https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103121
--- Comment #9 from Andrew Macleod <amacleod at redhat dot com> --- (In reply to Martin Sebor from comment #8) > The [1, 1] range comes from a call to qry->range_of_expr (vr, exp, stmt) in > in get_size_range() in pointer-query.cc: > > (gdb) > #7 0x000000000192c0df in strlen_pass::maybe_warn_overflow ( > this=0x7fffffffd880, stmt=0x7ffff4de2730, call_lhs=true, > len=0x7ffff78ff4e0, si=0x0, plus_one=false, rawmem=false) > at /src/gcc/master/gcc/tree-ssa-strlen.c:2038 > 2038 tree destsize = compute_objsize (dest, stmt, ostype, &aref, &ptr_qry); > (gdb) dg stmt > # .MEM_53 = VDEF <.MEM_36> > *grp_name_37 = 0; > $7 = (gimple *) 0x7ffff4de2730 and is this not from: <bb 12> [local count: 12992276]: *grp_name_37 = 0; goto <bb 14>; [100.00%] which means we have taken the branch 4->12 and should expect: 4->12 (F) _1 : unsigned int [0, 0] 4->12 (F) _4 : unsigned int [1, 1] which is exactly what you are getting?
