The crash here is caused by size_binop_loc getting operands of different types:
sizetype and ssizetype. Fixed by performing the computation in offset_int,
much as we do in fold_indirect_ref_1 (fixed in middle-end/81695).
Bootstrapped/regtested on x86_64-linux, ok for trunk?
2018-01-29 Marek Polacek <pola...@redhat.com>
PR c++/83996
* constexpr.c (cxx_fold_indirect_ref): Compute ((foo *)&fooarray)[1]
=> fooarray[1] in offset_int.
* g++.dg/ext/pr83996.C: New test.
diff --git gcc/cp/constexpr.c gcc/cp/constexpr.c
index 4d2ee4a28fc..0a1944f6dad 100644
--- gcc/cp/constexpr.c
+++ gcc/cp/constexpr.c
@@ -3143,11 +3143,17 @@ cxx_fold_indirect_ref (location_t loc, tree type, tree
op0, bool *empty_base)
tree min_val = size_zero_node;
if (type_domain && TYPE_MIN_VALUE (type_domain))
min_val = TYPE_MIN_VALUE (type_domain);
- op01 = size_binop_loc (loc, EXACT_DIV_EXPR, op01,
- TYPE_SIZE_UNIT (type));
- op01 = size_binop_loc (loc, PLUS_EXPR, op01, min_val);
- return build4_loc (loc, ARRAY_REF, type, op00, op01,
- NULL_TREE, NULL_TREE);
+ offset_int off = wi::to_offset (op01);
+ offset_int el_sz = wi::to_offset (TYPE_SIZE_UNIT (type));
+ offset_int remainder;
+ off = wi::divmod_trunc (off, el_sz, SIGNED, &remainder);
+ if (remainder == 0 && TREE_CODE (min_val) == INTEGER_CST)
+ {
+ off = off + wi::to_offset (min_val);
+ op01 = wide_int_to_tree (sizetype, off);
+ return build4_loc (loc, ARRAY_REF, type, op00, op01,
+ NULL_TREE, NULL_TREE);
+ }
}
/* Also handle conversion to an empty base class, which
is represented with a NOP_EXPR. */
diff --git gcc/testsuite/g++.dg/ext/pr83996.C gcc/testsuite/g++.dg/ext/pr83996.C
index e69de29bb2d..e663d728349 100644
--- gcc/testsuite/g++.dg/ext/pr83996.C
+++ gcc/testsuite/g++.dg/ext/pr83996.C
@@ -0,0 +1,11 @@
+// PR c++/83996
+// { dg-do compile }
+// { dg-options "" }
+
+int z[] = { };
+
+int
+main (void)
+{
+ __builtin_printf ("%d\n", *(z + 1));
+}
Marek
