https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103073
Jan Hubicka <hubicka at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rguenther at suse dot de --- Comment #5 from Jan Hubicka <hubicka at gcc dot gnu.org> --- OK, after some inlining we produce an access past the end of array which makes get_base_ref_and_extend to produce an access with size==8 and max_size==0. Modref access merging is built on an assumption that max_size>size (if both are known). The access is (*g_18(D))[3][_207];: <array_ref 0x7ffff756f0e0 type <boolean_type 0x7ffff73ebb28 bool public unsigned type_6 QI size <integer_cst 0x7ffff73ed030 constant 8> unit-size <integer_cst 0x7ffff73ed048 constant 1> align:8 warn_if_not_align:0 symtab:0 alias-set 1 canonical-type 0x7ffff73ebb28 precision:1 min <integer_cst 0x7ffff73ed288 0> max <integer_cst 0x7ffff73ed2b8 1> pointer_to_this <pointer_type 0x7ffff7534bd0>> arg:0 <array_ref 0x7ffff756f118 type <array_type 0x7ffff7534dc8 type <boolean_type 0x7ffff73ebb28 bool> type_6 BLK size <integer_cst 0x7ffff7541ae0 constant 168> unit-size <integer_cst 0x7ffff7541ab0 constant 21> align:8 warn_if_not_align:0 symtab:0 alias-set 1 canonical-type 0x7ffff7534dc8 domain <integer_type 0x7ffff7534d20>> arg:0 <mem_ref 0x7ffff7566cd0 type <array_type 0x7ffff7534f18> arg:0 <ssa_name 0x7ffff754d630 type <pointer_type 0x7ffff7534348> visited var <parm_decl 0x7ffff7548180 g> def_stmt GIMPLE_NOP version:18 ptr-info 0x7ffff7541f60> arg:1 <integer_cst 0x7ffff7541e88 constant 0> tt.C:5:14 start: tt.C:5:11 finish: tt.C:5:14> arg:1 <integer_cst 0x7ffff73ed300 constant 3> tt.C:5:17 start: tt.C:5:11 finish: tt.C:5:17> arg:1 <ssa_name 0x7ffff756eca8 type <integer_type 0x7ffff73eb690 unsigned int sizes-gimplified public unsigned SI size <integer_cst 0x7ffff73ed180 constant 32> unit-size <integer_cst 0x7ffff73ed198 constant 4> align:32 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type 0x7ffff73eb690 precision:32 min <integer_cst 0x7ffff73ed1b0 0> max <integer_cst 0x7ffff73ed168 4294967295> pointer_to_this <pointer_type 0x7ffff73fb498>> visited def_stmt _207 = _293 + 21; version:207 ptr-info 0x7ffff7567860> tt.C:5:24 start: tt.C:5:11 finish: tt.C:5:24> and we get maxsize reduced based on value range info: 582 TYPE_PRECISION (sizetype)); 583 woffset *= wi::to_offset (unit_size); 584 woffset <<= LOG2_BITS_PER_UNIT; 585 bit_offset += woffset; 586 if (known_size_p (maxsize)) 587 maxsize -= woffset; 588 } 589 } 590 } (gdb) p woffset $114 = {<poly_int_pod<1, generic_wide_int<fixed_wide_int_storage<128> > >> = {coeffs = {{<fixed_wide_int_storage<128>> = {val = {168, 0, 140737488345944}, len = 1}, static is_sign_extended = true}}}, <No data fields>} (gdb) p maxsize $115 = {<poly_int_pod<1, generic_wide_int<fixed_wide_int_storage<128> > >> = {coeffs = {{<fixed_wide_int_storage<128>> = {val = {168, 0, 140737488346016}, len = 1}, static is_sign_extended = true}}}, <No data fields>} I suppose we can ignore such paradoxical range becuase executing that code undefined. But I think we may want to handle this in alias oracle as well?