https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108903
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
>
> I realize that the statement `*f = *(d + 1)` may have been optimized out and
> it is indeed according to the optimized tree:
>
> $ gcc-tk a.c -Os -fsanitize=address -fdump-tree-optimized=/dev/stdout
> ...
> bb 3> [local count: 1014686024]:
> ivtmp.23_58 = ivtmp.23_34 + 1;
> if (_3 != 0)
> goto <bb 4>; [5.50%]
> else
> goto <bb 7>; [94.50%]
>
> <bb 4> [local count: 55807731]:
> _49 = (unsigned long) &MEM[(int *)&e + 4B];
> _43 = _49 >> 3;
> _10 = _43 + 2147450880;
> ..
> $
Good, we can close it then.
>
> So the ASAN checking branch won't be executed. However, when I check the
> generated ASM, I find that the `e+4` has been used. I wonder if some later
> passes promote the overflowed instructions from a dead part. If yes, this is
> potentially very dangerous.
It's address of e + 4, which is fine.
