https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89283
David Malcolm <dmalcolm at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dmalcolm at gcc dot gnu.org --- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> --- At 008t.lower we have: sz (int i0) { int D.1911; D.1911 = zn (); goto <D.1912>; _1 = i0 + 1; _2 = zn (); _3 = _1 >= _2; D.1911 = (int) _3; goto <D.1912>; <D.1912>: return D.1911; } It then tried to build the CFG, but dies verifying it, accessing a freed SSA_NAME: (gdb) call debug_tree (t) <ssa_name 0x7ffff18b7cf0 nothrow def_stmt version:1 in-free-list> The SSA_NAME is freed because the BB is deleted during CFG creation, in cleanup_control_flow_pre here: 780 basic_block bb = BASIC_BLOCK_FOR_FN (cfun, i); 781 if (bb && !bitmap_bit_p (visited, bb->index)) 782 { 783 if (!retval) 784 free_dominance_info (CDI_DOMINATORS); 785 delete_basic_block (bb); 786 retval = true; 787 } Presumably that code needs to handle whatever it is that "returns_twice" does to the function.