https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82585
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> --- (In reply to Richard Biener from comment #1) > Probably one form is folded to &a[4] and p->a + 4 is not folded to &p->a[4]. That's right. (a + 4) is MEM_REF (char[3], ADDR_EXPR (char[3], VAR_DECL (a))) and (p->a + 4 is) MEM_REF (char[3], SSA_NAME (p), 4). The latter makes it impossible to tell the invalid (p->a + 10) from the valid (p[1].a + 2). But maybe it's not completely hopeless. Even if we can't tell whether the result of the pointer addition is derived from a pointer to the same subobject, it should be possible to determine whether or not the resulting pointer points to the same subobject (or at least one of the same type) as the original pointer. That doesn't detect all kinds of problems but it detects the worst kind: using a pointer to T to access a subobject of type U.
