https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105217
--- Comment #5 from Siddhesh Poyarekar <siddhesh at gcc dot gnu.org> --- (In reply to Jakub Jelinek from comment #4) > Then there is the case where we can clearly see that the pointer from malloc > is passed to realloc or can trace it to such easily. I'd say in that case > it would be worthwhile to do some extra work. > For __bos the simplest solution would be if we detect something like that > (e.g. that the SSA_NAME passed to realloc has uses dominated by the realloc > call (though, even figuring that can mean we e.g. mark gimple stmts in each > bb with increasing uids to determine like reassoc what stmt is before > another one) just to punt, say we don't know anything about the SSA_NAME's > size, or use conservative choice from both malloc and realloc (maximum for > bos0/bos1, minimum for bos2/bos3). > For __bdos perhaps the same. Another possibility would be to temporarily > split the SSA_NAME passed to realloc, kind like old VRP was introducing > ASSERT_EXPRs. > So, basically when we see: > whatever = realloc (p_34, ...); > rewrite that (temporarily?) to: > p_121 = p_34; > whatever = realloc (p_121, ...); > and change all p_34 uses dominated by the realloc stmt to p_121, and add the > p_121 = p_34; stmt to some hash table or otherwise mark it so that we > wouldn't propagate the objsz knowledge from p_34 to p_121, but instead set > it on the realloc call. That won't cover the integral comparisons though > I'm afraid... This sounds like a gcc 13+ project. Can we downgrade this since the reproducer is technically invalid and we're only going to attempt to support a limited subset of such uses?
