https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|-Wanalyzer-out-of-bounds |-Wanalyzer-out-of-bounds
|false negative with `return |false negative with `return
|arr[9];` |arr[9];` at -O1 and above
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
(In reply to mengli ming from comment #0)
Thanks for filing this bug.
> Hi, this case (https://godbolt.org/z/98PMz1KKz) contains an out-of-bound
> error (stmt: `return arr[9];`). At -O0, the analyzer can report this
> warning. However, at -O1, -O2, and -O3, the analyzer doesn't report that.
This is a side-effect of how late the analyzer runs. Adding
-fdump-ipa-analyzer=stdder
shows that at -O1 and above, the "arr[9]" access is optimized away before the
analyzer "sees" it.
See e.g.:
https://godbolt.org/z/YjffsMYW4
My hypothesis is that the optimizer sees the undefined behavior and optimizes
the function away (but I haven't looked into the details).
If that's the case, that's a strong argument that the analyzer should run
earlier. I'm not sure if we have an existing bug about that.
