analyzer: round-trip pointer-equality through intptr_t

When investigating how the analyzer handles malloc/free of Cray pointers
in gfortran I noticed that that analyzer was losing information on
pointers that were cast to an integer type, and then back to a pointer
type again.

The root cause is that region_model::maybe_cast_1 was only preserving
the region_svalue-ness of the result if both types were pointers,
instead returning an unknown_svalue for a pointer-to-int cast.

This patch updates the above code so that it attempts to use a
region_svalue if *either* type is a pointer

Doing so allows the analyzer to recognize that the same underlying
region is in use through various casts through integer types.

gcc/analyzer/ChangeLog:
	* region-model.cc (region_model::maybe_cast_1): Attempt to provide
	a region_svalue if either type is a pointer, rather than if both
	types are pointers.

gcc/testsuite/ChangeLog:
	* gcc.dg/analyzer/torture/intptr_t.c: New test.

2 files changed, 7 insertions, 1 deletions

diff --git a/gcc/analyzer/ChangeLog b/gcc/analyzer/ChangeLog
index 0666d00..ba59131 100644
--- a/gcc/analyzer/ChangeLog
+++ b/gcc/analyzer/ChangeLog
@@ -1,3 +1,9 @@
+2020-02-06  David Malcolm  <dmalcolm@redhat.com>
+
+	* region-model.cc (region_model::maybe_cast_1): Attempt to provide
+	a region_svalue if either type is a pointer, rather than if both
+	types are pointers.
+
 2020-02-05  David Malcolm  <dmalcolm@redhat.com>
 
 	* engine.cc (exploded_node::dump_dot): Show merger enodes.
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index c837ec6..60363c7 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -4977,7 +4977,7 @@ region_model::maybe_cast_1 (tree dst_type, svalue_id sid)
     return sid;
 
   if (POINTER_TYPE_P (dst_type)
-      && POINTER_TYPE_P (src_type))
+      || POINTER_TYPE_P (src_type))
     {
       /* Pointer to region.  */
       if (region_svalue *ptr_sval = sval->dyn_cast_region_svalue ())