https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114872
--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
I have looked at the IL and I don't see how it could crash that way based on
the -fdump-tree-optimized-lineno dump, neither on branch nor on the trunk.
On the branch, I see
<bb 286> [local count: 462566023]:
[element.c:26539:57 discrim 1] __pyx_t_5_522(ab) = 0B;
[/usr/include/python3.12/object.h:797:8] if (__pyx_t_6_211(ab) != 0B)
goto <bb 291>; [70.00%]
else
goto <bb 290>; [30.00%]
<bb 290> [local count: 462566023]:
[element.c:26540:57 discrim 1] __pyx_t_6_524(ab) = 0B;
[/usr/include/python3.12/object.h:797:8] if (__pyx_t_8_1031(ab) != 0B)
goto <bb 295>; [70.00%]
else
goto <bb 294>; [30.00%]
<bb 291> [local count: 323796219]:
[/usr/include/python3.12/object.h:242:25] _1105 =
[/usr/include/python3.12/object.h:242:25]
[/usr/include/python3.12/object.h:242:25] __pyx_t_6_211(ab)->D.10046.ob_refcnt;
[/usr/include/python3.12/object.h:242:13] _1106 = (int) _1105;
[/usr/include/python3.12/object.h:700:8 discrim 1] if (_1106 < 0)
goto <bb 290>; [26.36%]
else
goto <bb 292>; [73.64%]
<bb 292> [local count: 238443538]:
[/usr/include/python3.12/object.h:704:9] _1107 = _1105 + -1;
[/usr/include/python3.12/object.h:704:8]
[/usr/include/python3.12/object.h:704:13]
[/usr/include/python3.12/object.h:704:13] __pyx_t_6_211(ab)->D.10046.ob_refcnt
= _1107;
[/usr/include/python3.12/object.h:704:8] if (_1107 == 0)
goto <bb 293>; [33.00%]
else
goto <bb 290>; [67.00%]
<bb 293> [local count: 78686364]:
[/usr/include/python3.12/object.h:705:9] _Py_Dealloc (__pyx_t_6_211(ab));
goto <bb 290>; [100.00%]
so the 26540 line case checks if the pointer later passed to the _Py_Dealloc is
non-NULL and doesn't let it be called in that case.
