[Bug middle-end/125471] New: [14/15/16 regression] -Wnull-dereference false positive when subtracting pointers

[eggert at cs dot ucla.edu via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=125471

            Bug ID: 125471
           Summary: [14/15/16 regression] -Wnull-dereference false
                    positive when subtracting pointers
           Product: gcc
           Version: 16.1.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: eggert at cs dot ucla.edu
  Target Milestone: ---

Created attachment 64560
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=64560&action=edit
-Wnull-dereference false positive derived from Emacs source code

I ran into this problem when compiling an experimental version of GNU Emacs
with  gcc (GCC) 16.1.1 20260515 (Red Hat 16.1.1-2) on x86-64. I observe the
problem in GCC 14 and 15 (on Ubuntu) but not on GCC 13 (on Ubuntu).

Compile the attached program t.i with:

gcc -Wnull-dereference -S -O2 t.i

The output is at the end of this comment. All the diagnostics are false
positives, as no pointers are being dereferenced. (The pointer "r", which is
not being diagnosed here, is guaranteed to be non-null by the previous line's
__builtin_unreachable ().

I tried to create a smaller test case, but the diagnostics were erratic and
were attached to other seemingly-unrelated expressions. So it looks like there
may be internal confusion in Emacs about whether a pointer might be null. I'm
therefore attaching the full test case.

Although Bug#117236 looks similar, it's marked as fixed in gcc-16, so I'm
filing this as a separate bug report.

t.i: In function ‘igc_realloc_ambig’:
t.i:59717:57: warning: potential null pointer dereference [-Wnull-dereference]
59717 |   ptrdiff_t old_size = (char *) r->d.end - (char *) r->d.start;
      |                                                     ~~~~^~~~~~
t.i:59717:37: warning: potential null pointer dereference [-Wnull-dereference]
59717 |   ptrdiff_t old_size = (char *) r->d.end - (char *) r->d.start;
      |                                 ~~~~^~~~
t.i:59717:57: warning: potential null pointer dereference [-Wnull-dereference]
59717 |   ptrdiff_t old_size = (char *) r->d.end - (char *) r->d.start;
      |                                                     ~~~~^~~~~~
t.i:59717:37: warning: potential null pointer dereference [-Wnull-dereference]
59717 |   ptrdiff_t old_size = (char *) r->d.end - (char *) r->d.start;
      |                                 ~~~~^~~~