<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/54360>54360</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Sanitizers do not always find bad array offset in constexpr arrays
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          wheatman
      </td>
    </tr>
</table>

<pre>
    Even when compiling with `-fsanitize=undefined,address` bad array accesses are not always found into constexpr std:arrays.

The following code triggers a bad access in 5 different ways, the sanitizers catch all but the last case.  For the first 4 it is sometimes caught by the AddressSanitizer and sometimes caught by the UndefinedBehaviorSanitizer depending on which optimization flags I compile it with.

```
// compile with
// ../llvm-project/build/bin/clang++ -Wall  -Wextra -O2 -g  -std=c++20
// -fsanitize=undefined,address -fno-omit-frame-pointer  test.cpp  -o basic

/* version
../llvm-project/build/bin/clang++ --version
clang version 14.0.0 (https://github.com/llvm/llvm-project.git
92ccb8cc50f5098ca4b5642bcfaf7b78761bd892) Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: ../llvm-project/build/bin
*/

#include <array>
#include <iostream>

class test_fixed {
  std::array<int, 10> array = {};

public:
  test_fixed() = default;
  void print(int i) { std::cout << array[i] << "\n"; }
};

class test_constexpr {
  static constexpr std::array<int, 10> array = {};

public:
  test_constexpr() = default;
  void print(int i) { std::cout << array[i] << "\n"; }
};

int main(int argc, char *argv[]) {
  if (argc != 2) {
    return -1;
  }
  uint64_t test = std::strtol(argv[1], nullptr, 10);
  if (test == 0) {
    std::array<int, 10> arr = {};
    std::cout << arr[10] << "\n";
  } else if (test == 1) {
    constexpr std::array<int, 10> arr = {};
    std::cout << arr[10] << "\n";
  } else if (test == 2) {
    static constexpr std::array<int, 10> arr = {};
    std::cout << arr[10] << "\n";
  } else if (test == 3) {
    auto x = test_fixed();
    x.print(10);
  } else if (test == 4) {
    auto x = test_constexpr();
    x.print(10);
  }
}
```



</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzNVktv4zYQ_jXyZSBBovw86GDHG2BPPewWPQYUSclsaVIgKdvZX98hZcWvbNMAxaKAQEGc1zffzFCsDX-tvhyEhuMOF2b2nVRSt3CUfgfJPE8bR7X08odIym2vuWikFjwhT5RzK5xDFagpB2otfQXKGO4Jh58CtPFA1ZG-OmgMmoLU3mAI7bw4dRac50m5joYuS_Jtkq-H9ftOoIVS5hiQMMMFeCvbVlh0PESLcdAhzIDLphFWaA8hFCIDj_YjajRh1LMdIlFQ9z4KFXUet53IAJ6NjXuNtLg5BelBOnBmL7zci2DdtzsP9WvUWg9Zfxu9A8W8fqb8-0jXRuzoQRp7MeOiE5qH9EygXiJA06EP-YN6iVuNoq2Dr-eCiIAqVOSGJqT-_Ayf5BmfN4ugfiPIMlyVOuzTzpo_BfP4WfdS8fCWGlemqG4TssEH0j8CYfgSJ28ppL8RSFv8jkXbskGL3Ib-qFdQQZvU7KVPG0v3Iu0MtgSyAV44n7GuwwAGC-wku0k0uF_DAYuJ3Ax7n8wmvTGOotEfFNMsz3JIyHLnfeewJ4d8WmSwrzMk9BzqLmKGCoO_FWGsXjI2y5tZvloyOq1n8ympWUObRb1YLuZFzZcrkpAVfKe2FR6DwGk5f5lP017_pc1Rpzh2_SltdT8OgRXY6XvsfhW0O-PkaRB9xQnC6gi-lTaIPuLiTGJM64bWUmqmehyvpHyKc5iUX96TSeM8otlfxCONWNRQu5dGngSHZLEZJHAe7nG-gw_tw2wWOTo5nxbYJdFksU3KzbXjrq8VtkC5Hr1dYmCVAovBFPuL9sq_2QIcjOTQ2RhqiSvIqLvYXOAwg2cAwsFnQJHMNjKZbce9hJBk9qTDq9xAgDbgesB4lfzlSLshACeZPRx3_ykjb87_N6wE93sa5i9Gwl5nIUe2o0gOwdTbA7pGz2cII0bZhPkL6vguQh7kTgPACt9bDWlxldsbFIAeA86nLz5SE6l4Sw-71xs1BAjxiwjgCXSvVOftuQpkdeV4ADS6Ct7yB0AfVvS9et4Y3vEeoOU_o_0qZRDKiXcgFg8QP9F-vxrsY4E_PzK_GnP5gJn2eKc5RRz3h9QNolM2TuB9p_1DuOmH4e5OgH8f8jLA794lrtYJr0q-Kld04qVXovp2uVlxc3PJk3gXutwFTdM44cMd7VLQ4bI36a2qPvevxU_pXC_wfvc8m5bzfLKrVkVDGGWiWeRNPmMrWtPlgq-ags6KhpN6omiNxFbhwCFEiyNEF7Hm24msSE5IXhZlXpbltMzyguJfOy9rQRZ1QXkyzQUeZSoLODJj24mtIqS6bx0KlXTeXYT4N5CtFqIazrcJVmpnbIXXaur3VE9i7Cpi_xtNwVjS">