https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109462
--- Comment #4 from Andrew Macleod <amacleod at redhat dot com> ---
In DOM3 I see
901970 range_on_entry (Result$16_552) to BB 120
<...>
Equivalence update! : _143 has range : [irange] TokenKind [22, 22] NONZERO
0x16 refining range to :[irange] TokenKind [22, 22] NONZERO 0x16
TRUE : (901970) range_on_entry (Result$16_552) [irange] TokenKind [22,
22] NONZERO 0x16
Because it thinks they are equivlaence, its refining the range to [22,22] which
is the value of _143 on that edge
this traces back to evaluating :
# Result$16_552 = PHI <_143(160), Result$16_453(D)(158)>
where we create an equivalence between Result$16_552 and _143 from bb160.
The reason it is creating the equivalence is because the value of
Result$16_453(D) is undefined. It is a local automatic with no initial value.
When evaluating PHIS, if an incoming range is UNDEFINED, we ignore that
edge/value as it can be anything we choose.
We choose to make it the same as the other argument which allows us to create
an equivlaence between the two.
unsigned short Result$16;
So this boils down to using an uninitialized value for Result$16.
Now the question is where did that come from.
void EmptyLocalizationContextChecker::MethodCrawler::VisitObjCMessageExpr
<...>
Token Result;
int p_count = 0;
while (!TheLexer.LexFromRawLexer(I)) {
if (I.getKind() == tok::l_paren)
++p_count;
if (I.getKind() == tok::r_paren) {
if (p_count == 1)
break;
--p_count;
}
Result = I;
}
IF the While loop does not execute, then result will be undefined on that edge.
The code leading to this PHI node is
<bb 119> [local count: 488466924]:
if (_143 == 22)
goto <bb 120>; [70.13%]
else
goto <bb 122>; [29.87%]
<bb 120> [local count: 251634481]:
if (p_count_732 == 1)
goto <bb 124>; [5.50%]
else
goto <bb 121>; [94.50%]
<bb 121> [local count: 237794584]:
p_count_88 = p_count_732 + -1;
<bb 122> [local count: 726261510]:
# p_count_45 = PHI <p_count_732(119), p_count_88(121), p_count_87(118)>
Result$UintData_449 = MEM <const UIntTy> [(struct Token *)&I + 4B];
Result$PtrData_172 = MEM <void * const> [(struct Token *)&I + 8B];
_439 = TheLexer.D.700857.LexingRawMode;
if (_439 != 0)
goto <bb 160>; [99.96%]
else
goto <bb 116>; [0.04%]
<bb 160> [local count: 725971006]:
So on the path to BB 160 comes from 122 which can come from 119,121 or 118. It
seems to be using the path oracle and following a path which comes
119->120->121->122->160. And on that path, the range is indeed [22, 22],
when it ignores the undefined possibility.
Still unclear if this is wrong or not here, and if it is, whetehr ti went wrong
earlier or not. still analyzing
