From the C++ testsuite, for source code file ./g++.dg/warn/Wplacement-new-size-5.C with gcc trunk version 207500 and compiler flag -O2, I get this: ../../trunk/gcc/poly-int.h:715:21: runtime error: signed integer overflow: 92233 72036854775807 + 1 cannot be represented in type 'long int' #0 0x331775c in poly_int<1u, long>& poly_int<1u, long>::operator+=<long>(pol y_int_pod<1u, long> const&) ../../trunk/gcc/poly-int.h:715 #1 0x331775c in get_addr_base_and_unit_offset_1(tree_node*, poly_int_pod<1u, long>*, tree_node* (*)(tree_node*)) ../../trunk/gcc/tree-dfa.c:796 #2 0x222248d in gimple_fold_stmt_to_constant_1(gimple*, tree_node* (*)(tree_ node*), tree_node* (*)(tree_node*)) ../../trunk/gcc/gimple-fold.c:6350 #3 0x36ea4f4 in ccp_fold ../../trunk/gcc/tree-ssa-ccp.c:1257 #4 0x36ea4f4 in evaluate_stmt ../../trunk/gcc/tree-ssa-ccp.c:1785
Hmm. We return signed offset because the maximum object size is half of the address space. So I think the code is OK and just invalid C input will produce undefined output here. Otherwise we'd need one bit more in precision and sacrifice speed of compilation quite a bit for this hot function.