From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 81476386EC00; Fri, 10 May 2024 13:44:34 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 81476386EC00 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1715348674; bh=5D7rdAxi0SeCcyLlGnKwoEPSLFfz7Z213WbJFH/kMvY=; h=From:To:Subject:Date:In-Reply-To:References:From; b=LpLmeVi7uy4DtQxcvoPlt6fAnYRDWr/6l3q1gvBch/t/8fdenZbWdbpmHsapdCL2Z OWUruQW3WBdJul917V+B8uIvnpfPQ/eM39K6fEWFDyqhOXuD1nCj/rolssW0hFdBgL +vLBG+OCIL3YhrdakJoz+JGE64EU2D4/J2/0ijvc= From: "cvs-commit at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/114998] [14/15 Regression] ICE on valid code at -O3 with "-fno-tree-dce" on x86_64-linux-gnu: Segmentation fault since r14-9767 Date: Fri, 10 May 2024 13:44:34 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 14.1.0 X-Bugzilla-Keywords: ice-on-valid-code X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: rguenth at gcc dot gnu.org X-Bugzilla-Target-Milestone: 14.2 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D114998 --- Comment #5 from GCC Commits --- The master branch has been updated by Richard Biener : https://gcc.gnu.org/g:34d15a4d630a0d54eddb99bdab086c506e10dac5 commit r15-362-g34d15a4d630a0d54eddb99bdab086c506e10dac5 Author: Richard Biener Date: Fri May 10 14:19:49 2024 +0200 tree-optimization/114998 - use-after-free with loop distribution When loop distribution releases a PHI node of the original IL it can end up clobbering memory that's re-used when it upon releasing its RDG resets all stmt UIDs back to -1, even those that got released. The fix is to avoid resetting UIDs based on stmts in the RDG but instead reset only those still present in the loop. PR tree-optimization/114998 * tree-loop-distribution.cc (free_rdg): Take loop argument. Reset UIDs of stmts still in the IL rather than all stmts referenced from the RDG. (loop_distribution::build_rdg): Pass loop to free_rdg. (loop_distribution::distribute_loop): Likewise. (loop_distribution::transform_reduction_loop): Likewise. * gcc.dg/torture/pr114998.c: New testcase.=