------- Comment #5 from rakdver at gcc dot gnu dot org 2007-11-27 17:00 ------- > # of iteration analysis records an assumption that offset_46 >= 0. However, > this is simplified to true, as the value range of offset_46 is set to [0,0] by > vrp (which seems to be wrong); so the problem is probably somewhere else in > vrp.
So the problem is the following: we have a code like if (something) offset = 100; else offset = -100; while (offset > 0) offset--; if (offset == 0) launch_nuclear_rockets (); VRP starts simulating the code, first executing the true branch of the if (something) condition, getting offset = 100. It then proceeds with the loop, determining that number of iterations is offset (since we just now believe that offset==100, this is correct, without any assumptions), thus the final value of offset is 0 and the nuclear war always starts. Later, VRP evaluates the false branch of the if (something) condition, setting the value range of offset to [-100,100], and proceeds to re-evaluate the effects of the loop. However, scev caches the number of iterations of the loop, so it is not re-evaluated, and we keep believing that the number of iterations is always offset. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34244
