Array bound checking in clang static analyzer

In this example

  int b={7,5,4,3,2};
std::cout << b[-1] << *(b+(-1)) << *(-1+b) << -1[b] ;

by default we got the warning for b[-1] , and with the --analyze we got the warning for the next two case but for -1[b] we didn’t get any warning. Is there any other check in the CSA which activate this ?
also I’m not pretty sure about clang interpretation of array , but in general compiler implicitly converts -1[b] to *(-1+b) , so it should ultimately give warning but it’s not the case.

It looks like it does the right thing:

Make sure ArrayBoundV2 is disabled, which is known for misbehaving for negative indexing in some cases. I’m not sure if you hit that bug. Check the exploded graph to understand how symbols get contained or to inspect what values are in the store.

1 Like

That’s -(1[b]) aka -b[1] which is valid code that shouldn’t warn.

(-1)[b] works.