Created attachment 24232 [details] Output of "ajo-gcc -w -O1 -finline-functions -ftree-vectorize -ffast-math -fno-tree-slp-vectorize -c test1281247203.c" This reproduces for me with svn revision 173589 (2011-05-09). It doesn't reproduce with gcc 4.5.1. I'm on Ubuntu 10.10, x86-64. cat >test1281247203.c <<EOF static int ADD(int x) { return (x > 0) ? 0 : x+1; } void func_65(unsigned int x) { int l_376 = -1; lbl_469: while (x) { x = ADD(x); } } EOF gcc -w -O1 -finline-functions -ftree-vectorize -ffast-math -fno-tree-slp-vectorize -c test1281247203.c test1281247203.c: In function ‘func_65’: test1281247203.c:5:6: internal compiler error: in execute_cse_reciprocals, at tree-ssa-math-opts.c:512 This test case is reduced from the output of Csmith 2.1.0 (git hash 541a6480, https://github.com/csmith-project/csmith/), using the following command line: csmith --no-paranoid --longlong --no-pointers --arrays --jumps --consts --no-volatiles --no-checksum --no-divs --no-muls --no-bitfields --no-packed-struct -s 1281247203
Confirmed, started in between r160500 and r161170, ICEs even on 4.6 branch if --enable-checking.
tree-if-conv.c fails to free_bb_predicate on some bbs, thus bb->aux is non-NULL on entry to following passes.
Created attachment 24237 [details] gcc46-pr48975.patch The problem was that combine_blocks removes most of the bbs in the loop, keeps around only header, latch and maybe exit_bb, but free_bb_predicate is called in the caller on ifc_bbs entries starting with 0 (loop->header which stays, fine) up to number of remaining bbs in the loop - 1 (that number can be at most 3). But nothing reordered ifc_bbs entries, so it very well can free_bb_predicate of a removed bb (use after free) and can fail to free_bb_predicate for latch or exit_bb. This patch fixes it by free_bb_predicate for all bbs in the loop already before (some of) the bbs are removed and ensures the caller doesn't try to do that again.
Author: jakub Date: Thu May 12 17:44:23 2011 New Revision: 173709 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=173709 Log: PR tree-optimization/48975 * tree-if-conv.c (combine_blocks): Call free_bb_predicate on all bbs here and free and clear ifc_bbs at the end. * gcc.dg/pr48975.c: New test. Added: trunk/gcc/testsuite/gcc.dg/pr48975.c Modified: trunk/gcc/ChangeLog trunk/gcc/testsuite/ChangeLog trunk/gcc/tree-if-conv.c
Author: jakub Date: Thu May 12 17:46:15 2011 New Revision: 173710 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=173710 Log: PR tree-optimization/48975 * tree-if-conv.c (combine_blocks): Call free_bb_predicate on all bbs here and free and clear ifc_bbs at the end. * gcc.dg/pr48975.c: New test. Added: branches/gcc-4_6-branch/gcc/testsuite/gcc.dg/pr48975.c Modified: branches/gcc-4_6-branch/gcc/ChangeLog branches/gcc-4_6-branch/gcc/testsuite/ChangeLog branches/gcc-4_6-branch/gcc/tree-if-conv.c
Fixed.