[Bug c/53541] New: gcc-4.6.2 segfaults on dumping tree information

[konstantin.vladimirov at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53541

             Bug #: 53541
           Summary: gcc-4.6.2 segfaults on dumping tree information
    Classification: Unclassified
           Product: gcc
           Version: 4.6.2
            Status: UNCONFIRMED
          Severity: major
          Priority: P3
         Component: c
        AssignedTo: unassig...@gcc.gnu.org
        ReportedBy: konstantin.vladimi...@gmail.com


consider simple reproduction:

{code}
struct atexit {
 struct atexit *next;
};

struct atexit *__atexit;

void *
test(void *dso)
{
  struct atexit *p = 0, *q = 0;
  if (dso == (void *)0)
    {
      for (p = __atexit; p != ((void *)0); )
        {
          q = p;
          p = p->next;
        }
    }
  return (void *)p;
}
{code}

We will use gcc-4.6.2 on x86:

tilir@kivladimirov ~/research/5368 $ ~/4.6-toolset/bin/gcc --version
gcc (GCC) 4.6.2
Copyright (C) 2011 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiling with appropriate command line and see segfault:

$ gcc -m32 -O2 -fomit-frame-pointer -fdump-tree-all-lineno-details -flto
repro.c -S
repro.c: In function ‘test’:
repro.c:20:1: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.

Lets look some deeper:

run cc1 with

{noformat}
$ /home/tilir/4.6-toolset/libexec/gcc/x86_64-unknown-linux-gnu/4.6.2/cc1 -m32
-march=x86-64 -O2 -fomit-frame-pointer -fdump-tree-all-lineno-details -flto
repro.c

Analyzing compilation unit
Performing interprocedural optimizations
 <*free_lang_data> <visibility> <early_local_cleanups>
repro.c: In function ‘test’:
repro.c:20:1: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.
{noformat}

using GDB it is easy to see, that segfault is on line tree-pretty-print.c:1176
When GCC trying to calculate TREE_TYPE (TREE_TYPE (TREE_OPERAND (op0, 0)) it
segfaults because TREE_CODE( TREE_OPERAND (op0, 0)) is SSA_NAME, thus TREE_TYPE
(TREE_OPERAND (op0, 0) is 0, thus double TREE_TYPE is segfault.

I not sure how to correct it better -- may be add explicit check of SSA_NAME
case? But what is reason of SSA_NAME node arising here?