https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98255
--- Comment #3 from Martin Jambor <jamborm at gcc dot gnu.org> ---
So SRA sees statements:
n[0][2] = "\t\x02\b";
and later
_11 = n[0][3][4294967294];
The latter loads a scalar sitting inside what the store above
initialized (according to get_ref_base_and_extent) and so SRA creates
a single char replacement for it which is initialized with:
n$0$3$4294967294_24 = "\t\x02\b"[4294967294];
the RHS being:
<array_ref 0x7ffff76420a8
type <integer_type 0x7ffff74e63f0 char sizes-gimplified public QI
size <integer_cst 0x7ffff74cddc8 constant 8>
unit-size <integer_cst 0x7ffff74cdde0 constant 1>
align:8 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type
0x7ffff74e63f0 precision:8 min <integer_cst 0x7ffff74cde10 -128> max
<integer_cst 0x7ffff74cde40 127>
pointer_to_this <pointer_type 0x7ffff74f1c78>>
arg:0 <string_cst 0x7ffff76133d8
type <array_type 0x7ffff7601498 type <integer_type 0x7ffff74e63f0 char>
sizes-gimplified BLK
size <integer_cst 0x7ffff74eb180 constant 24>
unit-size <integer_cst 0x7ffff7613138 constant 3>
align:8 warn_if_not_align:0 symtab:0 alias-set 0 canonical-type
0x7ffff7601498 domain <integer_type 0x7ffff76013f0>>
constant "\011\002\010">
arg:1 <integer_cst 0x7ffff76130a8 type <integer_type 0x7ffff74e6690
unsigned int> constant 4294967294>
pr98255.c:20:21 start: pr98255.c:20:14 finish: pr98255.c:20:23>
At expansion time, that the 4294967294 index is not however
sign-expanded and so the program ends up loading from a bad memory
address.
Is "\t\x02\b"[4294967294] something the expander should sign-extend
or should SRA avoid re-using array_refs with indices which change when
sign-extended to a pointer width integer?
