CSmith tries very hard to avoid generating undefined behaviors, because they are the primary cause of miscompilation false positives. As the paper makes clear, DeepSmith does no undefined behavior validation of its own.
The compiler _will_ attempt to prove that bounds checks aren't needed and eliminate them; see https://godbolt.org/z/7QPfhR vs https://godbolt.org/z/Vx39fv for example. In the first, there's an array and the compiler knows that it has a length of 3, so an index of zero needs no checks. In the second, we don't know how long the slice is, so we have to do the check.