Array out of bounds warning

Array out of bounds warning

[Falk Hueffner]

Hi,

the Compaq C compiler has a warning for an array out of bounds access
with constant index (and known array size, of course), like this:

int a[10];
a[10] = 17;

I've already discovered two nasty bugs with this warning, so I
wondered whether it might be worth adding it to gcc. It can be
erroneously triggered with code that allocates extra space after the
array, for example by putting it into a union. These arrays usually
have a size of 1, so the Compaq C compiler has a special warning for
that which can be toggled seperately. I'd rather never warn in this
condition, so I suggest something like this:

--- cvs/gcc/gcc/c-typeck.c	Sun Jul 30 19:23:25 2000
+++ gcc-07.30/gcc/c-typeck.c	Sun Jul 30 21:18:22 2000
@@ -1332,6 +1332,24 @@
 	    pedwarn ("ANSI C forbids subscripting non-lvalue array");
 	}
 
+      if (1)
+	{
+	  if (TREE_CODE (index) == INTEGER_CST)
+	    {
+	      tree range = TYPE_DOMAIN (TREE_TYPE (array));
+	      if (range != 0
+		  && TREE_CODE (TYPE_MAX_VALUE (range)) == INTEGER_CST
+		  && tree_int_cst_lt (TYPE_MAX_VALUE (range), index))
+		{
+		  /* Accesses after the end of arrays of size 0 (gcc
+		     extension) and 1 are likely intentional. */
+		  if (! tree_int_cst_lt (TYPE_MAX_VALUE (range),
+					 build_int_2 (2, 0)))
+		    warning ("array subscript out of range");
+		}
+	    }
+	}
+
       type = TYPE_MAIN_VARIANT (TREE_TYPE (TREE_TYPE (array)));
       rval = build (ARRAY_REF, type, array, index);
       /* Array ref is const/volatile if the array elements are

(this is the first time I hack gcc, so there might be lots of errors
in this code)

So do you think this is a good idea? If so, at which level should it
be activated?

	Falk

Re: Array out of bounds warning

[Jeffrey A Law]

  In message < 87d7jv8i9p.fsf@student.uni-tuebingen.de >you write:
  > Hi,
  > 
  > the Compaq C compiler has a warning for an array out of bounds access
  > with constant index (and known array size, of course), like this:
  > 
  > int a[10];
  > a[10] = 17;
  > 
  > I've already discovered two nasty bugs with this warning, so I
  > wondered whether it might be worth adding it to gcc. It can be
  > erroneously triggered with code that allocates extra space after the
  > array, for example by putting it into a union. These arrays usually
  > have a size of 1, so the Compaq C compiler has a special warning for
  > that which can be toggled seperately. I'd rather never warn in this
  > condition, so I suggest something like this:
It might make more sense to put this in expr.c so that other languages
can get similar checks.  You might also check that the low bound is within
range.

The next question in my mind is how often do we get false hits on the
warning.

But I generally like the idea of issuing a warning if the code is obviously
wrong.  

jeff

Re: Array out of bounds warning

[Falk Hueffner]

Jeffrey A Law <law@cygnus.com> writes:

>   In message < 87d7jv8i9p.fsf@student.uni-tuebingen.de >you write:
>   > Hi,
>   > 
>   > the Compaq C compiler has a warning for an array out of bounds access
>   > with constant index (and known array size, of course), like this:
>   > 
>   > int a[10];
>   > a[10] = 17;
>   > 
> It might make more sense to put this in expr.c so that other languages
> can get similar checks.

Ok, thanks for pointing this out. I'll try that.

> You might also check that the low bound is within range.

Well, for C this already was the case, since it seems integer
constants at that point had already been casted to unsigned, which
would also trigger that warning.

	Falk

Re: Array out of bounds warning

[Kamil Iskra]

On Mon, 31 Jul 2000, Jeffrey A Law wrote:

>   > int a[10];
>   > a[10] = 17;
[snip]
> The next question in my mind is how often do we get false hits on the
> warning.

I've been wondering: what will the proposed patch do for n-dimensional
arrays, say:

int a[10][10];
a[0][10]=17;

I think right now the code will generate a warning, but is this what we
want?

I'm not entirely sure whether the standard does allow such a construction,
but surely it has a well defined meaning, given that the memory layout of
arrays is precisely defined in the standard. I've seen such a code only
yesterday, where it was used for speed reasons, so it's probably not an
uncommon trick.

Regards,

-- 
/ Kamil Iskra  kamil@wins.uva.nl                                          \
| Section Computational Science, Faculty FNWI, Universiteit van Amsterdam |
| tel. +31 20 525 75 35  fax. +31 20 525 74 90                            |
\ Kruislaan 403  room F.202  1098 SJ Amsterdam (NL)                       /

Re: Array out of bounds warning

[Geoff Keating]

Kamil Iskra <kamil@wins.uva.nl> writes:

> On Mon, 31 Jul 2000, Jeffrey A Law wrote:
> 
> >   > int a[10];
> >   > a[10] = 17;
> [snip]
> > The next question in my mind is how often do we get false hits on the
> > warning.
> 
> I've been wondering: what will the proposed patch do for n-dimensional
> arrays, say:
> 
> int a[10][10];
> a[0][10]=17;
> 
> I think right now the code will generate a warning, but is this what we
> want?
> 
> I'm not entirely sure whether the standard does allow such a construction,
> but surely it has a well defined meaning, given that the memory layout of
> arrays is precisely defined in the standard. I've seen such a code only
> yesterday, where it was used for speed reasons, so it's probably not an
> uncommon trick.

The behaviour is rendered undefined by the ISO C standard.  This is
precisely so that compilers can do bounds-checking on references like
these.

-- 
- Geoffrey Keating <geoffk@cygnus.com>

Re: Array out of bounds warning

[Kamil Iskra]

On 2 Aug 2000, Geoff Keating wrote:

> > I've been wondering: what will the proposed patch do for n-dimensional
> > arrays, say:
> > 
> > int a[10][10];
> > a[0][10]=17;
> > 
> > I think right now the code will generate a warning, but is this what we
> > want?
[snip]
> The behaviour is rendered undefined by the ISO C standard.

Right. Found it. Thanks.

In real-life situations, even if such tricks are used in the code, they
usually involve variable indices, and thus no warning will be generated.
Hence, there shouldn't be a problem.

-- 
/ Kamil Iskra  kamil@wins.uva.nl                                          \
| Section Computational Science, Faculty FNWI, Universiteit van Amsterdam |
| tel. +31 20 525 75 35  fax. +31 20 525 74 90                            |
\ Kruislaan 403  room F.202  1098 SJ Amsterdam (NL)                       /