Fix use after free in vector_size change

I noticed yesterday that r277235 was a bit too mechanical and ended up
introducing use after free bugs in both loop and SLP vectorisation.
Sorry for the stupid mistake. :-(

Moving "next_size += 1" down isn't part of the fix, but it seemed odd
to keep it where it was after moving the "next_size == 0" stuff up.

Tested on aarch64-linux-gnu and x86_64-linux-gnu.  OK to install?

Richard


2019-10-22  Richard Sandiford  <richard.sandiford@arm.com>

gcc/
	* tree-vect-slp.c (vect_slp_bb_region): Check whether
	autodetected_vector_size rather than vector_size is zero.
	* tree-vect-loop.c (vect_analyze_loop): Likewise.
	Set autodetected_vector_size immediately after calling
	vect_analyze_loop_2.  Check for a fatal error before advancing
	next_size.

On Tue, Oct 22, 2019 at 9:25 AM Richard Sandiford
<richard.sandiford@arm.com> wrote:
>
> I noticed yesterday that r277235 was a bit too mechanical and ended up
> introducing use after free bugs in both loop and SLP vectorisation.
> Sorry for the stupid mistake. :-(
>
> Moving "next_size += 1" down isn't part of the fix, but it seemed odd
> to keep it where it was after moving the "next_size == 0" stuff up.
>
> Tested on aarch64-linux-gnu and x86_64-linux-gnu.  OK to install?

OK.

Richard.

> Richard
>
>
> 2019-10-22  Richard Sandiford  <richard.sandiford@arm.com>
>
> gcc/
>         * tree-vect-slp.c (vect_slp_bb_region): Check whether
>         autodetected_vector_size rather than vector_size is zero.
>         * tree-vect-loop.c (vect_analyze_loop): Likewise.
>         Set autodetected_vector_size immediately after calling
>         vect_analyze_loop_2.  Check for a fatal error before advancing
>         next_size.
>
> Index: gcc/tree-vect-slp.c
> ===================================================================
> --- gcc/tree-vect-slp.c 2019-10-22 08:21:31.000000000 +0100
> +++ gcc/tree-vect-slp.c 2019-10-22 08:21:31.474357917 +0100
> @@ -3043,7 +3043,7 @@ vect_slp_bb_region (gimple_stmt_iterator
>
>        if (vectorized
>           || next_size == vector_sizes.length ()
> -         || known_eq (bb_vinfo->vector_size, 0U)
> +         || known_eq (autodetected_vector_size, 0U)
>           /* If vect_slp_analyze_bb_1 signaled that analysis for all
>              vector sizes will fail do not bother iterating.  */
>           || fatal)
> Index: gcc/tree-vect-loop.c
> ===================================================================
> --- gcc/tree-vect-loop.c        2019-10-22 08:21:31.000000000 +0100
> +++ gcc/tree-vect-loop.c        2019-10-22 08:21:31.474357917 +0100
> @@ -2354,6 +2354,9 @@ vect_analyze_loop (class loop *loop, loo
>         LOOP_VINFO_ORIG_LOOP_INFO (loop_vinfo) = orig_loop_vinfo;
>
>        opt_result res = vect_analyze_loop_2 (loop_vinfo, fatal, &n_stmts);
> +      if (next_size == 0)
> +       autodetected_vector_size = loop_vinfo->vector_size;
> +
>        if (res)
>         {
>           LOOP_VINFO_VECTORIZABLE_P (loop_vinfo) = 1;
> @@ -2379,21 +2382,18 @@ vect_analyze_loop (class loop *loop, loo
>        else
>         delete loop_vinfo;
>
> -      if (next_size == 0)
> -       autodetected_vector_size = loop_vinfo->vector_size;
> -
> -      if (next_size < vector_sizes.length ()
> -         && known_eq (vector_sizes[next_size], autodetected_vector_size))
> -       next_size += 1;
> -
>        if (fatal)
>         {
>           gcc_checking_assert (first_loop_vinfo == NULL);
>           return opt_loop_vec_info::propagate_failure (res);
>         }
>
> +      if (next_size < vector_sizes.length ()
> +         && known_eq (vector_sizes[next_size], autodetected_vector_size))
> +       next_size += 1;
> +
>        if (next_size == vector_sizes.length ()
> -         || known_eq (loop_vinfo->vector_size, 0U))
> +         || known_eq (autodetected_vector_size, 0U))
>         {
>           if (first_loop_vinfo)
>             {