https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121548
--- Comment #4 from GCC Commits <cvs-commit at gcc dot gnu.org> --- The releases/gcc-15 branch has been updated by Jeff Law <[email protected]>: https://gcc.gnu.org/g:52a0ccca9554dae85a72eb8ed3b8c670bfa30d6d commit r15-10281-g52a0ccca9554dae85a72eb8ed3b8c670bfa30d6d Author: Jeff Law <[email protected]> Date: Fri Aug 29 11:43:30 2025 -0600 [RISC-V][PR target/121548] Avoid bogus index into recog operand cache So the RISC-V port has attributes which indicate the index within the recog_data where certain operands will be found. For this BZ the default value for the merge_op_idx attribute on the given insn is "2". But the insn only has operands 0 & 1. So we do an out of bounds array access and boom the ICE/valgrind failure. As we discussed in the patchwork meeting, this is all a bit clunky and has been fairly error prone. This doesn't add any massive checking, but does introduce some asserts to help catch problems a bit earlier and clearer. In particular in cases where we're already asserting that the returned index is valid (!= INVALID_ATTRIBUTE) we also assert that the index is less than the total number of operands. In the get_vlmax_ta_preferred_avl routine it appears like we need to handle these two cases more gracefully as we apparently legitimately query for the merge_op_idx on a fairly arbitrary insn. We just have to make sure to not *use* the result if it's INVALID_ATTRIBUTE. So for that code we assert that merge_op_idx is either INVALID_ATTRIBUTE or smaller than the number of operands. This patch also adds overrides for 3 patterns to return INVALID_ATTRIBUTE for merge_op_idx, similar to how they already do for mode_idx and avl_type_idx. This has been bootstrapped and regression tested on the bpi & pioneer systems and regression tested for riscv32-elf and riscv64-elf. Waiting on CI before pushing. PR target/121548 gcc/ * config/riscv/riscv-avlprop.cc (get_insn_vtype_mode): Assert MODE_IDX is smaller than the number of operands. (simplify_replace_vlmax_avl): Similarly. (pass_avlprop::get_vlmax_ta_preferred_avl): Similarly. * config/riscv/vector.md: Override merge_op_idx computation for simple moves, just like is done for avl_type_idx and mode_idx. (cherry picked from commit 25bbc0f20a25a1db59baaf36d119ce274968747f)
