On 6/26/23 11:21, Jan Hubicka wrote:
Hi,
playing with testcases for path isolation and const function, I noticed
that we do not seem to even try to isolate out of range array accesses:
int a[3]={0,1,2};
test(int i)
{
if (i > 3)
return test2(a[i]);
return a[i];
}
Here call to test2 is dead, since a[i] will access memory past of the
array. We produce a warning:
t.c:5:24: warning: array subscript 4 is above array bounds of ‘int[3]’
[-Warray-bounds=]
but we still keep the call:
My recollection is that we'd planned to have those cases call into the
isolate paths code, but it may not have moved forward -- I lost track of
that work when I left Red Hat. I don't think Martin S. is doing GCC
work anymore, so we'll probably need to update things ourselves.
Curiously adjusting the testcase:
const int a[3]={0,1,2};
test(int i)
{
if (i == 3)
return test2(a[i]);
return a[i];
I would guess that we cprop a[i] into a[3] at which point the oob
reference is painfully obvious and something cleans that up, likely
before we even get to isolate-paths.
Jeff
