https://gcc.gnu.org/bugzilla/show_bug.cgi?id=122003
Bug ID: 122003
Summary: Premature assignment to return value for
interprocedural case in -fanalyzer
Product: gcc
Version: 16.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
See e.g.:
https://dmalcolm.fedorapeople.org/gcc/2025-06-05/state-diagram-1.c.html
and press 'j' twice to highlight event (2).
The state diagram shows that the analyzer is erroneously considering a write to
"_1" in the frame of "test" for the return value of the call to "append_value"
of a CONJURED_VALUE at the *call* (not the return).
It's getting this wrong; the return value isn't written to until append_value
returns (which it correctly captures at event (8)).
The issue seems to be that the gcall is partially handled intraprocedurally,
then interprocedurally for this case. We should probably more rigidly separate
these two cases:
(a) interprocedural calls and returns, and
(b) intraprocedural simulations of the effect of a call
so that we only consider (a) or (b) at each superedge (and the analysis plan
probably should decide which approach to take).
Idea: supernodes shouldn't have final gcall stmts in them, these should be
thought of as part of the out-edges, so that all handling of the call happens
along a superedge.
