https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112303
--- Comment #9 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Still reproduceable with
--- gcc/tree-scalar-evolution.cc
+++ gcc/tree-scalar-evolution.cc
@@ -3881,7 +3881,7 @@ final_value_replacement_loop (class loop *loop)
/* Propagate constants immediately, but leave an unused initialization
around to avoid invalidating the SCEV cache. */
- if (CONSTANT_CLASS_P (def) && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rslt))
+ if (0 && CONSTANT_CLASS_P (def) && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI
(rslt))
replace_uses_by (rslt, def);
/* Create the replacement statements. */
The bb with uninitialized count is created by
#7 0x000000000069060b in create_empty_bb (after=<basic_block 0x7fffe9f78e40
(125)>) at ../../gcc/cfghooks.cc:773
#8 0x0000000000e2c995 in gimple_duplicate_bb (bb=<basic_block 0x7fffe9f1b360
(62)>, id=0x7fffffffc610) at ../../gcc/tree-cfg.cc:6513
#9 0x0000000000691158 in duplicate_block (bb=<basic_block 0x7fffe9f1b360
(62)>, e=<edge 0x0>, after=<basic_block 0x7fffe9fca120 (227)>,
id=0x7fffffffc610)
at ../../gcc/cfghooks.cc:1119
#10 0x00000000006918f5 in copy_bbs (bbs=0x3bfa670, n=3, new_bbs=0x3bce9c0,
edges=0x7fffffffc790, num_edges=2, new_edges=0x7fffffffc780,
base=0x7fffe9f1f7d0,
after=<basic_block 0x7fffe9fca120 (227)>, update_dominance=true) at
../../gcc/cfghooks.cc:1384
#11 0x00000000006a19c6 in duplicate_loop_body_to_header_edge
(loop=0x7fffe9f1f7d0, e=<edge 0x7fffe9f4f3c0 (227 -> 62)>, ndupl=2,
wont_exit=0x3ac78f0,
orig=<edge 0x7fffe9f189f0 (65 -> 66)>, Python Exception <class
'gdb.error'>: There is no member or method named m_vecpfx.
to_remove=0x39ba7b0, flags=5) at ../../gcc/cfgloopmanip.cc:1403
#12 0x0000000000fc8fd9 in gimple_duplicate_loop_body_to_header_edge
(loop=0x7fffe9f1f7d0, e=<edge 0x7fffe9f47a20 (61 -> 225)>, ndupl=2,
wont_exit=0x3ac78f0,
orig=<edge 0x7fffe9f189f0 (65 -> 66)>, Python Exception <class
'gdb.error'>: There is no member or method named m_vecpfx.
to_remove=0x39ba7b0, flags=5) at ../../gcc/tree-ssa-loop-manip.cc:860
#13 0x0000000000fa53f6 in try_unroll_loop_completely (loop=0x7fffe9f1f7d0,
exit=<edge 0x7fffe9f189f0 (65 -> 66)>, niter=<integer_cst 0x7fffea3163d8>,
may_be_zero=false, ul=UL_ALL,
maxiter=2, locus=..., allow_peel=true) at
../../gcc/tree-ssa-loop-ivcanon.cc:960
Seems in the above backtrace it is duplicate_block which does the new_bb->count
updates.
It does:
1107 profile_count new_count = e ? e->count ():
profile_count::uninitialized ();
but e is NULL, so here new_count is unitialized, and then
1114 if (bb->count < new_count)
1115 new_count = bb->count;
here
p bb->count.debug ()
2305843009213693950 (estimated locally, freq 144115188075855872.0000)
p new_count.debug ()
uninitialized
but bb->count < new_count is false due to
bool operator< (const profile_probability &other) const
{
return initialized_p () && other.initialized_p () && m_val < other.m_val;
}
Shouldn't that be if (!(bb->count >= new_count)) or if (bb->count < new_count
|| !new_count.initialized_p ()) ?
Honza?
