https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109071
Bug ID: 109071
Summary: -Warray-bounds warning when array index checked via
inline
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: kees at outflux dot net
Target Milestone: ---
Created attachment 54611
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54611&action=edit
PoC for -Warray-bounds false positive
The Linux kernel is seeing -Warray-bounds warnings when array indexes are being
checked via inlines. This appears to be in the overly noisy/false positive
territory, but I don't actually know what's going on.
The upstream report is here:
https://lore.kernel.org/lkml/20230306220947.1982272-1-t...@redhat.com/
Originally I thought this was another -fsanitizer=shift issue, but after
reducing the test-case, it seems to be related to inlining or some other aspect
of optimization passes.
If the "assign" function is open-coded in the caller, the warning goes away.
If the index checks are moved before the "assign" calls, the warning goes away.
If there is only 1 call to "assign", the warning goes away.
Fundamentally there should be no warning at all since the value of "index" is
entirely unknown _except_ when it makes the call to "warn".
$ cat test.c
extern void warn(void);
#define MAX_ENTRIES 4
static inline void assign(int val, int *regs, int index)
{
if (index >= MAX_ENTRIES)
warn();
*regs = val;
}
struct nums {
int vals[MAX_ENTRIES];
};
void sparx5_psfp_sg_set(int *ptr, struct nums *sg, int index)
{
int *val;
val = &sg->vals[index];
assign(0, ptr, index);
assign(*val, ptr, index);
}
$ gcc -Wall -O2 -c -o test.o test.c
test.c: In function 'sparx5_psfp_sg_set':
test.c:20:24: warning: array subscript 4 is above array bounds of 'int[4]'
[-Warray-bounds=]
20 | val = &sg->vals[index];
| ~~~~~~~~^~~~~~~
test.c:13:13: note: while referencing 'vals'
13 | int vals[MAX_ENTRIES];
| ^~~~
