From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-438273-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 16271 invoked by alias); 20 Dec 2013 10:30:49 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Received: (qmail 16254 invoked by uid 48); 20 Dec 2013 10:30:45 -0000
From: "rguenth at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/59564] False positive array -Warray-bounds check with -O2
Date: Fri, 20 Dec 2013 10:30:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 4.9.0
X-Bugzilla-Keywords: diagnostic
X-Bugzilla-Severity: normal
X-Bugzilla-Who: rguenth at gcc dot gnu.org
X-Bugzilla-Status: NEW
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: keywords bug_status cf_reconfirmed_on component version everconfirmed cf_known_to_fail
Message-ID: <bug-59564-4-nu2UJPRbwG@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-59564-4@http.gcc.gnu.org/bugzilla/>
References: <bug-59564-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2013-12/txt/msg01928.txt.bz2

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59564

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |diagnostic
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2013-12-20
          Component|c                           |tree-optimization
            Version|unknown                     |4.9.0
     Ever confirmed|0                           |1
      Known to fail|                            |4.8.2, 4.9.0

--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
DOM optimizes this to

  if (n <= 0)
    {
      n = 0;
      arr[0] = 0;
    }
  else
    arr[n] = 0;

after which value-range propagation warns for the arr[n] on the else
branch because there n >= 1 and thus the access is out-of-bounds.

Fixing the obfuscation by doing

  if (n < 0) n = 0;

instead of

  if (n <= 0) n = 0;

fixes the warning.

The warning is basically that n is not constrained to be < 1 which is
of course kind-of-useless.  We don't warn for a plain arr[n] either.
But as you give VRP a half-useful range you make it emit the warning.

Common to these kind of "bogus" warnings is that we have duplicated the
memory access and warn about the "bad" half of it.  But we have no way
of tracking whether there are now two pieces instead of just one ...
(apart from maybe using source location info and making sure that VRP
computes the same "warning" for equal source location accesses).