https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89720
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2019-03-14
Component|c++ |tree-optimization
Known to work| |8.3.0
Ever confirmed|0 |1
Known to fail| |9.0
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Confirmed. It was introduced in r262893:
Author: msebor <msebor@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Thu Jul 19 23:36:34 2018 +0000
PR tree-optimization/84047 - missing -Warray-bounds on an out-of-bounds
index into an array
PR tree-optimization/83776 - missing -Warray-bounds indexing past the end
of a string literal
gcc/ChangeLog:
PR tree-optimization/84047
PR tree-optimization/83776
* tree-vrp.c (vrp_prop::check_mem_ref): New function.
(check_array_bounds): Call it.
I think it's another instance of incorrectly dealing with unsigned pointer
offsets (similar to bug 89350). The range of the offset is [0, -3221225473]
which the code misinterprets as [-3221225473, 0]:
(gdb) p min
$10 = {<fixed_wide_int_storage<128>> = {val = {0, 10836215197923, 36503164},
len = 1}, static is_sign_extended = true}
(gdb) p max
$11 = {<fixed_wide_int_storage<128>> = {val = {-3221225473, 140737128894544,
140737488345360}, len = 1}, static is_sign_extended = true}
if (vr->kind () == VR_RANGE)
{
if (tree_int_cst_lt (vr->min (), vr->max ()))
{
offset_int min
= wi::to_offset (fold_convert (ptrdiff_type_node, vr->min ()));
offset_int max
= wi::to_offset (fold_convert (ptrdiff_type_node, vr->max ()));
if (min < max)
{
offrange[0] += min;
offrange[1] += max;
}
else
{
offrange[0] += max;
offrange[1] += min;
}
