https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108721
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|UNCONFIRMED |RESOLVED
--- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Ok, trying the original testcase compiled with -O0 -g and awatch g_95.f1 in
gdb,
g_95.f0 is read/modified directly, then
(*p_9) = (((**g_412) = ((safe_mod_func_uint8_t_u_u(p_10,
(safe_div_func_uint32_t_u_u(((safe_lshift_func_uint8_t_u_u(((safe_lshift_func_int16_t_s_s((((&g_95
!= &g_95) || ((*g_86) = (g_613[1] || (*g_245)))) | (l_799 < 0UL)), 1)) ^ (p_10
== (0x95L != 247UL))), p_10)) , l_799), 5L)))) >= 0x7BC3L)) < l_799);
stores 0 to it through int64_t * (g_412[0] is &g_95.f1) and is read from it
immediately again.
Then
(*l_871) = (safe_mul_func_int8_t_s_s(((1UL > ((void*)0 == l_871)) <
(--(*l_873))), ((l_876 , ((*l_878) = l_877)) >
(safe_sub_func_int8_t_s_s(((safe_sub_func_uint64_t_u_u(((safe_div_func_int16_t_s_s((((safe_sub_func_uint8_t_u_u((((l_887
!= l_888) != ((safe_add_func_uint64_t_u_u((*l_3), (((--g_118.f0) > ((*l_872) =
(*l_871))) , g_594))) || l_894)) == g_20.f0), (*l_3))) | (*l_3)) >
4294967288UL), g_207[3][7][2])) > 0xCA172E9FL), (*l_3))) < 1L), 0UL)))));
reads it through uint16_t * pointer l_873. I think that is enough UBs to mark
this as invalid.
