https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93134
--- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> ---
But, confirmed. With in-tree ISL:
rogram received signal SIGSEGV, Segmentation fault.
0x0000000002447d44 in isl_basic_map_underlying_set (bmap=0x0)
at /tmp/trunk/isl/isl_map.c:5515
5515 space = isl_space_underlying(space, bmap->n_div);
(gdb) bt
#0 0x0000000002447d44 in isl_basic_map_underlying_set (bmap=0x0)
at /tmp/trunk/isl/isl_map.c:5515
#1 0x00000000023f0fc0 in equalities_in_underlying_set (bmap=0x3779510)
at /tmp/trunk/isl/isl_affine_hull.c:860
#2 0x00000000023f11ba in isl_basic_map_detect_equalities (bmap=0x3779510)
at /tmp/trunk/isl/isl_affine_hull.c:919
#3 0x00000000023f1374 in isl_basic_set_detect_equalities (bset=0x3779510)
at /tmp/trunk/isl/isl_affine_hull.c:952
#4 0x0000000002465c0a in uset_gist (bset=0x0, context=0x3779510)
at /tmp/trunk/isl/isl_map_simplify.c:2702
#5 0x0000000002466a13 in isl_basic_map_gist (bmap=0x3836370,
context=0x38242f0) at /tmp/trunk/isl/isl_map_simplify.c:3176
#6 0x0000000002466cd9 in isl_map_gist_basic_map (map=0x37f56e0,
context=0x3929240) at /tmp/trunk/isl/isl_map_simplify.c:3234
#7 0x00000000024677d5 in map_gist (map=0x38118f0, context=0x38dc310)
at /tmp/trunk/isl/isl_map_simplify.c:3601
#8 0x000000000243d9b7 in isl_map_align_params_map_map_and (map1=0x38118f0,
map2=0x38dc310, fn=0x24675f3 <map_gist>) at /tmp/trunk/isl/isl_map.c:1531
#9 0x000000000246782b in isl_map_gist (map=0x38118f0, context=0x38dc310)
at /tmp/trunk/isl/isl_map_simplify.c:3611
#10 0x0000000002467a09 in isl_map_gist_domain (map=0x38118f0,
context=0x377ec30) at /tmp/trunk/isl/isl_map_simplify.c:3661
#11 0x00000000024f256b in bin_add_pair (res=0x37b2cc0, map1=0x38118f0,
#12 0x00000000024f27f7 in gen_bin_entry (entry=0x377f478, user=0x7fffffffd5c0)
at /tmp/trunk/isl/isl_union_map.c:957
#13 0x000000000242a86a in isl_hash_table_foreach (ctx=0x37597e0,
table=0x3780a90, fn=0x24f2742 <gen_bin_entry>, user=0x7fffffffd5c0)
at /tmp/trunk/isl/isl_hash.c:207
#14 0x00000000024f28f1 in gen_bin_op (umap1=0x3780a80, umap2=0x378cc60,
control=0x7fffffffd610) at /tmp/trunk/isl/isl_union_map.c:982
#15 0x00000000024f34d5 in union_map_gist_domain (umap=0x3780a80,
uset=0x378cc60) at /tmp/trunk/isl/isl_union_map.c:1390
#16 0x00000000024f351f in isl_union_map_gist_domain (umap=0x3780a80,
uset=0x378cc60) at /tmp/trunk/isl/isl_union_map.c:1403
#17 0x0000000002142e2b in optimize_isl (scop=0x36458d0)
at /tmp/trunk/gcc/graphite-optimize-isl.c:128
#18 0x0000000002143307 in apply_poly_transforms (scop=0x36458d0)
at /tmp/trunk/gcc/graphite-optimize-isl.c:211
looks like isl_basic_map_cow can return NULL but the code doesn't check that:
Breakpoint 5, isl_basic_map_underlying_set (bmap=0x376f1b0)
at /tmp/trunk/isl/isl_map.c:5513
5513 bmap = isl_basic_map_cow(bmap);
(gdb) l
5508 if (bmap->dim->nparam == 0 && bmap->dim->n_in == 0 &&
5509 bmap->n_div == 0 &&
5510 !isl_space_is_named_or_nested(bmap->dim, isl_dim_in) &&
5511 !isl_space_is_named_or_nested(bmap->dim, isl_dim_out))
5512 return bset_from_bmap(bmap);
5513 bmap = isl_basic_map_cow(bmap);
5514 space = isl_basic_map_take_space(bmap);
5515 space = isl_space_underlying(space, bmap->n_div);
5516 bmap = isl_basic_map_restore_space(bmap, space);
5517 if (!bmap)
it can return NULL via isl_basic_map_dup ending up with a NULL
dup from isl_basic_map_alloc_space. We do
isl_basic_map_alloc_space (space=0x3a29240, extra=0, n_eq=0, n_ineq=22)
and isl_calloc_type fails via
101 if (isl_ctx_next_operation(ctx) < 0)
102 return NULL;
because ctx->max_operations && ctx->operations >= ctx->max_operations
so the segfault is clearly an ISL bug.
