https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67921
--- Comment #6 from bin.cheng <amker.cheng at gmail dot com> ---
The fact is GCC calls function:
chrec_fold_minus (type, chrec1, chrec2)
// type == sizetype
// chrec1 == 4 - (sizetype) &c
// chrec2 == (sizetype) ((int *) p1_8(D) + ((sizetype) a_23 * 24 + 4))
And so calls below function at the end of chrec_fold_plus_1:
return fold_build2 (code, type,
fold_convert (type, op0),
fold_convert (type, op1));
// code == MINUS_EXPR
// type == sizetype
// op0 == 4 - (sizetype) &c
// op1 == (sizetype) ((int *) p1_8(D) + ((sizetype) a_23 * 24 + 4))
In fold_build_loc, the associate logic is trigged and below expression is
returned:
((sizetype) -((int *) p1_8(D) + ((sizetype) a_23 * 24 + 4)) - (sizetype)
&c) + 4
With this returned CHREC, the following resolve_mixer tries to apply
NEGATE_EXPR by calling below function:
chrec_fold_multiply (type, fold_convert (type, integer_minus_one_node),
op0);
// type == int *
// op0 == (int *) p1_8(D) + ((sizetype) a_23 * 24 + 4)
So the issue boils down to question whether it's valid to fold expression like:
"4 - (sizetype) &c - (sizetype) ((int *) p1_8(D) + ((sizetype) a_23 * 24 + 4))"
to:
"((sizetype) -((int *) p1_8(D) + ((sizetype) a_23 * 24 + 4)) - (sizetype) &c) +
4"
It seems invalid to me, but if in any case it's valid, then problem is in
IVOPT/sanitizer which introduce operation on pointers converted into sizetype.
