[Bug tree-optimization/66992] New: [4.9/5/6 Regression] Incorrect array subscript is above bounds warning

[Bug tree-optimization/66992] New: [4.9/5/6 Regression] Incorrect array subscript is above bounds warning

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66992

            Bug ID: 66992
           Summary: [4.9/5/6 Regression] Incorrect array subscript is
                    above bounds warning
           Product: gcc
           Version: 4.9.4
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: jakub at gcc dot gnu.org
  Target Milestone: ---

On
struct tcp_sack_block
{
  unsigned start_seq;
  unsigned end_seq;
};

struct tcp_sock
{
  struct tcp_sack_block sel_acks[4];
  unsigned char num_sacks;
  unsigned rcv_nxt;
};

static inline _Bool
before (unsigned seq1, unsigned seq2)
{
  return (signed) (seq1 - seq2) < 0;
}

static void
tcp_sack_remove (struct tcp_sock *tp)
{
  struct tcp_sack_block *sp = &tp->sel_acks[0];
  int num_sacks = tp->num_sacks;
  int this_sack;

  for (this_sack = 0; this_sack < num_sacks;)
    {
      if (!before (tp->rcv_nxt, sp->start_seq))
{
  int i;

  for (i = this_sack + 1; i < num_sacks; i++)
    {
      tp->sel_acks[i - 1] = tp->sel_acks[i];
    }
  num_sacks--;
  continue;
}
      this_sack++;
      sp++;
    }
  tp->num_sacks = num_sacks;
}

struct tcp_sock mysock = {.num_sacks = 4 };

int
main ()
{
  tcp_sack_remove (&mysock);

  return 0;
}

distilled from Linux kernel at -O3 -Wall, we get incorrect warning.  The
problem is (starting with r192538) too conservative # of iterations analysis
for the loop, the loop can only execute the body at most 3 times, because
otherwise it reaches undefined behavior either in the sel_acks[i - 1] access,
or sel_acks[i] access.  But we actually compute # of iterations 5 on the
condition (thus 4 iterations of the body), and then not surprisingly VRP1 warns
about the last iteration assignment which is always invalid.

[Bug tree-optimization/66992] [4.9/5/6 Regression] Incorrect array subscript is above bounds warning

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66992

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |4.9.4

[Bug tree-optimization/66992] [4.9/5/6 Regression] Incorrect array subscript is above bounds warning

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66992

--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
I think we have some dups that are similar.