How does this look?
I think it's 99% there. You've addressed all of my comments so far -- thanks for that and for being so patient. I realize it would be a lot more efficient to get all the feedback (or as much of it as possible) up front. Unfortunately, some things don't get noticed until round 2 or 3 (or even 4). Please take this in lieu of an apology for not spotting the issues below until now(*). For this code: void f (void*); void g (int n) { int a [n]; f (a); } -Wvla-larger-than=32 prints: warning: argument to variable-length array may be too large note: limit is 32 bytes, but argument may be 18446744073709551612 An int argument cannot be that large. I suspect the printed value is actually the size of the VLA in bytes when N is -1, truncated to size_t, rather than the value of the VLA bound. To avoid confusion the note should be corrected to say something like: note: limit is 32 bytes, but the variable-length array may be as large as 18446744073709551612 Also, the checker prints false positives for code like: void f (void*); void g (unsigned x, int *y) { if (1000 < x) return; while (*y) { char a [x]; f (a); } } With -Wvla-larger-than=1000 and greater it prints: warning: unbounded use of variable-length array (Same thing with alloca). There should be no warning for VLAs, and for alloca, the warning should say "use of variable-length array within a loop." The VRP dump suggests the range information is available within the loop. Is the get_range_info() function not returning the corresponding bounds? Martin [*] If you want to get me back I invite you (with a bit of selfishness ;-) to review my -Wformat-length patch.