https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102006
Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |56456 CC| |msebor at gcc dot gnu.org Keywords| |diagnostic Component|c++ |tree-optimization --- Comment #5 from Martin Sebor <msebor at gcc dot gnu.org> --- I ca confirm the warning but not yet that it's a bug or limitation in GCC. The IL does show an access via an out-of-bounds pointer to a local object: (struct Element *)&holder + -32B, so it's working as designed. I can't tell if the access itself, adjusted for the offset of the member, is valid (i.e., what's D.146911's offset within holder), but even if it is, the warning validates pointers without considering subsequent adjustments so if something earlier ends up emitting one that's out-of-bounds the warning will trigger. The out-of-bounds offset first shows up in the fixup_cfg3 dump. ListHolder is multiply derived from the same base class whose members freely cast the this pointer to the derived class so maybe that somehow results in the intermediate negative offset. The translation unit is almost 90,000 of twisty C++ code so it will take a bit of time to reduce to something manageable. void List_TestFunc (const struct TestContext & context) { ... struct ListHolder holder; ... <bb 3> [local count: 1073741824]: _15 = MEM[(struct base_single_link *)&holder].pNext; if (_15 != 0B) goto <bb 4>; [85.10%] else goto <bb 5>; [14.90%] <bb 4> [local count: 913754293]: iftmp.2_16 = &MEM[(struct Element *)_15 + -32B].D.146911; <bb 5> [local count: 1073741821]: # i$m_p_24 = PHI <iftmp.2_16(4), 0B(3)> goto <bb 8>; [100.00%] ... <bb 8> [local count: 9761289345]: # i$m_p_21 = PHI <i$m_p_24(5), _22(7)> if (&MEM[(struct Element *)&holder + -32B].D.146911 != i$m_p_21) <<< -Warray-bounds goto <bb 6>; [89.00%] else goto <bb 27>; [11.00%] Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456 [Bug 56456] [meta-bug] bogus/missing -Warray-bounds