<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/126884>126884</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            `clang-analyzer-security.ArrayBound` false positive
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            false-positive
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          zufuliu
      </td>
    </tr>
</table>

<pre>
    It has false positive for following code (online at https://godbolt.org/z/9v8P684rc):
```c++
struct Foo {
    unsigned char get(unsigned char ch) const {
        return s[ch];
    }
    unsigned char s[256];
};

int bar(const Foo &foo, const char *s) {
    int j = 0;
    if (s) {
        const unsigned char ch = s[j];
        j++;
 if (static_cast<signed char>(ch) >= 0) {
            // nop
        } else {
            j += foo.get(ch);
        }
    }
    return j;
}
```

```console
<source>:3:16: warning: Out of bound access to memory preceding the field 's' [clang-analyzer-security.ArrayBound]
    3 | return s[ch];
      |                ^
[<source>:10:9: note: Assuming 's' is non-null](javascript:;)
   10 |     if (s) {
      | ^
[<source>:10:5: note: Taking true branch](javascript:;)
   10 |     if (s) {
      |     ^
[<source>:13:13: note: Assuming 'ch' is < 0](javascript:;)
   13 |         if (static_cast<signed char>(ch) >= 0) {
 |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[<source>:13:9: note: Taking false branch](javascript:;)
   13 |         if (static_cast<signed char>(ch) >= 0) {
      |         ^
[<source>:16:18: note: Calling 'Foo::get'](javascript:;)
   16 |             j += foo.get(ch);
      | ^~~~~~~~~~~
[<source>:3:16: note: Access of the field 's' at negative byte offset](javascript:;)
    3 |         return s[ch];
      | ^~~~~
1 warning generated.
```
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJysVk2P4ygQ_TWVSymRDbFNDj44SUfa0-5h7yuMsUOWQAS4R-nD_vYVON1Jpz8y0gyybMRH1XuvijLcezUYKWso1lBsZ3wMe-vql7EftRpnre3O9R8B99xjz7WXeLJeBfUssbcOe6u1_aHMgMJ2EoEwa7QyEnnAfQgnD7QBsgOyG2zXWh0W1g1Adi9Adqtn9lfJlk4AWcVlWQNlNj0CyDo-WeODG0XAnbUIVRxARBxNwtyh2HOHgwxA2PsxsQeyQmGNDzf7YnMyjM6gh2It9lBsgb7OQrX91H5cSorybW1cN3WyRpmALXdA2OQr4SRlby2QzcV_MgKk8RHSFUzcekCgW8yuGFQfNbxbGdtk6p5k2h7xHd4xie1wkXAavNgNPCjxj-A-AN3cmAL6FCkk0WI_gfqAIYmUgonGnm4moNqijLnxcf0BE4gt9tYupkglN-_BXqW_9i6BOlxFv0mQSf1rvljjrZZxiG68HZ2QiUZDgTZ5CbTBH9wZZYbY_XMMaHts7Wg65EJI7zFYPMqjdWc8OSlkF1M67CX2SuoOgVQeSIUxaTQ3w5wbrs8v0s29FKNT4bxonOPndTQZQzFRoAjV5puMwzR_16B4ijyK9R2VPAPaxIOCxgYZv4334zECfYWnPBpr5mbUOvoh7MCfuRdOnUI8YHQdhU-u8-zN9RcpF6e_hVLcQvmb_5sUc6PE1nEzEf1lAN_qQV9fnwoSsywpAnSD2SM09F0kfu203McUiqf_HrSvCa4-UXmqwz8n8-8k9iFjvwxNPHE5u4W-4VpfIrOzNqFsUjmoHjEoPwj6MzXlkr4PJL6Wh7cUmsqB7T85_TygkQNPP7_2HCTavvcyPCCA70PwqBpcQEPW5K81CwdppONBdovbojfratqt6IrPZJ1XdEWLsmD5bF8zVnXLVdWxZc_avMo4EYXoV1nRElaSIp-pmmSkyEhO8oyWJF8w3rGMUcZZ33Y9X8Iyk0eu9ELr52P8Zc-U96Osc1Iytpxp3krt042BkJSN89dbARASbxGujjvn7Th4WGZa-eCvtoIKWtaxbD-upWV2d-2YjU7Xd1cLFfZjuxD2CGQXvVw-85OzBykCkF2C74HsLgyea_J_AAAA__-9TYPh">