analyzer: fix ICE on pointer offsets [PR116865]

gcc/analyzer/ChangeLog:
	PR analyzer/116865
	* region-model-manager.cc
	(region_model_manager::get_offset_region): Use POINTER_PLUS_EXPR
	rather than PLUS_EXPR for pointer offsets.

gcc/testsuite/ChangeLog:
	PR analyzer/116865
	* c-c++-common/analyzer/ice-pr116865.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>

diff --git a/gcc/analyzer/region-model-manager.cc b/gcc/analyzer/region-model-manager.cc
index 5790f912d454e7250520a9413ba6e58b203de39d..76ca8348edae1fbb5454366047a2288009641b14 100644 (file)
--- a/gcc/analyzer/region-model-manager.cc
+++ b/gcc/analyzer/region-model-manager.cc
@@ -1732,7 +1732,7 @@ region_model_manager::get_offset_region (const region *parent,
       const svalue *sval_x = parent_offset_reg->get_byte_offset ();
       const svalue *sval_sum
        = get_or_create_binop (byte_offset->get_type (),
-                              PLUS_EXPR, sval_x, byte_offset);
+                              POINTER_PLUS_EXPR, sval_x, byte_offset);
       return get_offset_region (parent->get_parent_region (), type, sval_sum);
     }
 

diff --git a/gcc/testsuite/c-c++-common/analyzer/ice-pr116865.c b/gcc/testsuite/c-c++-common/analyzer/ice-pr116865.c
new file mode 100644 (file)
index 0000000..4acddb4
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/analyzer/ice-pr116865.c
@@ -0,0 +1,7 @@
+/* { dg-additional-options "-O2" } */
+
+int f(int l) {
+  char *t_string = (char *)__builtin_calloc(l + 2, 1);
+  char *end = t_string + l - 1;
+  return '0' != *(end - 1); /* { dg-warning "leak of 't_string'" } */
+}