https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105892
--- Comment #2 from GCC Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalc...@gcc.gnu.org>: https://gcc.gnu.org/g:13dcaf1bb6d4f15665a47b14ac0c12cf454e38a2 commit r15-1107-g13dcaf1bb6d4f15665a47b14ac0c12cf454e38a2 Author: David Malcolm <dmalc...@redhat.com> Date: Fri Jun 7 16:14:28 2024 -0400 analyzer: new warning: -Wanalyzer-undefined-behavior-ptrdiff (PR analyzer/105892) Add a new warning to complain about pointer subtraction involving different chunks of memory. For example, given: #include <stddef.h> int arr[42]; int sentinel; ptrdiff_t test_invalid_calc_of_array_size (void) { return &sentinel - arr; } this emits: demo.c: In function âtest_invalid_calc_of_array_sizeâ: demo.c:9:20: warning: undefined behavior when subtracting pointers [CWE-469] [-Wanalyzer-undefined-behavior-ptrdiff] 9 | return &sentinel - arr; | ^ events 1-2 â â 3 | int arr[42]; â | ~~~ â | | â | (2) underlying object for right-hand side of subtraction created here â 4 | int sentinel; â | ^~~~~~~~ â | | â | (1) underlying object for left-hand side of subtraction created here â âââ> âtest_invalid_calc_of_array_sizeâ: event 3 â â 9 | return &sentinel - arr; â | ^ â | | â | (3) â ï¸ subtraction of pointers has undefined behavior if they do not point into the same array object â gcc/analyzer/ChangeLog: PR analyzer/105892 * analyzer.opt (Wanalyzer-undefined-behavior-ptrdiff): New option. * analyzer.opt.urls: Regenerate. * region-model.cc (class undefined_ptrdiff_diagnostic): New. (check_for_invalid_ptrdiff): New. (region_model::get_gassign_result): Call it for POINTER_DIFF_EXPR. gcc/ChangeLog: * doc/invoke.texi: Add -Wanalyzer-undefined-behavior-ptrdiff. gcc/testsuite/ChangeLog: PR analyzer/105892 * c-c++-common/analyzer/out-of-bounds-pr110387.c: Add expected warnings about pointer subtraction. * c-c++-common/analyzer/ptr-subtraction-1.c: New test. * c-c++-common/analyzer/ptr-subtraction-CWE-469-example.c: New test. Signed-off-by: David Malcolm <dmalc...@redhat.com>