https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93381
--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> --- The reason this breaks is we treat literal integer constants as pointing to nonlocal memory, not considering pointing to automatic objects (s in this case). And a plain PLUS_EXPR is handled as merge operator (compared to POINTER_PLUS_EXPR which does offsetting with pointer semantic constraints). A conservative fix is to treat literal integer constants as pointing to anything. A more elaborate fix would try to do offsetting without pointer constraints [when it's clear which operand is the pointer and which the offset]. Note when tracking points-to sets of integers we basically treat them as pointers so i + j would offset a pointer with a pointer which doesn't make too much sense so a merge is most sensible (we treat all "unhandled" operators that way, assuming you can never create pointers to objects not originally referenced out of thin air). PVNI side-steps this completely by not tracking provenance of non-pointers IIRC.
