From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 2EA2C384AB42; Fri, 17 May 2024 10:39:03 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2EA2C384AB42 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1715942343; bh=dlaujNbDdVATK5+OJD+XvTJuDgyz1ZaxDNY6EwnTpa0=; h=From:To:Subject:Date:In-Reply-To:References:From; b=Q8Bp9jQMpr+hNp4oeDUTJczvMbBWYRlh55x/cDFnmcNDM9TuViZIxWBXnguUkqAs+ /Fa3et4aUkfaF/IBO5B/VtVCoPi3PJ00lvIWaf6v37lucWvb0DAbntSVwvZ5Xtgx3T 71KC6xX6+9o3Rds0mv5SZ0Kn/++DEV03bnYXRgB4= From: "cvs-commit at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/114998] [14 Regression] ICE on valid code at -O3 with "-fno-tree-dce" on x86_64-linux-gnu: Segmentation fault since r14-9767 Date: Fri, 17 May 2024 10:39:01 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 14.1.0 X-Bugzilla-Keywords: ice-on-valid-code X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: rguenth at gcc dot gnu.org X-Bugzilla-Target-Milestone: 14.2 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D114998 --- Comment #7 from GCC Commits --- The releases/gcc-14 branch has been updated by Richard Biener : https://gcc.gnu.org/g:1e9ae50d4d160f6d557fc4cbbe95c4a36897c09f commit r14-10214-g1e9ae50d4d160f6d557fc4cbbe95c4a36897c09f Author: Richard Biener Date: Fri May 10 14:19:49 2024 +0200 tree-optimization/114998 - use-after-free with loop distribution When loop distribution releases a PHI node of the original IL it can end up clobbering memory that's re-used when it upon releasing its RDG resets all stmt UIDs back to -1, even those that got released. The fix is to avoid resetting UIDs based on stmts in the RDG but instead reset only those still present in the loop. PR tree-optimization/114998 * tree-loop-distribution.cc (free_rdg): Take loop argument. Reset UIDs of stmts still in the IL rather than all stmts referenced from the RDG. (loop_distribution::build_rdg): Pass loop to free_rdg. (loop_distribution::distribute_loop): Likewise. (loop_distribution::transform_reduction_loop): Likewise. * gcc.dg/torture/pr114998.c: New testcase. (cherry picked from commit 34d15a4d630a0d54eddb99bdab086c506e10dac5)=