From e01012c459c931ae39558b019107226c232fa4d1 Mon Sep 17 00:00:00 2001
From: Richard Biener <rguenther@suse.de>
Date: Sun, 30 Jun 2024 11:34:43 +0200
Subject: [PATCH] tree-optimization/115701 - fix
 maybe_duplicate_ssa_info_at_copy

The following restricts copying of points-to info from defs that
might be in regions invoking UB and are never executed.

	PR tree-optimization/115701
	* tree-ssanames.cc (maybe_duplicate_ssa_info_at_copy):
	Only copy info from within the same BB.

	* gcc.dg/torture/pr115701.c: New testcase.

(cherry picked from commit b77f17c5feec9614568bf2dee7f7d811465ee4a5)
---
 gcc/testsuite/gcc.dg/torture/pr115701.c | 22 ++++++++++++++++++++++
 gcc/tree-ssanames.cc                    | 22 ++++++++--------------
 2 files changed, 30 insertions(+), 14 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/torture/pr115701.c

diff --git a/gcc/testsuite/gcc.dg/torture/pr115701.c b/gcc/testsuite/gcc.dg/torture/pr115701.c
new file mode 100644
index 00000000000..9b7c34b23d7
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/torture/pr115701.c
@@ -0,0 +1,22 @@
+/* { dg-do run } */
+/* IPA PTA disables local PTA recompute after IPA.  */
+/* { dg-additional-options "-fipa-pta" } */
+
+int a, c, d;
+static int b;
+int main()
+{
+  int *e = &a, **f = &e;
+  while (1) {
+    int **g, ***h = &f;
+    if (c)
+      *g = e;
+    else if (!b)
+      break;
+    *e = **g;
+    e = &d;
+  }
+  if (e != &a)
+    __builtin_abort();
+  return 0;
+}
diff --git a/gcc/tree-ssanames.cc b/gcc/tree-ssanames.cc
index 5ad7d117bd3..6c2525900ab 100644
--- a/gcc/tree-ssanames.cc
+++ b/gcc/tree-ssanames.cc
@@ -763,25 +763,19 @@ duplicate_ssa_name_range_info (tree name, tree src)
 void
 maybe_duplicate_ssa_info_at_copy (tree dest, tree src)
 {
+  /* While points-to info is flow-insensitive we have to avoid copying
+     info from not executed regions invoking UB to dominating defs.  */
+  if (gimple_bb (SSA_NAME_DEF_STMT (src))
+      != gimple_bb (SSA_NAME_DEF_STMT (dest)))
+    return;
+
   if (POINTER_TYPE_P (TREE_TYPE (dest))
       && SSA_NAME_PTR_INFO (dest)
       && ! SSA_NAME_PTR_INFO (src))
-    {
-      duplicate_ssa_name_ptr_info (src, SSA_NAME_PTR_INFO (dest));
-      /* Points-to information is cfg insensitive,
-	 but VRP might record context sensitive alignment
-	 info, non-nullness, etc.  So reset context sensitive
-	 info if the two SSA_NAMEs aren't defined in the same
-	 basic block.  */
-      if (gimple_bb (SSA_NAME_DEF_STMT (src))
-	  != gimple_bb (SSA_NAME_DEF_STMT (dest)))
-	reset_flow_sensitive_info (src);
-    }
+    duplicate_ssa_name_ptr_info (src, SSA_NAME_PTR_INFO (dest));
   else if (INTEGRAL_TYPE_P (TREE_TYPE (dest))
 	   && SSA_NAME_RANGE_INFO (dest)
-	   && ! SSA_NAME_RANGE_INFO (src)
-	   && (gimple_bb (SSA_NAME_DEF_STMT (src))
-	       == gimple_bb (SSA_NAME_DEF_STMT (dest))))
+	   && ! SSA_NAME_RANGE_INFO (src))
     duplicate_ssa_name_range_info (src, dest);
 }