https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103121
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|WAITING |NEW
--- Comment #5 from Martin Sebor <msebor at gcc dot gnu.org> ---
I can reproduce the warning. It triggers for the store to *_23 in BB 13 below
(dumped by debug_ranger()), where _23 is the result of the alloca() call in BB
4 plus some offset. In BB 4, ranger sees two ranges for the alloca argument
_4: [0, 0][2, +INF] on the edge 4->16, and [1, 1] on 4->12. 4->12 dead-ends in
BB 14 with a call to fancy_abort(), so the edge that leads to BB 13 is 4->16.
But when we ask in BB 4 for _4's range we get VR_RANGE [1, 1]. That doesn't
seem right. Without any guidance as to which edge I'm interested in I'd expect
to either get the union of the two ranges, [0, +INF].
=========== BB 4 ============
Imports: _1
Exports: _1
_1 unsigned int VARYING
Equivalence set : [_1, _2]
Relational : (_4 != _1)
<bb 4> [local count: 118111600]:
_4 = _1 + 1;
grp_name_37 = __builtin_alloca (_4);
p_38 = _32->identifier.id.str;
q_39 = _35->identifier.id.str;
if (_1 != 0)
goto <bb 16>; [89.00%]
else
goto <bb 12>; [11.00%]
grp_name_37 : char * [1B, +INF]
4->16 (T) _1 : unsigned int [1, +INF]
4->16 (T) _4 : unsigned int [0, 0][2, +INF]
4->12 (F) _1 : unsigned int [0, 0]
4->12 (F) _4 : unsigned int [1, 1]
=========== BB 13 ============
Imports: diff_seen_24
Exports: diff_seen_24
diff_seen_24 bool VARYING
idx_47 size_t [1, +INF]
Relational : (_22 <= idx_47)
<bb 13> [local count: 105119324]:
_23 = grp_name_37 + idx_47;
*_23 = 0;
if (diff_seen_24 != 0)
goto <bb 15>; [100.00%]
else
goto <bb 14>; [0.00%]
_23 : char * [1B, +INF]
13->14 (F) diff_seen_24 : bool [0, 0]
13->15 (T) diff_seen_24 : bool [1, 1]
