This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug tree-optimization/81600] New: tree-vect-loop.c:6075:22: runtime error: index -1 out of bounds for type 'tree_node *[3]'
- From: "jakub at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Fri, 28 Jul 2017 12:12:24 +0000
- Subject: [Bug tree-optimization/81600] New: tree-vect-loop.c:6075:22: runtime error: index -1 out of bounds for type 'tree_node *[3]'
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81600
Bug ID: 81600
Summary: tree-vect-loop.c:6075:22: runtime error: index -1 out
of bounds for type 'tree_node *[3]'
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: jakub at gcc dot gnu.org
Target Milestone: ---
There seems to be undefined behavior in tree-vect-loop.c
(vectorizable_reduction) on e.g. gcc.c-torture/execute/pr68250.c testcase at
-O3.
To reproduce, put a breakpoint on vectorizable_condition, run and see reduc_def
is garbage, like:
reduc_def=<error reading variable: Cannot access memory at address 0x1>
The problem is that reduc_index is -1, and ops is array of 3 elements:
6072 /* Only call during the analysis stage, otherwise we'll lose
6073 STMT_VINFO_TYPE. */
6074 if (!vec_stmt && !vectorizable_condition (stmt, gsi, NULL,
6075 ops[reduc_index], 0,
NULL))
6076 {
In this exact case vectorizable_condition seems to ignore the reduc_def
argument, but it isn't clear when exactly does it use that.
So not sure if the right fix is
tree reduc_def = reduc_index == -1 ? NULL_TREE : ops[reduc_index];
and s/ops.reduc_index./reduc_def/ in the call or something else.