From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 3F84B395A833; Thu, 23 Apr 2020 23:24:20 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3F84B395A833
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
 s=default; t=1587684260;
 bh=J8lvEjgzhSqtZAzXEcU+SHgncmpRpw5qFlDc6pF8e3I=;
 h=From:To:Subject:Date:In-Reply-To:References:From;
 b=wOGWmgRA3lqflYrlAmFXgSdpa9TLBbVMQCT+DtdwJ3dJGcDo/rR1E6mfFsfy1Fwc9
 3qAYb+HeGvY3eFpJ+1i4RPRIFYyF9JFJZsHU18YAgWeCQOKUor/Ryrs4aY5Aj6StjQ
 hBL5haHURGW2tB+CKiFymn/bB1SXwRDwYhnRkG1s=
From: "jakub at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/94734] [10 Regression] Program crashes when
 compiled with -O2 since r10-1892-gb9ef6a2e04bfd013
Date: Thu, 23 Apr 2020 23:24:20 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 10.0
X-Bugzilla-Keywords: wrong-code
X-Bugzilla-Severity: normal
X-Bugzilla-Who: jakub at gcc dot gnu.org
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P1
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 10.0
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-94734-4-Ffdi0fk9WM@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-94734-4@http.gcc.gnu.org/bugzilla/>
References: <bug-94734-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <http://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <http://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2020 23:24:20 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D94734

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jakub at gcc dot gnu.org

--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
+  int cstore_31;
+  int cstore_32;

   <bb 2> [local count: 114863530]:
   goto <bb 7>; [100.00%]

   <bb 3> [local count: 1014686026]:
   _1 =3D (long unsigned int) sum_a_7;
   _2 =3D _1 * 8;
   _3 =3D input_21(D) + _2;
   _4 =3D *_3;
   if (_4 =3D=3D 0B)
     goto <bb 15>; [5.50%]
   else
     goto <bb 4>; [94.50%]

   <bb 4> [local count: 958878296]:
   if (sum_a_7 <=3D 1)
-    goto <bb 5>; [28.10%]
+    goto <bb 6>; [28.10%]
   else
-    goto <bb 6>; [71.90%]
+    goto <bb 5>; [71.90%]

-  <bb 5> [local count: 269444804]:
-  arr[sum_a_7] =3D 1;
+  <bb 5> [local count: 689433492]:
+  cstore_32 =3D MEM <int[2]> [(void *)&arr][sum_a_7];

   <bb 6> [local count: 958878296]:
+  # cstore_31 =3D PHI <1(4), cstore_32(5)>
+  MEM <int[2]> [(void *)&arr][sum_a_7] =3D cstore_31;
   sum_a_23 =3D sum_a_7 + 1;

done by cselim looks just plain wrong, there is no dominating load from that
memory, so even when the variable is an automatic variable, there is no
guarantee it won't be out of bounds and thus crash already on the load, or =
just
modify random unrelated memory.=