https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213
David Malcolm <dmalcolm at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|-Wanalyzer-out-of-bounds |-Wanalyzer-out-of-bounds |false negative with `return |false negative with `return |arr[9];` |arr[9];` at -O1 and above --- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> --- (In reply to mengli ming from comment #0) Thanks for filing this bug. > Hi, this case (https://godbolt.org/z/98PMz1KKz) contains an out-of-bound > error (stmt: `return arr[9];`). At -O0, the analyzer can report this > warning. However, at -O1, -O2, and -O3, the analyzer doesn't report that. This is a side-effect of how late the analyzer runs. Adding -fdump-ipa-analyzer=stdder shows that at -O1 and above, the "arr[9]" access is optimized away before the analyzer "sees" it. See e.g.: https://godbolt.org/z/YjffsMYW4 My hypothesis is that the optimizer sees the undefined behavior and optimizes the function away (but I haven't looked into the details). If that's the case, that's a strong argument that the analyzer should run earlier. I'm not sure if we have an existing bug about that.