The wrong optimization causes out-of-bounds array access, which leads to a Segmentation fault. Unfortunately, I was not able to merge the reproducer into a single file ([[gnu::noipa]] and __attribute__((noipa)) didn't work or I've used them incorrectly). This looks like a recent bug because we started to detect it on Tuesday (June 12th). Reproducer: //driver.cpp #include <stdio.h> bool var_0 = (bool)1; unsigned int arr_44 = 3397135069U; bool arr_8 [7]; short arr_61 [140]; void test(); int main() { test(); printf("%u\n", arr_61[117]); if (arr_61[117] != 9) __builtin_abort(); } //func.cpp extern bool var_0; extern unsigned arr_44; extern bool arr_8[]; extern short arr_61[]; const unsigned &a(const unsigned &c, unsigned &f) { return f ? c : f; } bool bar(bool c) { return c; } void test() { for (int b = 0; b < 7; b += var_0) arr_8[b] = 1; for (int d = 0; d < bar(var_0) + 9; d++) for (unsigned e = 0; e < 14; e++) arr_61[d * e] = a(d, arr_44); } Error: >$ g++ -O2 func.cpp driver.cpp && ./a.out 9 >$ g++ -O3 func.cpp driver.cpp && ./a.out Segmentation fault (core dumped) gcc version 13.0.0 20220713 (c479c40f8c8fee0fb70e8a365b61c55739f448e1)
Fixed with r13-1684-g554b21edb9ec91a8.
(In reply to Martin Liška from comment #1) > Fixed with r13-1684-g554b21edb9ec91a8. Thanks for tracking this down Martin. Sorry for the pain. It was a silly oversight.