https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101419
--- Comment #6 from Richard Biener <rguenth at gcc dot gnu.org> --- Nothing can "fix" __builtin_object_size here (on sub-objects) without changing how we represent and CSE addresses, esp. if you consider inlining where we want to interpret __builtin_object_size (p, ..) as having passed not literal 'p' but the value 'p' has at this point. Thus any pointer CSE that happens on the value of 'p' before inlining happens will "break" our expectation on it. So suppose for a moment we'd have ADDR_WITH_SIZE_EXPR <obj, size-cst> which we could lower to just ADDR_EXPR after the final object-size pass. Then during all early opts we couldn't CSE addresses with different sizes or simplify equality conditionals on them. And we'd have to do that everywhere as for example an LTO link might expose a caller/callee with __builtin_object_size. Maybe we could somehow lower ADDR_WITH_SIZE_EXPR that do not "escape" (but we'd need to compute that). That said, my point is that sth like __builtin_object_size is quite fundamentally broken [for an optimizing compiler].
