https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110902
Bug ID: 110902
Summary: Missing cast in region_model_manager::maybe_fold_binop
on MULT_EXPR by 1
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Whilst trying to fix PR analyzer/110426, I noticed that
region_model_manager::maybe_fold_binop doesn't always return the correct type;
specifically, it fails to cast to TYPE when folding (VAL * 1) -> VAL:
diff --git a/gcc/analyzer/region-model-manager.cc
b/gcc/analyzer/region-model-manager.cc
index 46d271a295c..010906f1ec0 100644
--- a/gcc/analyzer/region-model-manager.cc
+++ b/gcc/analyzer/region-model-manager.cc
@@ -654,7 +654,7 @@ region_model_manager::maybe_fold_binop (tree type, enum
tree_code op,
return get_or_create_constant_svalue (build_int_cst (type, 0));
/* (VAL * 1) -> VAL. */
if (cst1 && integer_onep (cst1))
- return arg0;
+ return get_or_create_cast (type, arg0);
break;
case BIT_AND_EXPR:
if (cst1)
However, on adding the above cast, various bounds-checking tests fail,
seemingly due to confusion about ptrdiff_t vs size_t, and how to compare such
values:
FAIL: gcc.dg/analyzer/flexible-array-member-1.c (test for warnings, line 96)
With -m64:
FAIL: gcc.dg/analyzer/out-of-bounds-diagram-3.c (test for warnings, line 19)
FAIL: gcc.dg/analyzer/out-of-bounds-diagram-3.c (test for warnings, line 24)
FAIL: gcc.dg/analyzer/out-of-bounds-diagram-3.c expected multiline pattern
lines 29-44
