[Bug tree-optimization/106292] New: Wrong code with -O3

[vsevolod.livinskiy at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106292

            Bug ID: 106292
           Summary: Wrong code with -O3
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: vsevolod.livinskiy at gmail dot com
  Target Milestone: ---

The wrong optimization causes out-of-bounds array access, which leads to a
Segmentation fault. Unfortunately, I was not able to merge the reproducer into
a single file ([[gnu::noipa]] and __attribute__((noipa)) didn't work or I've
used them incorrectly). This looks like a recent bug because we started to
detect it on Tuesday (June 12th).

Reproducer:
//driver.cpp
#include <stdio.h>

bool var_0 = (bool)1;
unsigned int arr_44 = 3397135069U;
bool arr_8 [7];
short arr_61 [140];

void test();

int main() {
  test();
  printf("%u\n", arr_61[117]);
  if (arr_61[117] != 9)
    __builtin_abort();
}

//func.cpp
extern bool var_0;
extern unsigned arr_44;
extern bool arr_8[];
extern short arr_61[];
const unsigned &a(const unsigned &c, unsigned &f) { return f ? c : f; }
bool bar(bool c) { return c; }
void test() {
  for (int b = 0; b < 7; b += var_0)
    arr_8[b] = 1;
  for (int d = 0; d < bar(var_0) + 9; d++)
    for (unsigned e = 0; e < 14; e++)
      arr_61[d * e] = a(d, arr_44);
}

Error:
>$ g++ -O2 func.cpp driver.cpp && ./a.out 
9
>$ g++ -O3 func.cpp driver.cpp && ./a.out 
Segmentation fault (core dumped)

gcc version 13.0.0 20220713 (c479c40f8c8fee0fb70e8a365b61c55739f448e1)