https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105148
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|jakub at gcc dot gnu.org |unassigned at gcc dot
gnu.org
Status|ASSIGNED |NEW
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
This looks like an ivopts bug and I'm unfortunately not familiar enough with
that pass.
Before ivopts we have:
<bb 3> [local count: 8687547547]:
# i_2 = PHI <i_10(5), 0(2)>
# ivtmp_19 = PHI <ivtmp_11(5), 5(2)>
saved_stack.2_4 = __builtin_stack_save ();
foo ();
_6 = (sizetype) i_2;
_7 = _6 * 4;
y.1_8 = __builtin_alloca_with_align (_7, 32);
MEM <int[1][0:D.2027]> [(int[1][0:D.1996] *)y.1_8][5]{lb: 0 sz: _6 * 4}[i_2]
= 0;
__builtin_stack_restore (saved_stack.2_4);
i_10 = i_2 + 1;
ivtmp_11 = ivtmp_19 - 1;
if (ivtmp_11 != 0)
goto <bb 5>; [89.00%]
else
goto <bb 4>; [11.00%]
<bb 5> [local count: 7731917322]:
goto <bb 3>; [100.00%]
loop and ivopts decides to create a new unsigned long ivtmp.9 IV going from
0 with step 1. But it doesn't properly adjust the ARRAY_REF with sz:, so it
keeps referencing a freed SSA_NAME _6:
<bb 3> [local count: 8687547547]:
# ivtmp.9_5 = PHI <ivtmp.9_9(5), 0(2)>
_20 = (unsigned int) ivtmp.9_5;
i_2 = (int) _20;
saved_stack.2_4 = __builtin_stack_save ();
foo ();
_3 = ivtmp.9_5 * 4;
_7 = _3;
y.1_8 = __builtin_alloca_with_align (_7, 32);
MEM <int[1][0:D.2027]> [(int[1][0:D.1996] *)y.1_8][5]{lb: 0 sz: <<< error
>>>}[i_2] = 0;
__builtin_stack_restore (saved_stack.2_4);
ivtmp.9_9 = ivtmp.9_5 + 1;
if (ivtmp.9_9 != 5)
goto <bb 5>; [89.00%]
else
goto <bb 4>; [11.00%]
<bb 5> [local count: 7731917322]:
goto <bb 3>; [100.00%]
I believe it should use ivtmp.9_5 (printed as ivtmp.9_5 * 4).
