miscompile when IndVarSimplify turns a float induction variable into an int?

[regehr]

IndVarSimplify can turn a float induction variable into an integer, but this isn't behavior-preserving when we get out of the range that can be represented exactly. it seems like an extra safety check on this transformation is needed.

~$ cat foo.c
void bar(void);

void foo(void) {
    for (float f = 25.0; f <= 100000000.0; f += 17.0)
        bar();
}
~$ cat bar.c
#include <stdio.h>

long cnt;

void bar(void) {
  ++cnt;
}

void foo(void);

int main(void) {
  foo();
  printf("%ld\n", cnt);
}
~$ clang -O0 foo.c bar.c && ./a.out
6188318
~$ clang -O1 foo.c bar.c && ./a.out
5882352
~$

[nelhage]

Single-file reproducer via __attribute__((noinline)) (godbolt link):

#include <stdio.h>

unsigned long count;
void __attribute__((noinline)) bar() {
    count += 1;
}

void foo(void) {
    for (float f = 25.0; f <= 100000000.0; f += 17.0)
        bar();
}

int main() {
    foo();
    printf("%ld\n", count);
}