c++: Fix ICEs with OBJ_TYPE_REF pretty printing [PR101597]

The following testcase ICEs, because middle-end uses the C++ FE pretty
printing code through langhooks in the diagnostics.
The FE expects OBJ_TYPE_REF_OBJECT's type to be useful (pointer to the
class type it is called on), but in the middle-end conversions between
pointer types are useless, so the actual type can be some random
unrelated pointer type (in the testcase void * pointer).  The pretty
printing code then ICEs on it.

The following patch fixes that by sticking the original
OBJ_TYPE_REF_OBJECT's also as type of OBJ_TYPE_REF_TOKEN operand.
That one must be an INTEGER_CST, all the current uses of
OBJ_TYPE_REF_TOKEN just use tree_to_uhwi or tree_to_shwi on it,
and because it is constant, there is no risk of the middle-end propagating
into it some other pointer type.  So, approach similar to how MEM_REF
treats its second operand or a couple of internal functions (e.g.
IFN_VA_ARG) some of its parameters.

2022-01-11  Jakub Jelinek  <jakub@redhat.com>

	PR c++/101597
gcc/
	* tree.def (OBJ_TYPE_REF): Document type of OBJ_TYPE_REF_TOKEN.
gcc/cp/
	* class.c (build_vfn_ref): Build OBJ_TYPE_REF with INTEGER_CST
	OBJ_TYPE_REF_TOKEN with type equal to OBJ_TYPE_REF_OBJECT type.
	* error.c (resolve_virtual_fun_from_obj_type_ref): Use type of
	OBJ_TYPE_REF_TOKEN rather than type of OBJ_TYPE_REF_OBJECT as
	obj_type.
gcc/objc/
	* objc-act.c (objc_rewrite_function_call): Build OBJ_TYPE_REF
	with INTEGER_CST OBJ_TYPE_REF_TOKEN with type equal to
	OBJ_TYPE_REF_OBJECT type.
	* objc-next-runtime-abi-01.c (build_objc_method_call): Likewise.
	* objc-gnu-runtime-abi-01.c (build_objc_method_call): Likewise.
	* objc-next-runtime-abi-02.c (build_v2_objc_method_fixup_call,
	build_v2_build_objc_method_call): Likewise.
gcc/testsuite/
	* g++.dg/opt/pr101597.C: New test.

8 files changed, 30 insertions, 12 deletions

diff --git a/gcc/cp/class.c b/gcc/cp/class.c
index acbdbe4..e5cc6f1 100644
--- a/gcc/cp/class.c
+++ b/gcc/cp/class.c
@@ -778,7 +778,8 @@ build_vfn_ref (tree instance_ptr, tree idx)
 		   cp_build_addr_expr (aref, tf_warning_or_error));
 
   /* Remember this as a method reference, for later devirtualization.  */
-  aref = build3 (OBJ_TYPE_REF, TREE_TYPE (aref), aref, instance_ptr, idx);
+  aref = build3 (OBJ_TYPE_REF, TREE_TYPE (aref), aref, instance_ptr,
+		 fold_convert (TREE_TYPE (instance_ptr), idx));
 
   return aref;
 }
diff --git a/gcc/cp/error.c b/gcc/cp/error.c
index 1172dbe..8a3b7b5 100644
--- a/gcc/cp/error.c
+++ b/gcc/cp/error.c
@@ -2149,7 +2149,7 @@ dump_expr_init_vec (cxx_pretty_printer *pp, vec<constructor_elt, va_gc> *v,
 static tree
 resolve_virtual_fun_from_obj_type_ref (tree ref)
 {
-  tree obj_type = TREE_TYPE (OBJ_TYPE_REF_OBJECT (ref));
+  tree obj_type = TREE_TYPE (OBJ_TYPE_REF_TOKEN (ref));
   HOST_WIDE_INT index = tree_to_uhwi (OBJ_TYPE_REF_TOKEN (ref));
   tree fun = BINFO_VIRTUALS (TYPE_BINFO (TREE_TYPE (obj_type)));
   while (index)
diff --git a/gcc/objc/objc-act.c b/gcc/objc/objc-act.c
index efb19a6..4d95bc6 100644
--- a/gcc/objc/objc-act.c
+++ b/gcc/objc/objc-act.c
@@ -9644,11 +9644,9 @@ objc_rewrite_function_call (tree function, tree first_param)
       && TREE_CODE (TREE_OPERAND (function, 0)) == ADDR_EXPR
       && TREE_CODE (TREE_OPERAND (TREE_OPERAND (function, 0), 0))
 	 == FUNCTION_DECL)
-    {
-      function = build3 (OBJ_TYPE_REF, TREE_TYPE (function),
-			 TREE_OPERAND (function, 0),
-			 first_param, size_zero_node);
-    }
+    function = build3 (OBJ_TYPE_REF, TREE_TYPE (function),
+		       TREE_OPERAND (function, 0), first_param,
+		       build_int_cst (TREE_TYPE (first_param), 0));
 
   return function;
 }
diff --git a/gcc/objc/objc-gnu-runtime-abi-01.c b/gcc/objc/objc-gnu-runtime-abi-01.c
index 078a8d5..8aa2044 100644
--- a/gcc/objc/objc-gnu-runtime-abi-01.c
+++ b/gcc/objc/objc-gnu-runtime-abi-01.c
@@ -725,7 +725,8 @@ build_objc_method_call (location_t loc, int super_flag, tree method_prototype,
       parms->quick_push (TREE_VALUE (method_params));
 
   /* Build an obj_type_ref, with the correct cast for the method call.  */
-  t = build3 (OBJ_TYPE_REF, sender_cast, method, lookup_object, size_zero_node);
+  t = build3 (OBJ_TYPE_REF, sender_cast, method, lookup_object,
+	      build_int_cst (TREE_TYPE (lookup_object), 0));
   t = build_function_call_vec (loc, vNULL, t, parms, NULL);
   vec_free (parms);
   return t;
diff --git a/gcc/objc/objc-next-runtime-abi-01.c b/gcc/objc/objc-next-runtime-abi-01.c
index 468a0de..a4287e4 100644
--- a/gcc/objc/objc-next-runtime-abi-01.c
+++ b/gcc/objc/objc-next-runtime-abi-01.c
@@ -883,7 +883,7 @@ build_objc_method_call (location_t loc, int super_flag, tree method_prototype,
 
   /* Build an obj_type_ref, with the correct cast for the method call.  */
   t = build3 (OBJ_TYPE_REF, sender_cast, method,
-			    lookup_object, size_zero_node);
+	      lookup_object, build_int_cst (TREE_TYPE (lookup_object), 0));
   t = build_function_call_vec (loc, vNULL, t, parms, NULL);
   vec_free (parms);
   return t;
diff --git a/gcc/objc/objc-next-runtime-abi-02.c b/gcc/objc/objc-next-runtime-abi-02.c
index 1bf2898..e50ca6e 100644
--- a/gcc/objc/objc-next-runtime-abi-02.c
+++ b/gcc/objc/objc-next-runtime-abi-02.c
@@ -1663,7 +1663,8 @@ build_v2_objc_method_fixup_call (int super_flag, tree method_prototype,
   method_params = tree_cons (NULL_TREE, lookup_object,
                              tree_cons (NULL_TREE, selector,
                                         method_params));
-  t = build3 (OBJ_TYPE_REF, sender_cast, sender, lookup_object, size_zero_node);
+  t = build3 (OBJ_TYPE_REF, sender_cast, sender, lookup_object,
+	      build_int_cst (TREE_TYPE (lookup_object), 0));
   ret_val =  build_function_call (input_location, t, method_params);
   if (check_for_nil)
     {
@@ -1772,7 +1773,7 @@ build_v2_build_objc_method_call (int super, tree method_prototype,
 
   /* Build an obj_type_ref, with the correct cast for the method call.  */
   t = build3 (OBJ_TYPE_REF, sender_cast, method,
-			    lookup_object, size_zero_node);
+	      lookup_object, build_int_cst (TREE_TYPE (lookup_object), 0));
   tree ret_val = build_function_call_vec (loc, vNULL, t, parms, NULL);
   vec_free (parms);
   if (check_for_nil)
diff --git a/gcc/testsuite/g++.dg/opt/pr101597.C b/gcc/testsuite/g++.dg/opt/pr101597.C
new file mode 100644
index 0000000..3b7b34f
--- /dev/null
+++ b/gcc/testsuite/g++.dg/opt/pr101597.C
@@ -0,0 +1,13 @@
+// PR c++/101597
+// { dg-do compile }
+// { dg-options "-O2 -Warray-bounds" }
+
+typedef __SIZE_TYPE__ size_t;
+struct S { virtual void *foo (size_t) __attribute__((alloc_size (2))); };
+
+int
+foo (void *p)
+{
+  char *q = static_cast<char *> (static_cast<S *> (p)->foo (32));
+  return q[64];		// { dg-warning "array subscript 64 is outside array bounds of" }
+}
diff --git a/gcc/tree.def b/gcc/tree.def
index 33eb3b7..36b91f0 100644
--- a/gcc/tree.def
+++ b/gcc/tree.def
@@ -470,7 +470,11 @@ DEFTREECODE (INDIRECT_REF, "indirect_ref", tcc_reference, 1)
    OBJ_TYPE_REF_OBJECT: Is the object on whose behalf the lookup is
    being performed.  Through this the optimizers may be able to statically
    determine the dynamic type of the object.
-   OBJ_TYPE_REF_TOKEN: An integer index to the virtual method table.  */
+   OBJ_TYPE_REF_TOKEN: An integer index to the virtual method table.
+   The integer index should have as type the original type of
+   OBJ_TYPE_REF_OBJECT; as pointer type conversions are useless in GIMPLE,
+   the type of OBJ_TYPE_REF_OBJECT can change to an unrelated pointer
+   type during optimizations.  */
 DEFTREECODE (OBJ_TYPE_REF, "obj_type_ref", tcc_expression, 3)
 
 /* Used to represent the brace-enclosed initializers for a structure or an