On Tue, Oct 22, 2019 at 9:25 AM Richard Sandiford
<richard.sandif...@arm.com> wrote:
>
> I noticed yesterday that r277235 was a bit too mechanical and ended up
> introducing use after free bugs in both loop and SLP vectorisation.
> Sorry for the stupid mistake. :-(
>
> Moving "next_size += 1" down isn't part of the fix, but it seemed odd
> to keep it where it was after moving the "next_size == 0" stuff up.
>
> Tested on aarch64-linux-gnu and x86_64-linux-gnu. OK to install?
OK.
Richard.
> Richard
>
>
> 2019-10-22 Richard Sandiford <richard.sandif...@arm.com>
>
> gcc/
> * tree-vect-slp.c (vect_slp_bb_region): Check whether
> autodetected_vector_size rather than vector_size is zero.
> * tree-vect-loop.c (vect_analyze_loop): Likewise.
> Set autodetected_vector_size immediately after calling
> vect_analyze_loop_2. Check for a fatal error before advancing
> next_size.
>
> Index: gcc/tree-vect-slp.c
> ===================================================================
> --- gcc/tree-vect-slp.c 2019-10-22 08:21:31.000000000 +0100
> +++ gcc/tree-vect-slp.c 2019-10-22 08:21:31.474357917 +0100
> @@ -3043,7 +3043,7 @@ vect_slp_bb_region (gimple_stmt_iterator
>
> if (vectorized
> || next_size == vector_sizes.length ()
> - || known_eq (bb_vinfo->vector_size, 0U)
> + || known_eq (autodetected_vector_size, 0U)
> /* If vect_slp_analyze_bb_1 signaled that analysis for all
> vector sizes will fail do not bother iterating. */
> || fatal)
> Index: gcc/tree-vect-loop.c
> ===================================================================
> --- gcc/tree-vect-loop.c 2019-10-22 08:21:31.000000000 +0100
> +++ gcc/tree-vect-loop.c 2019-10-22 08:21:31.474357917 +0100
> @@ -2354,6 +2354,9 @@ vect_analyze_loop (class loop *loop, loo
> LOOP_VINFO_ORIG_LOOP_INFO (loop_vinfo) = orig_loop_vinfo;
>
> opt_result res = vect_analyze_loop_2 (loop_vinfo, fatal, &n_stmts);
> + if (next_size == 0)
> + autodetected_vector_size = loop_vinfo->vector_size;
> +
> if (res)
> {
> LOOP_VINFO_VECTORIZABLE_P (loop_vinfo) = 1;
> @@ -2379,21 +2382,18 @@ vect_analyze_loop (class loop *loop, loo
> else
> delete loop_vinfo;
>
> - if (next_size == 0)
> - autodetected_vector_size = loop_vinfo->vector_size;
> -
> - if (next_size < vector_sizes.length ()
> - && known_eq (vector_sizes[next_size], autodetected_vector_size))
> - next_size += 1;
> -
> if (fatal)
> {
> gcc_checking_assert (first_loop_vinfo == NULL);
> return opt_loop_vec_info::propagate_failure (res);
> }
>
> + if (next_size < vector_sizes.length ()
> + && known_eq (vector_sizes[next_size], autodetected_vector_size))
> + next_size += 1;
> +
> if (next_size == vector_sizes.length ()
> - || known_eq (loop_vinfo->vector_size, 0U))
> + || known_eq (autodetected_vector_size, 0U))
> {
> if (first_loop_vinfo)
> {
