I will have a look.

I see it fixed on trunk since r257620.

And appeared on trunk before that in r235817.

But the fix seems to be specific to C front-end and does not cover C++?

This time it's not (only) my mistake in the way I configure gcc: https://gcc.godbolt.org/z/2xRIE_

Program received signal SIGSEGV, Segmentation fault.
0x000000000174d104 in make_ssa_name_fn (fn=0x7ffff69e6160, var=<tree 0x0>, 
    stmt=<gimple 0x0>, version=0)
    at /space/rguenther/src/gcc-sccvn/gcc/tree-ssanames.c:268
268       gcc_assert (VAR_P (var)

we are remapping a released SSA name referenced from TYPE_SIZE of
int[0:(sizetype) D.2308][0:(sizetype) D.2307]

Thus this is a FE issue where we lack a DECL_EXPR for the type used in
some memory reference:

(gdb) p debug_gimple_stmt (stmt)
# VUSE <.MEM_6(D)>
_5 = MEM[(int[0:(sizetype) D.2308][0:(sizetype) D.2307] *)foo.2_4][0]{lb: 0 sz: _3 * 4}[0];

static void f2 (int arg) { res = ((int (*)[arg][b]) foo)[0][0][0]; }

is in .original

;; Function void f2(int) (null)
;; enabled by -tree-original


<<cleanup_point <<< Unknown tree: expr_stmt
  (void) (res = (*(((sizetype) (SAVE_EXPR <(ssizetype) b + -1>) + 1) * ((sizetype) (SAVE_EXPR <(ssizetype) arg + -1>) + 1);, (int[0:(sizetype) (SAVE_EXPR <(ssizetype) arg + -1>)][0:(sizetype) (SAVE_EXPR <(ssizetype) b + -1>)] *) foo;))[0][0]) >>>>>;


there's no DECL_EXPR so size expressions are not properly unshared.  IIRC
there's a duplicate PR where I ran into a similar issue.  I'm probably
thinking of PR86216 which sadly also has no attention from FE maintainers.

Anyway, C++ FE bug.

(In reply to Arseny Solokha from comment #4)
> But the fix seems to be specific to C front-end and does not cover C++?

Yeah, I can reproduce with the C++ FE which probably needs a similar fix.

*** Bug 89439 has been marked as a duplicate of this bug. ***

*** Bug 89910 has been marked as a duplicate of this bug. ***

*** Bug 90494 has been marked as a duplicate of this bug. ***

digging into the C++ FE's grokdeclarator shows this to be trickier than C.  C has a global variable of the expression component currently being built.  it hooks a COMPOUND_EXPR into there, in its own binding layer, when the grokking context is TYPENAME.  C++ does not have such a mechanism.

We cant just push the typedecl into the current statement list for three reasons

1) if we're in an initializer of a var decl, we'll push the typedecl /after/ the expression to which it refers.

2) if we're in a conditionally reached subexpression, we'll push the typedecl into an unconditional region of code.

    thing = cond ? (VLA_TYPE)expr : NULL;

3) if a components of the VLA is modified by an earlier piece of the current expression (i.e. comma operator), we'll push the typedecl before that modification.

    thing = (X++, (VLA_TYPE[X])expr);

I also noticed that strip_typedefs reconstructs the outer array type in 90494, but because the original isn't in the canonical hash, these get different canonical_types.  That seems wrong.

I suspect we need to do something like:
(a) create the typedecls in grokdeclarator
(b) insert the decl_exprs during the gimplify walk

that'll also handle the non function-scope cases, which we completely ignore right now.

*** Bug 91002 has been marked as a duplicate of this bug. ***

The GCC 7 branch is being closed, re-targeting to GCC 8.4.

The master branch has been updated by Jason Merrill <jason@gcc.gnu.org>:

https://gcc.gnu.org/g:3539fc1317267b30eb7c4ad48d52f4e46b3a198a

commit r10-6405-g3539fc1317267b30eb7c4ad48d52f4e46b3a198a
Author: Jason Merrill <jason@redhat.com>
Date:   Fri Jan 31 21:59:48 2020 -0500

    c++: Fix cast to pointer to VLA.
    
    The C front-end fixed this issue in r257620 by adding a DECL_EXPR from
    grokdeclarator.  We don't have an easy way to do that in the C++ front-end,
    but it works fine to create and prepend a DECL_EXPR when we are genericizing
    the NOP_EXPR for the cast.
    
    The C patch wraps the DECL_EXPR in a BIND_EXPR, but that seems unnecessary
    in C++; this is just a hook to run gimplify_type_sizes, we aren't actually
    declaring anything that we need to worry about scoping for.
    
    	PR c++/88256
    	* cp-gimplify.c (predeclare_vla): New.
    	(cp_genericize_r) [NOP_EXPR]: Call it.

Fixed for GCC 10 so far.

The releases/gcc-9 branch has been updated by Jason Merrill <jason@gcc.gnu.org>:

https://gcc.gnu.org/g:f137a7c6b122e524294fb792bb97d5f3b0600c4f

commit r9-8322-gf137a7c6b122e524294fb792bb97d5f3b0600c4f
Author: Jason Merrill <jason@redhat.com>
Date:   Mon Mar 2 14:42:47 2020 -0500

    c++: Fix cast to pointer to VLA.
    
    The C front-end fixed this issue in r257620 by adding a DECL_EXPR from
    grokdeclarator.  We don't have an easy way to do that in the C++ front-end,
    but it works fine to create and prepend a DECL_EXPR when we are genericizing
    the NOP_EXPR for the cast.
    
    The C patch wraps the DECL_EXPR in a BIND_EXPR, but that seems unnecessary
    in C++; this is just a hook to run gimplify_type_sizes, we aren't actually
    declaring anything that we need to worry about scoping for.
    
    gcc/cp/ChangeLog
    2020-03-02  Jason Merrill  <jason@redhat.com>
    
    	PR c++/88256
    	* cp-gimplify.c (predeclare_vla): New.
    	(cp_genericize_r) [NOP_EXPR]: Call it.

Fixed for 9.3/10.