From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id AD1AB3858D35; Tue,  4 Jul 2023 06:54:31 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AD1AB3858D35
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1688453671;
	bh=X3HxSvfqKrmOkb2H/l/bPrQsMIIJLndCjK8BiX7arik=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=BjwxukTyuT7WOSwlwwpiZ8BH1SvDbaj9TDc1QygRW/MLeKuUipDhhxyE8K9Nr4ysY
	 zAoVtlA8GvjlF8dTV+vFnxRJ6pERDsvMV0mfIKa6IcxGGk0Eenve9D5dnaX0BsDUd0
	 36znSDMRc14NW+AMz1nw26zqUkQaNzR5K9CSNSIs=
From: "rguenth at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug middle-end/110228] [13/14 Regression] llvm-16 miscompiled due
 to an maybe uninitialized variable
Date: Tue, 04 Jul 2023 06:54:31 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: middle-end
X-Bugzilla-Version: 14.0
X-Bugzilla-Keywords: wrong-code
X-Bugzilla-Severity: normal
X-Bugzilla-Who: rguenth at gcc dot gnu.org
X-Bugzilla-Status: ASSIGNED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: rguenth at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 13.2
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_status assigned_to
Message-ID: <bug-110228-4-KWi17gkDtY@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-110228-4@http.gcc.gnu.org/bugzilla/>
References: <bug-110228-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D110228

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|unassigned at gcc dot gnu.org      |rguenth at gcc dot =
gnu.org

--- Comment #27 from Richard Biener <rguenth at gcc dot gnu.org> ---
For the testcase in comment#16 we have ifcombine doing

   <bb 4> [local count: 477815112]:
-  if (v_12 =3D=3D 1)
-    goto <bb 6>; [34.00%]
-  else
-    goto <bb 5>; [66.00%]
-
-  <bb 5> [local count: 315357972]:
-  if (LookupFlags_5 !=3D 0)
-    goto <bb 6>; [50.00%]
+  _19 =3D v_12 =3D=3D 1;
+  _20 =3D LookupFlags_5 | _19;
+  if (_20 !=3D 0)
+    goto <bb 5>; [67.00%]

that at least accesses 'LookupFlags_5' without checking v_12 is either zero
or one.  This exposes an uninitialized read of LookupFlags_5 on the path
from entry, even actually at runtime.  PHI-OPT then makes tt value
dependent on this uninitialized variable and I suspect things go downhill
from there.

Note it's not obvious at all that 'LookupFlags_5' may be uninitialized here,
so ifcombine might need to use mark_ssa_maybe_undefs to try to conservative=
ly
catch those.=