0

If n = 0, n - 1 = UINT_MAX, thus the test is true for any f
No other value of n is allowed as an index into p.

Thus I would expect gcc to turn the code into

  return (n == 0) ? p[0] : 1;

[Bug middle-end/66031] Spurious array bounds warning

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66031

Richard Biener rguenth at gcc dot gnu.org changed:

   What|Removed |Added

 Status|UNCONFIRMED |NEW
   Last reconfirmed||2015-05-06
 CC||rguenth at gcc dot gnu.org
 Ever confirmed|0   |1

--- Comment #1 from Richard Biener rguenth at gcc dot gnu.org ---
Confirmed.  We are confused by f being unsigned char somehow, so we don't see
that

  bb 3:
  i_7 = i_1 + 1;
  _8 = (unsigned int) i_7;
  _9 = _8 + 4294967295;
  _10 = (unsigned int) f.1_5;
  if (_9 = _10)
goto bb 4;
  else
goto bb 6;

  bb 4:
  _11 = p[_8];
  _12 = (char) _11;
...

is never executed (thus _9 = _10 is true).

DOM doesn't figure that out either, we are missing the simplification of

  i_7 = i_1 + 1;
  _8 = (unsigned int) i_7;
  _9 = _8 + 4294967295;

to

  _9 = (unsigned int) i_1;

but then we still have an unsigned int compare against f in one path and
a signed int one in the other.  We'd have to canonicalize to one form to
eventually make DOM recognize the redundant compare - which OTOH won't help
VRP to omit the warning (because VRP runs before DOM).  VRPs analysis is
not able to optimize such redundancy because it doesn't track symbolic
ranges in addition to regular ones here.

Summary: hard problem.