[Bug tree-optimization/110043] [14 Regression] ice in size_remaining, at pointer-query.cc:875

rguenth at gcc dot gnu.org via Gcc-bugs Tue, 17 Oct 2023 03:57:12 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110043


Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |msebor at gcc dot gnu.org

--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
We run into

void access_ref::add_offset (const offset_int &min, const offset_int &max)
{
  if (min <= max)
    {
      /* To add an ordinary range just add it to the bounds.  */
      offrng[0] += min;
      offrng[1] += max;

with

(gdb) p offrng[0]
$20 = {<fixed_wide_int_storage<128>> = {val = {0, 0}, len = 1}, 
  static is_sign_extended = true, static needs_write_val_arg = false}
(gdb) p offrng[1]
$21 = {<fixed_wide_int_storage<128>> = {val = {9223372036854775807, 
      140737488342928}, len = 1}, static is_sign_extended = true, 
  static needs_write_val_arg = false}
(gdb) p min
$22 = (const offset_int &) @0x7fffffffd320: {<fixed_wide_int_storage<128>> = {
    val = {0, 15546413}, len = 1}, static is_sign_extended = true, 
  static needs_write_val_arg = false}
(gdb) p max
$23 = (const offset_int &) @0x7fffffffd338: {<fixed_wide_int_storage<128>> = {
    val = {-1, 9223372036854775807}, len = 2}, static is_sign_extended = true, 
  static needs_write_val_arg = false}

min <= max which is supposed to use a signed compare, returns true and
then the offrng[1] += max operation overflows offrng[1] to negative.

Looks like most offset arithmetic in pointer-query should be saturating
somehow ...

[Bug tree-optimization/110043] [14 Regression] ice in size_remaining, at pointer-query.cc:875

Reply via email to