https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87899
--- Comment #1 from Renlin Li <renlin at gcc dot gnu.org> --- in tree-loop-distribution.c, distribution_loop function, I got the following code snippets. 30386: 0103cff4 4 OBJECT LOCAL DEFAULT 25 _ZL23bb_top_order_index_s 30387: 0103cff8 4 OBJECT LOCAL DEFAULT 25 _ZL18bb_top_order_index 30388: 0103cffc 4 OBJECT LOCAL DEFAULT 25 _ZL10ddrs_table 30389: 0103d000 4 OBJECT LOCAL DEFAULT 25 _ZL9loop_nest 30390: 0103d004 4 OBJECT LOCAL DEFAULT 25 _ZL12datarefs_vec r1 = 0x103cff4, which points to the local anchor area. r4 is the dynamically allocated has_table pointer which supposed to be store into ddrs_table, i.e. 0103cffc. 0x61a346 <distribute_loop(loop*, vec<gimple*, va_heap, vl_ptr>, control_dependences*, int*, bool*)+90>: strb r7, [r2, #0] 0x61a348 <distribute_loop(loop*, vec<gimple*, va_heap, vl_ptr>, control_dependences*, int*, bool*)+92>: str.w r7, [r8] 1=>0x61a34c <distribute_loop(loop*, vec<gimple*, va_heap, vl_ptr>, control_dependences*, int*, bool*)+96>: str.w r7, [r1, #12]! 0x61a350 <distribute_loop(loop*, vec<gimple*, va_heap, vl_ptr>, control_dependences*, int*, bool*)+100>: mov r5, r1 2=>0x61a352 <distribute_loop(loop*, vec<gimple*, va_heap, vl_ptr>, control_dependences*, int*, bool*)+102>: str r4, [r1, #8] 0x61a354 <distribute_loop(loop*, vec<gimple*, va_heap, vl_ptr>, control_dependences*, int*, bool*)+104>: str r0, [r4, #0] 0x61a356 <distribute_loop(loop*, vec<gimple*, va_heap, vl_ptr>, control_dependences*, int*, bool*)+106>: mov r0, r9 However, r1 is changed by the previous pre-indexed store at 0x61a34c (marked as 1). This makes the store later store the pointer in the wrong position. Later when accessing ddrs_table, it got a null pointer, eventually resulting in the ICE observed here. The full assembly is attached.
