https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91236
Bug ID: 91236
Summary: [10 Regression] ICE in walk_non_aliased_vuses at
gcc/tree-ssa-alias.c:3395 on aarch64
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: marxin at gcc dot gnu.org
CC: rguenth at gcc dot gnu.org
Target Milestone: ---
Host: aarch64-linux-gnu
Target: aarch64-linux-gnu
I reduced that from 510.parest_r where with -O3 I get ICE for the following
test-case:
$ template <typename> class e;
template <typename> struct f;
template <typename c> struct f<e<c>> { using d = c *; };
template <int> struct h;
struct m : f<e<h<3>>> {
typedef h<3> &g;
};
struct q {
struct {
m::d k;
} l;
};
class H : q {
public:
void n(long, h<3>);
m::g operator[](long) { return *l.k; }
};
template <int> class o;
template <int dim> struct F { static const int p = dim; };
template <int dim> struct h { int s[F<dim>::p]; };
template <int> class t;
class r {
template <int dim>
void u(t<dim> &, const o<dim> &, double, double, unsigned, bool);
};
template <int dim>
void r::u(t<dim> &, const o<dim> &, double, double, unsigned, bool) {
H a;
int b[48]{4, 8};
a.n(2, h<dim>());
for (int i;;)
for (int j = 0;; ++j)
a[i].s[j] = b[j];
}
template void r::u(t<3> &, const o<3> &, double, double, unsigned, bool);
$ g++ ice.ii -c -O3
during GIMPLE pass: fre
ice.ii: In member function ‘void r::u(t<dim>&, const o<dim>&, double, double,
unsigned int, bool) [with int dim = 3]’:
ice.ii:27:6: internal compiler error: Segmentation fault
27 | void r::u(t<dim> &, const o<dim> &, double, double, unsigned, bool) {
| ^
0xf163bf crash_signal
../../gcc/toplev.c:326
0x104def4 walk_non_aliased_vuses(ao_ref*, tree_node*, bool, void* (*)(ao_ref*,
tree_node*, void*), void* (*)(ao_ref*, tree_node*, void*, bool*), tree_node*
(*)(tree_node*), unsigned int&, void*)
../../gcc/tree-ssa-alias.c:3395
g++: internal compiler error: Segmentation fault signal terminated program
cc1plus
Please submit a full bug report,
with preprocessed source if appropriate.
See <https://gcc.gnu.org/bugs/> for instructions.
I can't reproduce that on x86_64-linux-gnu.
valgrind --follow-children=yes g++ ice.ii -c -O3
valgrind: Unknown option: --follow-children=yes
valgrind: Use --help for more information or consult the user manual.
mliska@needle:/tmp> valgrind --trace-children=yes g++ ice.ii -c -O3
==11871== Memcheck, a memory error detector
==11871== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==11871== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==11871== Command: g++ ice.ii -c -O3
==11871==
==11872== Memcheck, a memory error detector
==11872== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==11872== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==11872== Command:
/home/mliska/bin/gcc/lib/gcc/aarch64-unknown-linux-gnu/10.0.0/cc1plus
-fpreprocessed ice.ii -quiet -dumpbase ice.ii -mlittle-endian -mabi=lp64
-auxbase ice -O3 -o /tmp/ccBjIIl5.s
==11872==
==11872== Invalid read of size 8
==11872== at 0x104DEF4: walk_non_aliased_vuses(ao_ref*, tree_node*, bool,
void* (*)(ao_ref*, tree_node*, void*), void* (*)(ao_ref*, tree_node*, void*,
bool*), tree_node* (*)(tree_node*), unsigned int&, void*)
(tree-ssa-alias.c:3395)
==11872== Address 0x78 is not stack'd, malloc'd or (recently) free'd
==11872==
during GIMPLE pass: fre
ice.ii: In member function ‘void r::u(t<dim>&, const o<dim>&, double, double,
unsigned int, bool) [with int dim = 3]’:
ice.ii:27:6: internal compiler error: Segmentation fault
27 | void r::u(t<dim> &, const o<dim> &, double, double, unsigned, bool) {
| ^
==11872== Invalid read of size 4
==11872== at 0x18FE8AC: aarch64_fallback_frame_state
(md-unwind-support.h:74)
==11872== by 0x18FE8AC: uw_frame_state_for (unwind-dw2.c:1257)
==11872== by 0x19001A3: _Unwind_Backtrace (unwind.inc:290)
==11872== by 0x18BA467: backtrace_full (backtrace.c:127)
==11872== by 0x185703F: diagnostic_action_after_output(diagnostic_context*,
diagnostic_t) (diagnostic.c:543)
==11872== by 0x18572F3: diagnostic_report_diagnostic(diagnostic_context*,
diagnostic_info*) (diagnostic.c:1033)
==11872== by 0x1857653: diagnostic_impl(rich_location*, int, char const*,
std::__va_list*, diagnostic_t) (diagnostic.c:1166)
==11872== by 0x1857FF7: internal_error(char const*, ...) (diagnostic.c:1547)
==11872== by 0xF163BF: crash_signal(int) (toplev.c:326)
==11872== by 0x5818863B: ??? (in /usr/lib64/valgrind/memcheck-arm64-linux)
==11872== Address 0x280000009 is not stack'd, malloc'd or (recently) free'd
==11872==
==11872==
==11872== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==11872== Access not within mapped region at address 0x280000009
==11872== at 0x18FE8AC: aarch64_fallback_frame_state
(md-unwind-support.h:74)
==11872== by 0x18FE8AC: uw_frame_state_for (unwind-dw2.c:1257)
==11872== by 0x19001A3: _Unwind_Backtrace (unwind.inc:290)
==11872== by 0x18BA467: backtrace_full (backtrace.c:127)
==11872== by 0x185703F: diagnostic_action_after_output(diagnostic_context*,
diagnostic_t) (diagnostic.c:543)
==11872== by 0x18572F3: diagnostic_report_diagnostic(diagnostic_context*,
diagnostic_info*) (diagnostic.c:1033)
==11872== by 0x1857653: diagnostic_impl(rich_location*, int, char const*,
std::__va_list*, diagnostic_t) (diagnostic.c:1166)
==11872== by 0x1857FF7: internal_error(char const*, ...) (diagnostic.c:1547)
==11872== by 0xF163BF: crash_signal(int) (toplev.c:326)
==11872== by 0x5818863B: ??? (in /usr/lib64/valgrind/memcheck-arm64-linux)
==11872== If you believe this happened as a result of a stack
==11872== overflow in your program's main thread (unlikely but
==11872== possible), you can try to increase the size of the
==11872== main thread stack using the --main-stacksize= flag.
==11872== The main thread stack size used in this run was 67108864.
