https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108721
Jakub Jelinek <jakub at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED --- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> --- Ok, trying the original testcase compiled with -O0 -g and awatch g_95.f1 in gdb, g_95.f0 is read/modified directly, then (*p_9) = (((**g_412) = ((safe_mod_func_uint8_t_u_u(p_10, (safe_div_func_uint32_t_u_u(((safe_lshift_func_uint8_t_u_u(((safe_lshift_func_int16_t_s_s((((&g_95 != &g_95) || ((*g_86) = (g_613[1] || (*g_245)))) | (l_799 < 0UL)), 1)) ^ (p_10 == (0x95L != 247UL))), p_10)) , l_799), 5L)))) >= 0x7BC3L)) < l_799); stores 0 to it through int64_t * (g_412[0] is &g_95.f1) and is read from it immediately again. Then (*l_871) = (safe_mul_func_int8_t_s_s(((1UL > ((void*)0 == l_871)) < (--(*l_873))), ((l_876 , ((*l_878) = l_877)) > (safe_sub_func_int8_t_s_s(((safe_sub_func_uint64_t_u_u(((safe_div_func_int16_t_s_s((((safe_sub_func_uint8_t_u_u((((l_887 != l_888) != ((safe_add_func_uint64_t_u_u((*l_3), (((--g_118.f0) > ((*l_872) = (*l_871))) , g_594))) || l_894)) == g_20.f0), (*l_3))) | (*l_3)) > 4294967288UL), g_207[3][7][2])) > 0xCA172E9FL), (*l_3))) < 1L), 0UL))))); reads it through uint16_t * pointer l_873. I think that is enough UBs to mark this as invalid.