public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/111095] New: -Wanalyzer-out-of-bounds false negative with `return l_1322[9];`
@ 2023-08-22 2:55 dale.mengli.ming at proton dot me
2023-09-06 21:15 ` [Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above dmalcolm at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: dale.mengli.ming at proton dot me @ 2023-08-22 2:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095
Bug ID: 111095
Summary: -Wanalyzer-out-of-bounds false negative with `return
l_1322[9];`
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dale.mengli.ming at proton dot me
Target Milestone: ---
Hi,in this case(https://godbolt.org/z/sKPxGrG8z), the array `l_1322` has a
capacity of 7. However, in relation to the `return l_1322[9]` statement, it
appears(with -O1, -O2, -O3) that the analyzer don't report any related
warnings.
Thanks for taking the time to look at this case, even though I'm not sure if
it's helpful for improving the analyzer.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above
2023-08-22 2:55 [Bug analyzer/111095] New: -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` dale.mengli.ming at proton dot me
@ 2023-09-06 21:15 ` dmalcolm at gcc dot gnu.org
2023-09-06 21:28 ` dmalcolm at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-09-06 21:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
Summary|-Wanalyzer-out-of-bounds |-Wanalyzer-out-of-bounds
|false negative with `return |false negative with `return
|l_1322[9];` |l_1322[9];` at -O1 and
| |above
Last reconfirmed| |2023-09-06
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this bug.
This looks similar to bug 111213.
Adding -fdump-ipa-analyzer=stderr shows that at -O1 and above, the entire body
of the function is optimized away before the analyzer even sees it (presumably
due to undefined behavior).
My hypothesis is that the optimizer sees the undefined behavior and optimizes
the function away (but I haven't checked the details).
If that's the case, that's a strong argument that the analyzer should run
earlier. I'll open a bug about that.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above
2023-08-22 2:55 [Bug analyzer/111095] New: -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` dale.mengli.ming at proton dot me
2023-09-06 21:15 ` [Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above dmalcolm at gcc dot gnu.org
@ 2023-09-06 21:28 ` dmalcolm at gcc dot gnu.org
2023-10-25 8:23 ` dale.mengli.ming at proton dot me
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-09-06 21:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
(In reply to David Malcolm from comment #1)
[...]
> I'll open a bug about that.
Filed as bug 111312; made this one block that one.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above
2023-08-22 2:55 [Bug analyzer/111095] New: -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` dale.mengli.ming at proton dot me
2023-09-06 21:15 ` [Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above dmalcolm at gcc dot gnu.org
2023-09-06 21:28 ` dmalcolm at gcc dot gnu.org
@ 2023-10-25 8:23 ` dale.mengli.ming at proton dot me
2023-10-25 9:00 ` dale.mengli.ming at proton dot me
2023-10-25 9:03 ` dale.mengli.ming at proton dot me
4 siblings, 0 replies; 6+ messages in thread
From: dale.mengli.ming at proton dot me @ 2023-10-25 8:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095
--- Comment #3 from mengli ming <dale.mengli.ming at proton dot me> ---
(In reply to David Malcolm from comment #1)
> Thanks for filing this bug.
>
> This looks similar to bug 111213.
>
> Adding -fdump-ipa-analyzer=stderr shows that at -O1 and above, the entire
> body of the function is optimized away before the analyzer even sees it
> (presumably due to undefined behavior).
>
> My hypothesis is that the optimizer sees the undefined behavior and
> optimizes the function away (but I haven't checked the details).
>
> If that's the case, that's a strong argument that the analyzer should run
> earlier. I'll open a bug about that.
Thank you for the detailed explanation, David. I appreciate it.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above
2023-08-22 2:55 [Bug analyzer/111095] New: -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` dale.mengli.ming at proton dot me
` (2 preceding siblings ...)
2023-10-25 8:23 ` dale.mengli.ming at proton dot me
@ 2023-10-25 9:00 ` dale.mengli.ming at proton dot me
2023-10-25 9:03 ` dale.mengli.ming at proton dot me
4 siblings, 0 replies; 6+ messages in thread
From: dale.mengli.ming at proton dot me @ 2023-10-25 9:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095
--- Comment #4 from mengli ming <dale.mengli.ming at proton dot me> ---
(In reply to David Malcolm from comment #1)
> Thanks for filing this bug.
>
> This looks similar to bug 111213.
>
> Adding -fdump-ipa-analyzer=stderr shows that at -O1 and above, the entire
> body of the function is optimized away before the analyzer even sees it
> (presumably due to undefined behavior).
>
> My hypothesis is that the optimizer sees the undefined behavior and
> optimizes the function away (but I haven't checked the details).
>
> If that's the case, that's a strong argument that the analyzer should run
> earlier. I'll open a bug about that.
Hi David, Under the -O0 optimization level, I found another issue with this
case.
After commenting out irrelevant code like `for (int i = 0; i < 1; i++) ;` or
`union a h;`, the analyzer reports an out-of-bound warning. Moreover, changing
`*g = 0;` to `*g = 1;` also triggers the out-of-bound warning. It's puzzling.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above
2023-08-22 2:55 [Bug analyzer/111095] New: -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` dale.mengli.ming at proton dot me
` (3 preceding siblings ...)
2023-10-25 9:00 ` dale.mengli.ming at proton dot me
@ 2023-10-25 9:03 ` dale.mengli.ming at proton dot me
4 siblings, 0 replies; 6+ messages in thread
From: dale.mengli.ming at proton dot me @ 2023-10-25 9:03 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095
--- Comment #5 from mengli ming <dale.mengli.ming at proton dot me> ---
Created attachment 56202
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=56202&action=edit
Under the `-O0` optimization level, irrelevant code affects whether the
analyzer will report an out-of-bound warning.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-10-25 9:03 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-22 2:55 [Bug analyzer/111095] New: -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` dale.mengli.ming at proton dot me
2023-09-06 21:15 ` [Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above dmalcolm at gcc dot gnu.org
2023-09-06 21:28 ` dmalcolm at gcc dot gnu.org
2023-10-25 8:23 ` dale.mengli.ming at proton dot me
2023-10-25 9:00 ` dale.mengli.ming at proton dot me
2023-10-25 9:03 ` dale.mengli.ming at proton dot me
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).