http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46029
--- Comment #1 from Zdenek Sojka <zsojka at seznam dot cz> 2010-10-15 00:53:15 UTC --- Created attachment 22048 --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=22048 hopefully reduced testcase $ g++ -O -ftree-loop-if-convert-stores pr46029.C $ ./a.out Segmentation fault In the assembly, with -ftree-loop-if-convert-stores, "nd_it.get_l_child ().get_metadata ()" in apply_update() is loaded unconditionally. 62a64 > mov esi, 0 # tmp69, 64,69c66,70 < mov rcx, QWORD PTR [rax] # D.2294, p_nd_32->m_p_left < mov edx, 0 # l_max_endpoint, < test rcx, rcx # D.2294 < je .L3 #, < mov edx, DWORD PTR [rcx+16] # l_max_endpoint, MEM[(unsigned int &)D.2294_12 + 16] < .L3: --- > mov rdx, QWORD PTR [rax] # D.2294, p_nd_32->m_p_left > mov ecx, DWORD PTR [rdx+16] # l_max_endpoint, MEM[(unsigned int > &)D.2294_12 + 16] > test rdx, rdx # D.2294 > mov edx, esi # l_max_endpoint, tmp69 > cmovne edx, ecx # l_max_endpoint,, l_max_endpoint In the first case, memory is not accessed if the pointer is NULL, but in the second, "mov ecx, DWORD PTR [rdx+16]" reads invalid memory.
