[Bug tree-optimization/94675] [9 regression] -Warray-bounds false positive with -O2

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94675

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |msebor at gcc dot gnu.org

--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
The false positive is not due a shortcoming of the warning but rather due to
GCC not having a sufficiently sophisticated analysis of relationships of
pointers into the same objects.  The same warning (and probably a numbers as
well) can be reproduced with a simpler example.

$ cat pr94675.c && gcc -O2 -S -Wall -fdump-tree-vrp=/dev/stdout pr94675.c
unsigned char c, n;

int f (void)
{
  if (n <= 7) return 0;

  unsigned char *p = &c, *q = p + n;

  if (q - p <= 7)   // not eliminated
    return 0;

  return p[7];      // spurious -Warray-bounds
}

;; Function f (f, funcdef_no=0, decl_uid=1932, cgraph_uid=1, symbol_order=2)

;; 1 loops found
;;
;; Loop 0
;;  header 0, latch 1
;;  depth 0, outer -1
;;  nodes: 0 1 2 3 4
;; 2 succs { 4 3 }
;; 3 succs { 4 }
;; 4 succs { 1 }

Value ranges after VRP:

n.0_1: unsigned char VARYING
_2: unsigned char VARYING
_3: int [0, 255]
_5: int [0, 255]


pr94675.c: In function ‘f’:
pr94675.c:12:11: warning: array subscript 7 is outside array bounds of
‘unsigned char[1]’ [-Warray-bounds]
   12 |   return p[7];
      |          ~^~~
pr94675.c:1:15: note: while referencing ‘c’
    1 | unsigned char c, n;
      |               ^
f ()
{
  unsigned char n.0_1;
  unsigned char _2;
  int _3;
  int _5;

  <bb 2> [local count: 1073741824]:
  n.0_1 = n;
  if (n.0_1 <= 7)
    goto <bb 4>; [34.00%]
  else
    goto <bb 3>; [66.00%]

  <bb 3> [local count: 708669601]:
  _2 = MEM[(unsigned char *)&c + 7B];
  _5 = (int) _2;

  <bb 4> [local count: 1073741824]:
  # _3 = PHI <0(2), _5(3)>
  return _3;

}



;; Function f (f, funcdef_no=0, decl_uid=1932, cgraph_uid=1, symbol_order=2)

;; 1 loops found
;;
;; Loop 0
;;  header 0, latch 1
;;  depth 0, outer -1
;;  nodes: 0 1 2 3 4
;; 2 succs { 4 3 }
;; 3 succs { 4 }
;; 4 succs { 1 }

Value ranges after VRP:

n.0_1: unsigned char VARYING
_2: unsigned char VARYING
_3: int [0, 255]
_5: int [0, 255]


f ()
{
  unsigned char n.0_1;
  unsigned char _2;
  int _3;
  int _5;

  <bb 2> [local count: 1073741824]:
  n.0_1 = n;
  if (n.0_1 <= 7)
    goto <bb 4>; [34.00%]
  else
    goto <bb 3>; [66.00%]

  <bb 3> [local count: 708669601]:
  _2 = MEM[(unsigned char *)&c + 7B];
  _5 = (int) _2;

  <bb 4> [local count: 1073741824]:
  # _3 = PHI <_5(3), 0(2)>
  return _3;

}