From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 20B613858286; Sun, 11 Sep 2022 08:31:39 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 20B613858286 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1662885099; bh=1OYR6ZFMgewZmh5SYs3ZXOlkOyI9rQ7QTO25OvytX+M=; h=From:To:Subject:Date:In-Reply-To:References:From; b=yQ8Xjds5M1s4EBxD1Tf43qoLm35X6La1BSCkgCH6I1G9/dk2Jyualw+S3rQh3q6vr v15EDd+gMuZFmRMAKJ5/uoRhfuAnu25qePh7Asq2IxsixpD5JDQWa8qfBedeihApux rG5r3tU4dNoHvOrk8o75fluwZMeswif6VS5woCaA= From: "carlosgalvezp at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/106901] False positive -Warray-bounds with -O2 or higher? Date: Sun, 11 Sep 2022 08:31:37 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: carlosgalvezp at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D106901 --- Comment #5 from Carlos Galvez --- I also would like to understand why the warning is not triggered if the fir= st "if (size < expected_size)" is removed.=20 https://godbolt.org/z/7vqPxhsqo The possibility of executing the loop and do out-of-bounds still exists, ri= ght? So why is the compiler warning in one case and not other? Similarly, a regular for-loop with "size" known at runtime is equally risky, yet the compiler is not flagging it: bool bar(std::array const& vec, std::size_t const size) { for (std::size_t i{0}; i < size; ++i) { if (vec[i] !=3D 0) { return false; } } return true; } https://godbolt.org/z/6c64MEY7d Personally, I think this warning should only warn about 100% confirmed OOB cases, and put the "maybe" cases in a separate flag. All respectable projec= ts have as minimum "-Wall -Werror" in their compiler flags, to detect problems that do exist, not that "might" exist. This can lead to quite a few false positives, leading to people either disabling the warning altogether (which= is pretty bad!) or polluting the code with inline pragmas (disallowed by some coding guidelines).=