O3 during RTL pass: pro_and_epilogue

jeevitha at gcc dot gnu.org via Gcc-bugs Wed, 18 Feb 2026 20:38:43 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121843


--- Comment #2 from Jeevitha <jeevitha at gcc dot gnu.org> ---
The ICE occurs during the shrink-wrapping phase of the pro_and_epilogue pass.

After shrink-wrapping completes, the pass attempts to insert
NOTE_INSN_PROLOGUE_END and NOTE_INSN_EPILOGUE_BEG notes. The epilogue
note insertion between BB5 and EXIT succeeds normally. However, when
inserting the prologue note on the BB6 → BB2 edge, the note is inserted
before insn 54 (pc=L5), which is a jump instruction.

Since there is no non-note instruction preceding this jump,
prev_nonnote_insn(before) returns NULL, leaving last NULL. The
subsequent call to returnjump_p(last) then dereferences a NULL pointer,
triggering the ICE.

RTL (pro_and_epilogue)

    1: NOTE_INSN_DELETED
    2: NOTE_INSN_FUNCTION_BEG
   53: NOTE_INSN_BASIC_BLOCK 6
   60: NOTE_INSN_PROLOGUE_END        <-- NOTE inserted here (no prior non-note
insn)
   54: pc=L5                         <-- jump instruction immediately follows
   57: L57:
   56: NOTE_INSN_BASIC_BLOCK 7
   51: %r23:DI=[%r1:DI-0x48]
      REG_CFA_RESTORE %r23:DI
    5: L5:
    6: NOTE_INSN_BASIC_BLOCK 2
    7: debug begin stmt marker
    8: {asm_operands;clobber ca:SI;}
      REG_LABEL_TARGET code_label

Relevant code in commit_one_edge_insertion (cfgrtl.cc):

  if (before)
    {
      emit_insn_before_noloc (insns, before, bb); /* NOTE_INSN_PROLOGUE_END
inserted here */
      last = prev_nonnote_insn (before);          /* Returns NULL → last is
NULL */
    }
  else
    last = emit_insn_after_noloc (insns, after, bb);
  if (returnjump_p (last))  /* NULL dereference → ICE */

With -fno-omit-frame-pointer, stack-pointer update instructions are emitted
before the jump, so prev_nonnote_insn returns a valid insn and the ICE is
avoided:

RTL (pro_and_epilogue) with -fno-omit-frame-pointer:

    1: NOTE_INSN_DELETED
    2: NOTE_INSN_FUNCTION_BEG
   58: NOTE_INSN_BASIC_BLOCK 2
   65: [%r1:DI-0x8]=%r31:DI
   66: {[%r1:DI-0x80]=%r1:DI;%r1:DI=%r1:DI-0x80;}
      REG_FRAME_RELATED_EXPR %r1:DI=%r1:DI-0x80
   67: %r31:DI=%r1:DI
   68: NOTE_INSN_PROLOGUE_END         <-- NOTE safely inserted after real insns
   59: pc=L5
   62: L62:
   61: NOTE_INSN_BASIC_BLOCK 3
   56: %r23:DI=[%r31:DI+0x38]
      REG_CFA_RESTORE %r23:DI

[Bug target/121843] PowerPC64: trigger error at -O1/O2/O3 during RTL pass: pro_and_epilogue

Reply via email to