[Bug rtl-optimization/122572] New: Segmentation fault on aarch64 building with -O2, no issue with -O2 -fschedule-insns

[ema at debian dot org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=122572

            Bug ID: 122572
           Summary: Segmentation fault on aarch64 building with -O2, no
                    issue with -O2  -fschedule-insns
           Product: gcc
           Version: 15.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: rtl-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: ema at debian dot org
  Target Milestone: ---

Created attachment 62716
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=62716&action=edit
Reproducer for aarch64 -O2 issue

We found a GCC-15 regression in Debian on aarch64, here is the original issue
affecting netpbm-free: https://bugs.debian.org/1119850

The problem is reproducible by building one of the tests of netpbm-free with
-O2, whereas with -O2 -fschedule-insns the program does not segfault. When
building the program with -O2, the register x3 is set to 0 before calling a
function that uses x3 in a ldr instruction. The value of x3 is a meaningful
address when it comes to the code generated with -fschedule-insns instead. This
is a regression because GCC-14 included -fschedule-insns among the options
enabled by -O2, but GCC-15 does not.

I replicated a similar behavior in a self-contained reproducer, which you can
find attached.

$ gcc -O2 -fschedule-insns x3_scheduling.c && ./a.out && echo OK
OK

$ gcc -O2 x3_scheduling.c && ./a.out || echo KO
Segmentation fault         ./a.out
KO

$ gcc --version | head -1
gcc (Debian 15.2.0-7) 15.2.0

With gdb:

(gdb) break pm_optParseOptions4_stub 
Breakpoint 1 at 0x880: file x3_scheduling.c, line 133.
(gdb) info registers x3
x3             0x0                 0
(gdb) next

Program received signal SIGSEGV, Segmentation fault.
0x0000aaaaaaaa0884 in pm_optParseOptions4_stub
(argcP=argcP@entry=0xfffffffff1f4, argv=argv@entry=0xfffffffff398, opt=..., 
    optionSize=optionSize@entry=16, flags=flags@entry=0) at x3_scheduling.c:133
133         table->flags = 42;
(gdb) disassemble 
Dump of assembler code for function pm_optParseOptions4_stub:
   0x0000aaaaaaaa0880 <+0>:     mov     w0, #0x2a                       // #42
=> 0x0000aaaaaaaa0884 <+4>:     str     w0, [x3, #40]
   0x0000aaaaaaaa0888 <+8>:     ret
End of assembler dump.

The value of x3 is as follows when hitting the breakpoint with the code emitted
with -fschedule-insns:

(gdb) info registers x3
x3             0xaaaaaaac0040      187649984561216
(gdb) next
main (argc=<optimized out>, argv=0xfffffffff398) at x3_scheduling.c:122
122         return 0;