The following trimmed testcase from 464.h264ref is segfaulting. int a1[6][4][4]; short b1[16]; int c1; void CalculateQuantParam(void) { int i, j, k, temp; for(k=0; k<6; k++) for(j=0; j<4; j++) for(i=0; i<4; i++) { temp = (i<<2)+j; a1[k][j][i] = c1/b1[temp]; } } $ /home/pthaugen/install/gcc/trunk/bin/gcc -c -m32 -O2 -ftree-loop-linear junk.c junk.c: In function #CalculateQuantParam#: junk.c:6: internal compiler error: Segmentation fault Please submit a full bug report, Program received signal SIGSEGV, Segmentation fault. extract_muldiv (t=0xf6efa1c0, c=0xf7de0f60, code=MULT_EXPR, wide_type=0xf6e60150, strict_overflow_p=0xffaaee08 "") at /home/pthaugen/src/gcc/trunk/gcc/gcc/fold-const.c:6008 6008 > GET_MODE_SIZE (TYPE_MODE (type))) (gdb) bt 10 #0 extract_muldiv (t=0xf6efa1c0, c=0xf7de0f60, code=MULT_EXPR, wide_type=0xf6e60150, strict_overflow_p=0xffaaee08 "") at /home/pthaugen/src/gcc/trunk/gcc/gcc/fold-const.c:6008 #1 0x42084484 in ?? () #2 0x10212c6c in extract_muldiv (t=<value optimized out>, c=0xf7de0f60, code=MULT_EXPR, wide_type=0xf6e60460, strict_overflow_p=0xffaaeee0 "") at /home/pthaugen/src/gcc/trunk/gcc/gcc/fold-const.c:6150 #3 0x22084442 in ?? () #4 0x10212f58 in extract_muldiv (t=0xf6f2adc0, c=0xf7de0480, code=MULT_EXPR, wide_type=0xf6e60150, strict_overflow_p=0xffaaeee0 "") at /home/pthaugen/src/gcc/trunk/gcc/gcc/fold-const.c:6066 #5 0x42084442 in ?? () #6 0x101f1e34 in fold_binary (code=MULT_EXPR, type=0xf6e60150, op0=0xf6f2adc0, op1=0xf7de0480) at /home/pthaugen/src/gcc/trunk/gcc/gcc/fold-const.c:10359 #7 0x42008482 in ?? () #8 0x101fcb40 in fold_build2_stat (code=ERROR_MARK, type=0xf7de0f60, op0=0x43, op1=0xf6e60150) at /home/pthaugen/src/gcc/trunk/gcc/gcc/fold-const.c:13560 #9 0x106d5730 in chrec_fold_multiply (type=0xf6e60150, op0=0xf6f2adc0, op1=0xf7de0480) at /home/pthaugen/src/gcc/trunk/gcc/gcc/tree-chrec.c:426
Confirmed. Also happens on x86_64, -O -ftree-loop-linear. We have a freed SSA_NAME in use: Program received signal SIGSEGV, Segmentation fault. 0x000000000067da2a in extract_muldiv_1 (t=0x2b5d06c1af60, c=0x2b5d062ab180, code=MULT_EXPR, wide_type=0x2b5d06282000, strict_overflow_p=0x7fffa488a0f7 "") at /space/rguenther/src/svn/pointer_plus/gcc/fold-const.c:6008 6008 > GET_MODE_SIZE (TYPE_MODE (type))) (gdb) print type $2 = (tree) 0x0 (gdb) call debug_tree (t) <ssa_name 0x2b5d06c1af60 nothrow var <var_decl 0x2b5d06343370 j> def_stmt <ssa_name 0x2b5d06c1a240> version 36 in-free-list> but linear loop transforms are known to be somewhat broken.
The problem is linked to the fact that we eliminate old induction variables too early, so we end up with SSA names that were freed in the chrecs. I'm testing a patch fixing this problem.
Subject: Bug 33576 Author: spop Date: Wed Oct 3 15:45:10 2007 New Revision: 128986 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=128986 Log: 2007-10-03 Sebastian Pop <sebastian.pop@amd.com> PR tree-optimization/33576 * testsuite/gcc.dg/tree-ssa/pr33576.c: New. * tree-loop-linear.c (linear_transform_loops): Call remove_iv. * lambda.h (lambda_loopnest_to_gcc_loopnest): New parameter. (remove_iv): Declared. * lambda-code.c (remove_iv): Not static. (lambda_loopnest_to_gcc_loopnest): New parameter remove_ivs. Don't remove ivs there, save ivs in the buffer. Added: trunk/gcc/testsuite/gcc.dg/tree-ssa/pr33576.c Modified: trunk/gcc/ChangeLog trunk/gcc/lambda-code.c trunk/gcc/lambda.h trunk/gcc/tree-loop-linear.c
Fixed.