[Bug middle-end/106495] [13 Regression] Build fails gcc/tree-ssa-threadbackward.cc:22: gcc/vec.h:890:19: error: array subscript 4294967294 is above array bounds of 'basic_block_def* [1]' [-Werror=array-bounds]
rguenth at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Mon Aug 1 12:17:29 GMT 2022
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106495
--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
if (_233 != 0B)
goto <bb 113>; [70.00%]
else
goto <bb 111>; [30.00%]
;; succ: 113 [70.0% (guessed)] count:1263844 (estimated locally)
(TRUE_VALUE,EXECUTABLE)
;; 111 [30.0% (guessed)] count:541647 (estimated locally)
(FALSE_VALUE,EXECUTABLE)
;; basic block 111, loop depth 0, count 541647 (estimated locally), maybe hot
;; prev block 110, next block 112, flags: (NEW, REACHABLE, VISITED)
;; pred: 110 [30.0% (guessed)] count:541647 (estimated locally)
(FALSE_VALUE,EXECUTABLE)
_286 = MEM[(struct vec *)0B].m_vecpfx.m_num;
so a NULL pointer check is not enough to make the NULL case cold.
threadfull1 exposes the path, vrp1 warns on it (it seems VRP1 at least no
longer performs any threading itself).
Before threadfull1 we have
;; basic block 114, loop depth 0, count 1805491 (estimated locally), maybe
hot
;; prev block 112, next block 115, flags: (NEW, REACHABLE, VISITED)
;; pred: 108 [66.0% (guessed)] count:1805489 (estimated locally)
(FALSE_VALUE,EXECUTABLE)
_233 = m_path_142(D)->m_vec;
if (_233 != 0B)
goto <bb 115>; [70.00%]
else
goto <bb 116>; [30.00%]
;; succ: 115 [70.0% (guessed)] count:1263844 (estimated locally)
(TRUE_VALUE,EXECUTABLE)
;; 116 [30.0% (guessed)] count:541647 (estimated locally)
(FALSE_VALUE,EXECUTABLE)
;; basic block 115, loop depth 0, count 1263844 (estimated locally), maybe
hot
;; prev block 114, next block 116, flags: (NEW, REACHABLE, VISITED)
;; pred: 114 [70.0% (guessed)] count:1263844 (estimated locally)
(TRUE_VALUE,EXECUTABLE)
_234 = MEM[(const struct vec *)_233].m_vecpfx.m_num;
;; succ: 116 [always] count:1263844 (estimated locally)
(FALLTHRU,EXECUTABLE)
;; basic block 116, loop depth 0, count 1805491 (estimated locally), maybe
hot
;; prev block 115, next block 117, flags: (NEW, REACHABLE, VISITED)
;; pred: 114 [30.0% (guessed)] count:541647 (estimated locally)
(FALSE_VALUE,EXECUTABLE)
;; 115 [always] count:1263844 (estimated locally)
(FALLTHRU,EXECUTABLE)
# iftmp.22_235 = PHI <0(114), _234(115)>
_51 = iftmp.22_235 + 4294967294;
_232 = _233->m_vecpfx.m_num;
if (_51 >= _232)
goto <bb 117>; [0.00%]
else
goto <bb 118>; [100.00%]
;; succ: 117 [never] count:0 (precise) (TRUE_VALUE,EXECUTABLE)
;; 118 [always] count:1805491 (estimated locally)
(FALSE_VALUE,EXECUTABLE)
;; basic block 117, loop depth 0, count 0 (precise), probably never executed
;; prev block 116, next block 118, flags: (NEW, REACHABLE, VISITED)
;; pred: 116 [never] count:0 (precise) (TRUE_VALUE,EXECUTABLE)
vec<basic_block_def*, va_heap,
vl_embed>::_ZN3vecIP15basic_block_def7va_heap8vl_embedEixEj.part.0 ();
;; succ:
;; basic block 118, loop depth 0, count 1805491 (estimated locally), maybe
hot
;; prev block 117, next block 119, flags: (NEW, REACHABLE, VISITED)
;; pred: 116 [always] count:1805491 (estimated locally)
(FALSE_VALUE,EXECUTABLE)
_52 = MEM <struct vec> [(struct basic_block_def * const
&)_233].m_vecdata[_51];
I can't see from the dumps what threadfull1 does but I think it must somehow
just key on
# iftmp.22_235 = PHI <0(114), _234(115)>
_51 = iftmp.22_235 + 4294967294;
_232 = _233->m_vecpfx.m_num;
if (_51 >= _232)
goto <bb 117>; [0.00%]
simplifying 4294967294 >= _232 on the edge from 114? But maybe the
wrong-doing already starts earlier, but disabling ethread doesn't hide the
diagnostic.
More information about the Gcc-bugs
mailing list