https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111559
--- Comment #4 from Sergei Trofimovich <slyfox at gcc dot gnu.org> ---
Looks like identical code folding creates uninitialized profile counters if
there are any edges in folded functions.
I think cvise did a decent job extracting the reproducer below. Here is a
single-file trigger on `--enable-checking=yes` `gcc` from `master`:
```
// $ cat bug.c
__attribute__((noipa)) static void edge(void) {}
static void rule1(int *p) {
edge();
if (*p) edge();
}
static void rule1_same(int *p) {
edge();
if (*p) edge();
}
__attribute__((noipa)) int main(void) {
int p = 0;
rule1(&p);
rule1_same(&p);
}
```
Trigger:
```
$ echo PG
$ gcc -O2 -fprofile-generate bug.c -o b -fopt-info
$ echo RUN
$ ./b
$ echo PU
$ gcc -O2 -fprofile-use -fprofile-correction bug.c -o b -fopt-info
```
Running:
```
PG
$ gcc -O2 -fprofile-generate bug.c -o b -fopt-info
bug.c:15:5: optimized: Inlined rule1.constprop/28 into main/3 which now has
time 75.280000 and size 51, net change of -6.
bug.c:16:5: optimized: Inlined rule1_same.constprop/27 into main/3 which now
has time 94.560000 and size 72, net change of -6.
RUN
$ ./b
PU
$ gcc -O2 -fprofile-use -fprofile-correction bug.c -o b -fopt-info
bug.c:3:13: optimized: Semantic equality hit:rule1/1->rule1_same/2
bug.c:3:13: optimized: Assembler symbol names:rule1/1->rule1_same/2
bug.c:15:5: optimized: Inlined rule1.constprop/5 into main/3 which now has
time 26.000000 and size 10, net change of +2.
bug.c:16:5: optimized: Inlined rule1.constprop/4 into main/3 which now has
time 27.000000 and size 12, net change of -6.
bug.c: In function 'main':
bug.c:13:28: error: probability of edge 3->4 not initialized
13 | __attribute__((noipa)) int main(void) {
| ^~~~
bug.c:13:28: error: probability of edge 5->6 not initialized
during IPA pass: inline
bug.c:13:28: internal compiler error: verify_flow_info failed
```
