https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78548
Aldy Hernandez <aldyh at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|c |middle-end --- Comment #6 from Aldy Hernandez <aldyh at gcc dot gnu.org> --- Among other things, the main problem here is that we save all the pred_chains from preds[] into s_preds[], then we free all said pred_chains with destroy_predicate_vecs(), but still keep a copy of the pred_chains in s_preds, which we later try to free from normalize_preds(): /* Now clean up the chain. */ if (simplified) { for (i = 0; i < n; i++) { if ((*preds)[i].is_empty ()) continue; s_preds.safe_push ((*preds)[i]); // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ // Makes a copy of the pred_chain. } destroy_predicate_vecs (preds); // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ // free() all the pred_chain's. (*preds) = s_preds; // ^^^^^^^^^^^^^^^^^^^^^^ // Wait a minute, we still keep a copy of the pred_chains. s_preds = vNULL; } I have no idea how this worked even before my patch. I'm testing a fix.