https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105431
Bug ID: 105431 Summary: ICE: SIGSEGV in powi_as_mults_1 (tree-ssa-math-opts.cc:1512) with -Ofast and __builtin_pow() Product: gcc Version: 13.0 Status: UNCONFIRMED Keywords: ice-on-valid-code Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: zsojka at seznam dot cz Target Milestone: --- Host: x86_64-pc-linux-gnu Target: x86_64-pc-linux-gnu Created attachment 52903 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52903&action=edit reduced testcase This might be related to PR105368; on 11-branch and older, the other PR is triggered. The failing address is also very similar to the other PR. This fails for me only with a bootstrapped compiler; there might be another UB that is exploited only when bootstrapping. $ x86_64-pc-linux-gnu-gcc -Ofast testcase.c -wrapper valgrind,-q ==24694== Invalid read of size 1 ==24694== at 0x158683D: powi_as_mults_1(gimple_stmt_iterator*, unsigned int, tree_node*, long, tree_node**) (tree-ssa-math-opts.cc:1512) ==24694== by 0x158B56E: powi_as_mults(gimple_stmt_iterator*, unsigned int, tree_node*, long) (tree-ssa-math-opts.cc:1551) ==24694== by 0x158C8B1: gimple_expand_builtin_pow(gimple_stmt_iterator*, unsigned int, tree_node*, tree_node*) (tree-ssa-math-opts.cc:2049) ==24694== by 0x158CF59: (anonymous namespace)::pass_cse_sincos::execute(function*) (tree-ssa-math-opts.cc:2317) ==24694== by 0x12EB49A: execute_one_pass(opt_pass*) (passes.cc:2638) ==24694== by 0x12EBD5F: execute_pass_list_1(opt_pass*) (passes.cc:2738) ==24694== by 0x12EBD71: execute_pass_list_1(opt_pass*) (passes.cc:2739) ==24694== by 0x12EBD98: execute_pass_list(function*, opt_pass*) (passes.cc:2749) ==24694== by 0xF15F75: expand (cgraphunit.cc:1835) ==24694== by 0xF15F75: cgraph_node::expand() (cgraphunit.cc:1788) ==24694== by 0xF17536: expand_all_functions (cgraphunit.cc:1999) ==24694== by 0xF17536: symbol_table::compile() [clone .part.0] (cgraphunit.cc:2349) ==24694== by 0xF1A117: compile (cgraphunit.cc:2262) ==24694== by 0xF1A117: symbol_table::finalize_compilation_unit() (cgraphunit.cc:2530) ==24694== by 0x13F3E1F: compile_file() (toplev.cc:479) ==24694== Address 0x80000000028ce240 is not stack'd, malloc'd or (recently) free'd ==24694== during GIMPLE pass: sincos testcase.c: In function 'foo': testcase.c:2:1: internal compiler error: Segmentation fault 2 | foo (int i) | ^~~ 0x13f3b5f crash_signal /repo/gcc-trunk/gcc/toplev.cc:322 0x158683d powi_as_mults_1 /repo/gcc-trunk/gcc/tree-ssa-math-opts.cc:1512 0x158b56e powi_as_mults(gimple_stmt_iterator*, unsigned int, tree_node*, long) /repo/gcc-trunk/gcc/tree-ssa-math-opts.cc:1551 0x158c8b1 gimple_expand_builtin_pow /repo/gcc-trunk/gcc/tree-ssa-math-opts.cc:2049 0x158cf59 execute /repo/gcc-trunk/gcc/tree-ssa-math-opts.cc:2317 Please submit a full bug report, with preprocessed source (by using -freport-bug). Please include the complete backtrace with any bug report. See <https://gcc.gnu.org/bugs/> for instructions. $ x86_64-pc-linux-gnu-gcc -v Using built-in specs. COLLECT_GCC=/repo/gcc-trunk/binary-trunk-r13-21-20220428204650-g9ae8b993cd3-checking-yes-rtl-df-extra-amd64/bin/x86_64-pc-linux-gnu-gcc COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r13-21-20220428204650-g9ae8b993cd3-checking-yes-rtl-df-extra-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/13.0.0/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++ --enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra --with-cloog --with-ppl --with-isl --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --target=x86_64-pc-linux-gnu --with-ld=/usr/bin/x86_64-pc-linux-gnu-ld --with-as=/usr/bin/x86_64-pc-linux-gnu-as --disable-libstdcxx-pch --prefix=/repo/gcc-trunk//binary-trunk-r13-21-20220428204650-g9ae8b993cd3-checking-yes-rtl-df-extra-amd64 Thread model: posix Supported LTO compression algorithms: zlib zstd gcc version 13.0.0 20220428 (experimental) (GCC)