https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81489
Bug ID: 81489
Summary: invalid phi argument used in
find_implicit_erroneous_behavior
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: vries at gcc dot gnu.org
Target Milestone: ---
In find_implicit_erroneous_behavior there's a loop:
...
/* We've got a NULL PHI argument. Now see if the
PHI's result is dereferenced within BB. */
FOR_EACH_IMM_USE_STMT (use_stmt, iter, lhs)
{
/* We only care about uses in BB. Catching cases in
in other blocks would require more complex path
isolation code. */
if (gimple_bb (use_stmt) != bb)
continue;
location_t loc = gimple_location (use_stmt)
? gimple_location (use_stmt)
: gimple_phi_arg_location (phi, i);
if (stmt_uses_name_in_undefined_way (use_stmt, lhs, loc))
{
duplicate = isolate_path (bb, duplicate, e,
use_stmt, lhs, false);
/* When we remove an incoming edge, we need to
reprocess the Ith element. */
next_i = i;
cfg_altered = true;
}
}
...
There's a problem with using 'gimple_phi_arg_location (phi, i)'.
The i is the index of the zero arg in the phi before the loop. But after
isolate_path is called, the phi has one arg less, and i is no longer the index
of the zero arg in the phi. So in the next iteration 'gimple_phi_arg_location
(phi, i)' returns something random.
Mostly we use the gimple_location (use_stmt), so the bug is not easy trigger.
We can make it easier to trigger by always using the loc of the phi argument:
...
location_t loc = gimple_phi_arg_location (phi, i);
...
