On Sun, 2 Jul 2017, Tom de Vries wrote:
> Hi,
>
> consider this test-case:
> ...
> unsigned a;
> int b, c;
>
> static int
> fn1 (int p1, int p2)
> {
> return p1 > 2147483647 - p2 ? p1 : p1 + p2;
> }
>
> void
> fn2 (void)
> {
> int j;
> a = 30;
> for (; a;)
> for (; c; b = fn1 (j, 1))
> ;
> }
> ...
>
> When compiling the test-case with -Os, just before tail-merge it looks as in
> before.pdf.
>
> During tail-merge, it runs into a sigsegv.
>
> What happens is the following:
> - tail-merge decides to merge blocks 4 and 6, and removes block 6.
> - bb8, a predecessor of block 6, is marked as member of
> deleted_bb_preds.
> - during update_worklist, same_succ_flush_bb is called for bb8
> - same_succ_flush_bb runs into a sigsegv because
> BB_SAME_SUCC (bb8) == NULL
> - the reason that BB_SAME_SUCC (bb8) == NULL, is because it hit the
> bb->loop_father->latch == bb clause in find_same_succ_bb at the start
> of the tail-merge pass.
>
> This patch fixes the sigsegv by doing an early-out in same_succ_flush_bb if
> BB_SAME_SUCC () == NULL.
>
> Bootstrapped and reg-tested on x86_64.
>
> OK for trunk and gcc-[567]-branch?
Ok for trunk and branches. Mind the gcc-6 branch is frozen right now.
Thanks,
Richard.
> Thanks,
> - Tom
>
--
Richard Biener <rguent...@suse.de>
SUSE LINUX GmbH, GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB
21284 (AG Nuernberg)
