Open
Description
Here's a variation of the example from issue #279
typedef unsigned long size_t;
extern _Itype_for_any(T) void *malloc(size_t size) : itype(_Array_ptr<T>) byte_count(size);
struct foo {
int *x;
int y;
};
void f(void) {
int n = 10;
int *p = malloc(sizeof(int)*n);
struct foo *z = malloc(sizeof(struct foo));
z->x = p;
z->y = n;
}
void g(struct foo *p, struct foo *q) {
int *w = p->x;
int k = q->y; // will be inferred as the bounds of w
w[0] = 1;
}
The difference with #279 is the additional q parameter for g and the assignment of q's bound to k. The problem is that the bounds inference incorrectly treats k as w's bound even though w comes from p and k comes from q.