As noted in PR45210: https://bugs.llvm.org/show_bug.cgi?id=45210
...the bug is triggered as Eli say when sext(idx) * ElementSize overflows.
// assume that GV is an array of 4-byte elements
GEP = gep GV, 0, Idx1Idx // this is accessing Idx * 4
L = load GEP
ICI = icmp eq GEPL, value
ICI = icmp eq (Idx * ElementSize)Idx, NewIdx
The foldCmpLoadFromIndexedGlobal function simplifies GEP+load operation to icmp.
And there is a problem because Idx * ElementSize can overflow.
Let's assume that ElementSize is 12, and the wanted value is at offset 0.
Then, there are actually four possible values for Idx to match offset 0: 0x00..00, 0x40..00, 0x80..00, 0xC0..00.
We should return true for all these values, but currently, wethe new icmp only returns true for 0x00..00.
This problem can be solved throughby masking off (trailing zeros of ElementSize) bits from Idx.
Idx' = and Idx, 0x3F..FF
ICI = icmp eq Idx', NewIdx