https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96820
--- Comment #8 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The releases/gcc-10 branch has been updated by Martin Jambor <jamb...@gcc.gnu.org>: https://gcc.gnu.org/g:75f5776b3fc4dad7453f8b9cf1690bd2ad628991 commit r10-8709-g75f5776b3fc4dad7453f8b9cf1690bd2ad628991 Author: Martin Jambor <mjam...@suse.cz> Date: Fri Sep 4 14:31:16 2020 +0200 sra: Avoid SRAing if there is an aout-of-bounds access (PR 96820) The testcase causes and ICE in the SRA verifier on x86_64 when compiling with -m32 because build_user_friendly_ref_for_offset looks at an out-of-bounds array_ref within an array_ref which accesses an offset which does not fit into a signed 32bit integer and turns it into an array-ref with a negative index. The best thing is probably to bail out early when encountering an out of bounds access to a local stack-allocated aggregate (and let the DSE just delete such statements) which is what the patch does. I also glanced over to the initial candidate vetting routine to make sure the size would fit into HWI and noticed that it uses unsigned variants whereas the rest of SRA operates on signed offsets and sizes (because get_ref_and_extent does) and so changed that for the sake of consistency. These ancient checks operate on sizes of types as opposed to DECLs but I hope that any issues potentially arising from that are basically hypothetical. gcc/ChangeLog: 2020-08-28 Martin Jambor <mjam...@suse.cz> PR tree-optimization/96820 * tree-sra.c (create_access): Disqualify candidates with accesses beyond the end of the original aggregate. (maybe_add_sra_candidate): Check that candidate type size fits signed uhwi for the sake of consistency. gcc/testsuite/ChangeLog: 2020-08-28 Martin Jambor <mjam...@suse.cz> PR tree-optimization/96820 * gcc.dg/tree-ssa/pr96820.c: New test. (cherry picked from commit 8ad3fc6ca46c603d9c3efe8e6d4a8f2ff1a893a4)