https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111040
--- Comment #1 from qinzhao at gcc dot gnu.org ---
an initial study inside gdb shows the following:
1. the guilty pass is "ccp1", when folding the call to
__builtin_dynamic_object_size(p->array, 1)
2. In this pass, the IR for p->array is represented as: (stop at routine
"addr_object_size")
(gdb) call debug_generic_expr(ptr)
&MEM <char[10]> [(void *)&q + 9B]
(gdb) call debug_generic_expr(pt_var)
MEM <char[10]> [(void *)&q + 9B]
therefore the following condition at line 585:
585 if (pt_var != TREE_OPERAND (ptr, 0))
586 {
587 tree var;
was not satisfied, the computation for size of the sub-object is not invoked at
all. as a result, the size for the whole object is used instead. therefore the
wrong result.
I suspect that this is a bug in tree-object-size.cc that cannot handle the IR
&MEM <char[10]> [(void *)&q + 9B] correctly. Current algorithm can only handle
the IR p->array correctly
