[Bug middle-end/78081] -Wmaybe-initialized false-alarm regression for Emacs regex.c (jump threading fallout)

[Bug middle-end/78081] -Wmaybe-initialized false-alarm regression for Emacs regex.c (jump threading fallout)

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78081

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |msebor at gcc dot gnu.org
      Known to fail|5.4.0, 6.3.0, 7.0.1, 8.0    |10.2.0, 11.0, 5.5.0, 6.4.0,
                   |                            |7.2.0, 8.3.0, 9.1.0

--- Comment #4 from Martin Sebor <msebor at gcc dot gnu.org> ---
Reconfirmed with GCC 11 and both the original test case as well as the reduced
test case below.  The warning is augmented to print a couple of notes, the
first showing the condition under which the variable is determined to be
uninitialized, and the second the condition under which it's used.  The
expressions printed in the notes: (s == 0) and (s != 0 && (f (s_23) != 1), are
clearly mutually exclusive but the warning has recorded '(.NOT.) _1 == 1
(.AND.) s_23 != 0B' as the used condition and doesn't have the smarts to figure
out that the s_23 PHI <s_3(5), 0B(10)>  is equal to s_3(5) in bb 8.

$ cat pr78081.c && gcc -O2 -S -Wall -fdump-tree-uninit=/dev/stdout pr78081.c
extern int f (const char *);

int g (const char *s0, const char *s1)
{
  for (const char *s = s1; ; )
    {
      long i;

      if (s)
        i = s - s0;

      if (f (s) == 1)
        break;

      if (s)
        s = i + s0;
    }

  return -1;
}

;; Function g (g, funcdef_no=0, decl_uid=1946, cgraph_uid=1, symbol_order=0)
...
Testing if this predicate:  (.NOT.) s_3 != 0B                                 
<<< s != 0
...can be invalidated by a USE guard of:  (.NOT.) _1 == 1 (.AND.) s_23 != 0B  
<<< s != 0
[BEFORE SIMPLICATION -- [USE]:
i.0_2 = (sizetype) i_22;
is guarded by :

 (.NOT.) _1 == 1 (.AND.) s_23 != 0B


[BEFORE NORMALIZATION --[USE]:
i.0_2 = (sizetype) i_22;
is guarded by :

 (.NOT.) _1 == 1 (.AND.) s_23 != 0B


[AFTER NORMALIZATION -- [USE]:
i.0_2 = (sizetype) i_22;
is guarded by :

s_23 != 0B (.AND.)  (.NOT.) _1 == 1


[CHECK]: Found unguarded use: i.0_2 = (sizetype) i_22;

pr78081.c: In function ‘g’:
pr78081.c:16:15: warning: ‘i’ may be used uninitialized in this function
[-Wmaybe-uninitialized]
   16 |         s = i + s0;
      |             ~~^~~~
pr78081.c:7:12: note: when ‘s == 0’
    7 |       long i;
      |            ^
pr78081.c:7:12: note: used when ‘s != 0 && f (s_23) != 1’
pr78081.c:7:12: note: ‘i’ was declared here


int g (const char * s0, const char * s1)
{
  long int i;
  const char * s;
  int _1;
  sizetype i.0_2;

  <bb 2> [local count: 118111598]:

  <bb 3> [local count: 787052758]:
  # s_3 = PHI <s_13(8), s1_7(D)(2)>
  # i_4 = PHI <i_22(8), i_8(D)(2)>   <<< i_8(D) is uninitialized
  if (s_3 != 0B)
    goto <bb 4>; [90.32%]
  else
    goto <bb 11>; [9.68%]

  <bb 11> [local count: 76166394]:
  goto <bb 5>; [100.00%]

  <bb 4> [local count: 751619280]:
  i_11 = s_3 - s0_10(D);

  <bb 5> [local count: 827785674]:     <<< s_3 != 0
  # i_22 = PHI <i_4(11), i_11(4)>      <<< (2)

  <bb 6> [local count: 1073741824]:
  # s_23 = PHI <s_3(5), 0B(10)>        <<< s_23
  _1 = f (s_23);
  if (_1 == 1)
    goto <bb 9>; [11.00%]
  else
    goto <bb 7>; [89.00%]

  <bb 7> [local count: 955630225]:
  if (s_23 != 0B)                      <<< s_23 != 0
    goto <bb 8>; [70.00%]
  else
    goto <bb 10>; [30.00%]

  <bb 10> [local count: 286689065]:
  goto <bb 6>; [100.00%]

  <bb 8> [local count: 668941161]:     <<< s_23 != 0
  i.0_2 = (sizetype) i_22;             <<< (1)
  s_13 = s0_10(D) + i.0_2;             <<< use: -Wmaybe-uninitialized
  goto <bb 3>; [100.00%]

  <bb 9> [local count: 118111600]:
  return -1;

}

[Bug middle-end/78081] -Wmaybe-initialized false-alarm regression for Emacs regex.c (jump threading fallout)

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78081

--- Comment #5 from Martin Sebor <msebor at gcc dot gnu.org> ---
But... the reduced test case started triggering -Wmaybe-uninitialized in
r11-3685 while the original test case always has, so maybe I went too far with
the reduction and there are actually two bugs going on here.

[Bug middle-end/78081] -Wmaybe-initialized false-alarm regression for Emacs regex.c (jump threading fallout)

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78081

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|2018-09-16 00:00:00         |2022-7-29

--- Comment #6 from Richard Biener <rguenth at gcc dot gnu.org> ---
Re-confirmed (the reduced testcase no longer warns in GCC 12+).