https://gcc.gnu.org/bugzilla/show_bug.cgi?id=120981
Bug ID: 120981 Summary: Vectorizer introduces UB address calculation Product: gcc Version: 16.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: kristerw at gcc dot gnu.org Target Milestone: --- The vectorizer introduces an invalid address calculation for the function below when compiled for AArch64 with "-O3 -march=armv9.5-a -fno-strict-aliasing". void f(int n, int y, char *arr_2, char *arr_6) { for (int i = y; i < n; i++) arr_6[i] = arr_6[i] ? (arr_2[i] ? 3 : 8) : 1; } The problem occurs when arr_6[i] is always 0. arr_2 does not in that case need to be a valid pointer as it is not accessed, but the vectorized code must performs the address calculation, and it is possible that the address calculation overflows or results in 0, which both are UB. The input to the vectorizer seems to correctly have worked around this in the .LOOP_VECTORIZED code, where the address calculations are done by first casting the pointer to unsigned long. But the vectorizer changes this to use pointer arithmetic, which may trigger the UB.