https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114056
Bug ID: 114056
Summary: ifcvt may introduce use of uninitialized variables
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: kristerw at gcc dot gnu.org
Target Milestone: ---
The ifcvt pass may make the code more UB by doing operations on uninitialized
variables, which can be seen by compiling the following (from
gcc.c-torture/compile/pr80422.c) with -O2 for X86_64:
int a, c, f;
short b, d, e;
int fn1 (int h)
{
return a > 2 || h > a ? h : h << a;
}
void fn2 ()
{
int j, k;
while (1)
{
k = c && b;
f &= e > (fn1 (k) && j);
if (!d)
break;
}
}
What is happening here is that .LOOP_VECTORIZED (1, 2) != 0 branches to bb 16
with _17 uninitialized, which is then used in some calculations:
_34 = .LOOP_VECTORIZED (2, 3);
if (_34 != 0)
goto <bb 45>; [100.00%]
else
goto <bb 46>; [100.00%]
<bb 45> [local count: 77953654]:
<bb 16> [local count: 708669600]:
# _13 = PHI <_24(27), _17(D)(45)>
_18 = _13 <= 0;
_14 = _9 & _18;
_27 = _13 > 0;
_28 = _9 & _27;
_29 = _13 < -29020049;
_30 = ~_29;
_31 = _14 & _30;
_12 = _15 ? _3 : _13;
_42 = (unsigned int) _12;
_43 = _42 * 4294967222;
_32 = _15 | _28;
_33 = _31 | _32;
_23 = _33 ? _43 : 4294967222;
_24 = _33 ? _12 : _13;
if (x_6(D) > _23)
goto <bb 9>; [11.00%]
else
goto <bb 27>; [89.00%]
This does not affect the result, but the discussion about the semantics of
uninitialized variables on the mailing list a while back concluded that
operations on uninitialized data is UB (with a few exceptions related to moving
data...).
