[Bug analyzer/107566] New: array out of bounds not detected

jamie.bainbridge at gmail dot com via Gcc-bugs Mon, 07 Nov 2022 18:07:47 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107566


            Bug ID: 107566
           Summary: array out of bounds not detected
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: jamie.bainbridge at gmail dot com
  Target Milestone: ---

Minimal reproducer:

int main(void)
{
        int my_array[3] = { 0 };

        for(int i = 0; i < 6; i++)
                my_array[i] = i;

        return 0;
}

The array has 3 members, but the loop counts further.

This is caught by cppcheck, clang alpha, and PVS-Studio, but not gcc trunk.

URL to reproducer: https://godbolt.org/z/dx96qbcqs

Commandline options: -O0 -Wall -Wextra -Wpedantic -fanalyzer -v

Tested version: gcc
(Compiler-Explorer-Build-gcc-c56826d0f3b143a9cb64ee263707046f8073c1b6-binutils-2.38)
13.0.0 20221106 (experimental)

Complete verbose output:

Using built-in specs.
COLLECT_GCC=/opt/compiler-explorer/gcc-snapshot/bin/gcc
Target: x86_64-linux-gnu
Configured with: ../gcc-trunk-20221107/configure
--prefix=/opt/compiler-explorer/gcc-build/staging --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu --disable-bootstrap
--enable-multiarch --with-abi=m64 --with-multilib-list=m32,m64,mx32
--enable-multilib --enable-clocale=gnu
--enable-languages=c,c++,fortran,ada,objc,obj-c++,d --enable-ld=yes
--enable-gold=yes --enable-libstdcxx-debug --enable-libstdcxx-time=yes
--enable-linker-build-id --enable-lto --enable-plugins --enable-threads=posix
--with-pkgversion=Compiler-Explorer-Build-gcc-c56826d0f3b143a9cb64ee263707046f8073c1b6-binutils-2.38
--enable-libstdcxx-backtrace=yes
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 13.0.0 20221106 (experimental)
(Compiler-Explorer-Build-gcc-c56826d0f3b143a9cb64ee263707046f8073c1b6-binutils-2.38)
 
COLLECT_GCC_OPTIONS='-fdiagnostics-color=always' '-g' '-o' '/app/output.s'
'-masm=intel' '-S' '-O0' '-Wall' '-Wextra' '-Wpedantic' '-fanalyzer' '-v'
'-save-temps' '-mtune=generic' '-march=x86-64' '-dumpdir' '/app/'

/opt/compiler-explorer/gcc-trunk-20221107/bin/../libexec/gcc/x86_64-linux-gnu/13.0.0/cc1
-E -quiet -v -imultiarch x86_64-linux-gnu -iprefix
/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/
<source> -masm=intel -mtune=generic -march=x86-64 -Wall -Wextra -Wpedantic
-fdiagnostics-color=always -fanalyzer -g -fworking-directory -O0
-fpch-preprocess -o /app/output.i
ignoring nonexistent directory
"/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/../../../../x86_64-linux-gnu/include"
ignoring duplicate directory
"/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/../../lib/gcc/x86_64-linux-gnu/13.0.0/include"
ignoring nonexistent directory "/usr/local/include/x86_64-linux-gnu"
ignoring duplicate directory
"/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/../../lib/gcc/x86_64-linux-gnu/13.0.0/include-fixed/x86_64-linux-gnu"
ignoring duplicate directory
"/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/../../lib/gcc/x86_64-linux-gnu/13.0.0/include-fixed"
ignoring nonexistent directory
"/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/../../lib/gcc/x86_64-linux-gnu/13.0.0/../../../../x86_64-linux-gnu/include"
#include "..." search starts here:
#include <...> search starts here:

/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/include

/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/include-fixed/x86_64-linux-gnu

/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/include-fixed
 /usr/local/include
 /opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/../../include
 /usr/include/x86_64-linux-gnu
 /usr/include
End of search list.
COLLECT_GCC_OPTIONS='-fdiagnostics-color=always' '-g' '-o' '/app/output.s'
'-masm=intel' '-S' '-O0' '-Wall' '-Wextra' '-Wpedantic' '-fanalyzer' '-v'
'-save-temps' '-mtune=generic' '-march=x86-64' '-dumpdir' '/app/'

/opt/compiler-explorer/gcc-trunk-20221107/bin/../libexec/gcc/x86_64-linux-gnu/13.0.0/cc1
-fpreprocessed /app/output.i -quiet -dumpdir /app/ -dumpbase output.c
-dumpbase-ext .c -masm=intel -mtune=generic -march=x86-64 -g -O0 -Wall -Wextra
-Wpedantic -version -fdiagnostics-color=always -fanalyzer -o /app/output.s
GNU C17
(Compiler-Explorer-Build-gcc-c56826d0f3b143a9cb64ee263707046f8073c1b6-binutils-2.38)
version 13.0.0 20221106 (experimental) (x86_64-linux-gnu)
        compiled by GNU C version 9.4.0, GMP version 6.2.1, MPFR version 4.1.0,
MPC version 1.2.1, isl version isl-0.24-GMP

GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096
GNU C17
(Compiler-Explorer-Build-gcc-c56826d0f3b143a9cb64ee263707046f8073c1b6-binutils-2.38)
version 13.0.0 20221106 (experimental) (x86_64-linux-gnu)
        compiled by GNU C version 9.4.0, GMP version 6.2.1, MPFR version 4.1.0,
MPC version 1.2.1, isl version isl-0.24-GMP

GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096
Compiler executable checksum: 0290f59709883f52562bc4105777b706
<source>: In function 'main':
<source>:3:13: warning: variable 'my_array' set but not used
[-Wunused-but-set-variable]
    3 |         int my_array[3] = { 0 };
      |             ^~~~~~~~
COMPILER_PATH=/opt/compiler-explorer/gcc-trunk-20221107/bin/../libexec/gcc/x86_64-linux-gnu/13.0.0/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../libexec/gcc/x86_64-linux-gnu/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../libexec/gcc/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/../../../../x86_64-linux-gnu/bin/
LIBRARY_PATH=/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/../../../../lib64/:/lib/x86_64-linux-gnu/:/lib/../lib64/:/usr/lib/x86_64-linux-gnu/:/usr/lib/../lib64/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/../../../../x86_64-linux-gnu/lib/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/../../../:/lib/:/usr/lib/
COLLECT_GCC_OPTIONS='-fdiagnostics-color=always' '-g' '-o' '/app/output.s'
'-masm=intel' '-S' '-O0' '-Wall' '-Wextra' '-Wpedantic' '-fanalyzer' '-v'
'-save-temps' '-mtune=generic' '-march=x86-64' '-dumpdir' '/app/output.'
ASM generation compiler returned: 0
Using built-in specs.
COLLECT_GCC=/opt/compiler-explorer/gcc-snapshot/bin/gcc
COLLECT_LTO_WRAPPER=/opt/compiler-explorer/gcc-trunk-20221107/bin/../libexec/gcc/x86_64-linux-gnu/13.0.0/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../gcc-trunk-20221107/configure
--prefix=/opt/compiler-explorer/gcc-build/staging --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu --disable-bootstrap
--enable-multiarch --with-abi=m64 --with-multilib-list=m32,m64,mx32
--enable-multilib --enable-clocale=gnu
--enable-languages=c,c++,fortran,ada,objc,obj-c++,d --enable-ld=yes
--enable-gold=yes --enable-libstdcxx-debug --enable-libstdcxx-time=yes
--enable-linker-build-id --enable-lto --enable-plugins --enable-threads=posix
--with-pkgversion=Compiler-Explorer-Build-gcc-c56826d0f3b143a9cb64ee263707046f8073c1b6-binutils-2.38
--enable-libstdcxx-backtrace=yes
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 13.0.0 20221106 (experimental)
(Compiler-Explorer-Build-gcc-c56826d0f3b143a9cb64ee263707046f8073c1b6-binutils-2.38)
 
COLLECT_GCC_OPTIONS='-fdiagnostics-color=always' '-g' '-o' '/app/output.s'
'-O0' '-Wall' '-Wextra' '-Wpedantic' '-fanalyzer' '-v' '-save-temps' '-L.'
'-mtune=generic' '-march=x86-64' '-dumpdir' '/app/output.s-'

/opt/compiler-explorer/gcc-trunk-20221107/bin/../libexec/gcc/x86_64-linux-gnu/13.0.0/cc1
-E -quiet -v -imultiarch x86_64-linux-gnu -iprefix
/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/
<source> -mtune=generic -march=x86-64 -Wall -Wextra -Wpedantic
-fdiagnostics-color=always -fanalyzer -g -fworking-directory -O0
-fpch-preprocess -o /app/output.s-example.i
ignoring nonexistent directory
"/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/../../../../x86_64-linux-gnu/include"
ignoring duplicate directory
"/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/../../lib/gcc/x86_64-linux-gnu/13.0.0/include"
ignoring nonexistent directory "/usr/local/include/x86_64-linux-gnu"
ignoring duplicate directory
"/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/../../lib/gcc/x86_64-linux-gnu/13.0.0/include-fixed/x86_64-linux-gnu"
ignoring duplicate directory
"/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/../../lib/gcc/x86_64-linux-gnu/13.0.0/include-fixed"
ignoring nonexistent directory
"/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/../../lib/gcc/x86_64-linux-gnu/13.0.0/../../../../x86_64-linux-gnu/include"
#include "..." search starts here:
#include <...> search starts here:

/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/include

/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/include-fixed/x86_64-linux-gnu

/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/include-fixed
 /usr/local/include
 /opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/../../include
 /usr/include/x86_64-linux-gnu
 /usr/include
End of search list.
COLLECT_GCC_OPTIONS='-fdiagnostics-color=always' '-g' '-o' '/app/output.s'
'-O0' '-Wall' '-Wextra' '-Wpedantic' '-fanalyzer' '-v' '-save-temps' '-L.'
'-mtune=generic' '-march=x86-64' '-dumpdir' '/app/output.s-'

/opt/compiler-explorer/gcc-trunk-20221107/bin/../libexec/gcc/x86_64-linux-gnu/13.0.0/cc1
-fpreprocessed /app/output.s-example.i -quiet -dumpdir /app/output.s- -dumpbase
example.c -dumpbase-ext .c -mtune=generic -march=x86-64 -g -O0 -Wall -Wextra
-Wpedantic -version -fdiagnostics-color=always -fanalyzer -o
/app/output.s-example.s
GNU C17
(Compiler-Explorer-Build-gcc-c56826d0f3b143a9cb64ee263707046f8073c1b6-binutils-2.38)
version 13.0.0 20221106 (experimental) (x86_64-linux-gnu)
        compiled by GNU C version 9.4.0, GMP version 6.2.1, MPFR version 4.1.0,
MPC version 1.2.1, isl version isl-0.24-GMP

GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096
GNU C17
(Compiler-Explorer-Build-gcc-c56826d0f3b143a9cb64ee263707046f8073c1b6-binutils-2.38)
version 13.0.0 20221106 (experimental) (x86_64-linux-gnu)
        compiled by GNU C version 9.4.0, GMP version 6.2.1, MPFR version 4.1.0,
MPC version 1.2.1, isl version isl-0.24-GMP

GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096
Compiler executable checksum: 0290f59709883f52562bc4105777b706
<source>: In function 'main':
<source>:3:13: warning: variable 'my_array' set but not used
[-Wunused-but-set-variable]
    3 |         int my_array[3] = { 0 };
      |             ^~~~~~~~
COLLECT_GCC_OPTIONS='-fdiagnostics-color=always' '-g' '-o' '/app/output.s'
'-O0' '-Wall' '-Wextra' '-Wpedantic' '-fanalyzer' '-v' '-save-temps' '-L.'
'-mtune=generic' '-march=x86-64' '-dumpdir' '/app/output.s-'

/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/../../../../x86_64-linux-gnu/bin/as
-v --gdwarf-5 --64 -o /app/output.s-example.o /app/output.s-example.s
GNU assembler version 2.38 (x86_64-linux-gnu) using BFD version
(Compiler-Explorer-Build-gcc-c56826d0f3b143a9cb64ee263707046f8073c1b6-binutils-2.38)
2.38
COMPILER_PATH=/opt/compiler-explorer/gcc-trunk-20221107/bin/../libexec/gcc/x86_64-linux-gnu/13.0.0/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../libexec/gcc/x86_64-linux-gnu/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../libexec/gcc/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/../../../../x86_64-linux-gnu/bin/
LIBRARY_PATH=/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/../../../../lib64/:/lib/x86_64-linux-gnu/:/lib/../lib64/:/usr/lib/x86_64-linux-gnu/:/usr/lib/../lib64/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/../../../../x86_64-linux-gnu/lib/:/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/../../../:/lib/:/usr/lib/
COLLECT_GCC_OPTIONS='-fdiagnostics-color=always' '-g' '-o' '/app/output.s'
'-O0' '-Wall' '-Wextra' '-Wpedantic' '-fanalyzer' '-v' '-save-temps' '-L.'
'-mtune=generic' '-march=x86-64' '-dumpdir' '/app/output.s.'

/opt/compiler-explorer/gcc-trunk-20221107/bin/../libexec/gcc/x86_64-linux-gnu/13.0.0/collect2
-plugin
/opt/compiler-explorer/gcc-trunk-20221107/bin/../libexec/gcc/x86_64-linux-gnu/13.0.0/liblto_plugin.so
-plugin-opt=/opt/compiler-explorer/gcc-trunk-20221107/bin/../libexec/gcc/x86_64-linux-gnu/13.0.0/lto-wrapper
-plugin-opt=-fresolution=/app/output.s.res -plugin-opt=-pass-through=-lgcc
-plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lc
-plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_s --build-id
--eh-frame-hdr -m elf_x86_64 -dynamic-linker /lib64/ld-linux-x86-64.so.2 -o
/app/output.s /lib/x86_64-linux-gnu/crt1.o /lib/x86_64-linux-gnu/crti.o
/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/crtbegin.o
-L.
-L/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0
-L/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu
-L/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc
-L/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/../../../../lib64
-L/lib/x86_64-linux-gnu -L/lib/../lib64 -L/usr/lib/x86_64-linux-gnu
-L/usr/lib/../lib64
-L/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/../../../../x86_64-linux-gnu/lib
-L/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/../../..
/app/output.s-example.o -rpath . -lgcc --push-state --as-needed -lgcc_s
--pop-state -lc -lgcc --push-state --as-needed -lgcc_s --pop-state
/opt/compiler-explorer/gcc-trunk-20221107/bin/../lib/gcc/x86_64-linux-gnu/13.0.0/crtend.o
/lib/x86_64-linux-gnu/crtn.o
COLLECT_GCC_OPTIONS='-fdiagnostics-color=always' '-g' '-o' '/app/output.s'
'-O0' '-Wall' '-Wextra' '-Wpedantic' '-fanalyzer' '-v' '-save-temps' '-L.'
'-mtune=generic' '-march=x86-64' '-dumpdir' '/app/output.s.'
Execution build compiler returned: 0
Program returned: 0

[Bug analyzer/107566] New: array out of bounds not detected

Reply via email to