[Bug tree-optimization/99220] [11 Regression] ICE during vectorization when multiple instances do the same calculation but have different num lanes

cvs-commit at gcc dot gnu.org via Gcc-bugs Wed, 24 Feb 2021 07:17:42 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99220


--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Tamar Christina <tnfch...@gcc.gnu.org>:

https://gcc.gnu.org/g:6c35e79b47ab582e18d851f6c5df776bac766eaf

commit r11-7359-g6c35e79b47ab582e18d851f6c5df776bac766eaf
Author: Tamar Christina <tamar.christ...@arm.com>
Date:   Wed Feb 24 15:16:23 2021 +0000

    slp: fix accidental resource re-use of slp_tree (PR99220)

    The attached testcase shows a bug where two nodes end up with the same
pointer.
    During the loop that analyzes all the instances
    in optimize_load_redistribution_1 we do

          if (value)
            {
              SLP_TREE_REF_COUNT (value)++;
              SLP_TREE_CHILDREN (root)[i] = value;
              vect_free_slp_tree (node);
            }

    when doing a replacement.  When this is done and the refcount for the node
    reaches 0, the node is removed, which allows the libc to return the pointer
    again in the next call to new, which it does..

    First instance

    note:   node 0x5325f48 (max_nunits=1, refcnt=2)
    note:   op: VEC_PERM_EXPR
    note:           { }
    note:           lane permutation { 0[0] 1[1] 0[2] 1[3] }
    note:           children 0x5325db0 0x5325200

    Second instance

    note:   node 0x5325f48 (max_nunits=1, refcnt=1)
    note:   op: VEC_PERM_EXPR
    note:           { }
    note:           lane permutation { 0[0] 1[1] }
    note:           children 0x53255b8 0x5325530

    This will end up with the illegal construction of

    note:   node 0x53258e8 (max_nunits=2, refcnt=2)
    note:   op template: slp_patt_57 = .COMPLEX_MUL (_16, _16);
    note:           stmt 0 _16 = _14 - _15;
    note:           stmt 1 _23 = _17 + _22;
    note:           children 0x53257d8 0x5325d28
    note:   node 0x53257d8 (max_nunits=2, refcnt=3)
    note:   op template: l$b_4 = MEM[(const struct a &)_3].b;
    note:           stmt 0 l$b_4 = MEM[(const struct a &)_3].b;
    note:           stmt 1 l$c_5 = MEM[(const struct a &)_3].c;
    note:           load permutation { 0 1 }
    note:   node 0x5325d28 (max_nunits=2, refcnt=8)
    note:   op template: l$b_4 = MEM[(const struct a &)_3].b;
    note:           stmt 0 l$b_4 = MEM[(const struct a &)_3].b;
    note:           stmt 1 l$c_5 = MEM[(const struct a &)_3].c;
    note:           stmt 2 l$b_4 = MEM[(const struct a &)_3].b;
    note:           stmt 3 l$c_5 = MEM[(const struct a &)_3].c;
    note:           load permutation { 0 1 0 1 }

    To prevent this we remove the node from the load_map if it's
    about to be deleted.

    gcc/ChangeLog:

            PR tree-optimization/99220
            * tree-vect-slp.c (optimize_load_redistribution_1): Remove
            node from cache when it's about to be deleted.

    gcc/testsuite/ChangeLog:

            PR tree-optimization/99220
            * g++.dg/vect/pr99220.cc: New test.

[Bug tree-optimization/99220] [11 Regression] ICE during vectorization when multiple instances do the same calculation but have different num lanes

Reply via email to