[Bug c/33107] New: segfault in garbage collector

[Bug c/33107] New: segfault in garbage collector

[marcus at jet dot franken dot de]

Between r127488 and r127491 I am starting to get:
$ LANG=C /home/marcus/projects/gcc/BIN/bin/gcc -m32 -c -I. -I. -I../../include
-I../../include  -D__WINESRC__ -D_USER32_ -D_WINABLE_ -D_REENTRANT -fPIC -Wall
-pipe -fno-strict-aliasing -Wdeclaration-after-statement -Wwrite-strings
-Wpointer-arith  -fstack-protector -D_FORTIFY_SOURCE=2 -O2 -Wall -g  -o
network.o network.c
network.c: In function 'WNetGetConnection16':
network.c:211: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <URL:http://gcc.gnu.org/bugs.html> for instructions.
$

Unfortunately it only happens with full C source. Backtrace:
gdb
/home/marcus/projects/gcc/BIN/libexec/gcc/x86_64-unknown-linux-gnu/4.3.0/cc1
(gdb) r -quiet -v -I. -I. -I../../include -I../../include -imultilib 32
-D__WINESRC__ -D_USER32_ -D_WINABLE_ -D_REENTRANT -D_FORTIFY_SOURCE=2 network.c
-quiet -dumpbase network.c -m32 -mtune=generic -auxbase-strip network.o -g -O2
-Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wall -version
-fPIC -fno-strict-aliasing -fstack-protector -o /dev/null
Program received signal SIGSEGV, Segmentation fault.
ggc_set_mark (p=0x107719a) at /home/marcus/projects/gcc/gcc/ggc-page.c:595
595       while (table->high_bits != high_bits)
(gdb) bt
#0  ggc_set_mark (p=0x107719a) at /home/marcus/projects/gcc/gcc/ggc-page.c:595
#1  0x000000000041f0c5 in gt_ggc_mx_lang_tree_node (x_p=<value optimized out>)
at ./gt-c-decl.h:75
#2  0x00000000005fa7ca in gt_ggc_mx_tree_ann_d (x_p=<value optimized out>) at
gtype-desc.c:702
#3  0x000000000041fed5 in gt_ggc_mx_lang_tree_node (x_p=<value optimized out>)
at ./gt-c-decl.h:389
#4  0x00000000005f1fa9 in gt_ggc_mx_cgraph_edge (x_p=<value optimized out>) at
gtype-desc.c:158
#5  0x00000000005f1e01 in gt_ggc_mx_cgraph_node (x_p=<value optimized out>) at
gtype-desc.c:182
#6  0x00000000005f20ae in gt_ggc_m_P11cgraph_node4htab (x_p=<value optimized
out>) at gtype-desc.c:1935
#7  0x00000000005d019f in ggc_mark_roots () at
/home/marcus/projects/gcc/gcc/ggc-common.c:117
#8  0x000000000048e9aa in ggc_collect () at
/home/marcus/projects/gcc/gcc/ggc-page.c:1905
#9  0x0000000000625965 in execute_todo (flags=3) at
/home/marcus/projects/gcc/gcc/passes.c:999
#10 0x0000000000625e9a in execute_one_pass (pass=0xe7ed80) at
/home/marcus/projects/gcc/gcc/passes.c:1130
#11 0x0000000000626020 in execute_pass_list (pass=0xe7ed80) at
/home/marcus/projects/gcc/gcc/passes.c:1161
#12 0x0000000000626035 in execute_pass_list (pass=0xe7e2e0) at
/home/marcus/projects/gcc/gcc/passes.c:1162
#13 0x0000000000626035 in execute_pass_list (pass=0xe7e280) at
/home/marcus/projects/gcc/gcc/passes.c:1162
#14 0x00000000006fc6ba in tree_rest_of_compilation (fndecl=0x2b08b4f52a00) at
/home/marcus/projects/gcc/gcc/tree-optimize.c:405
#15 0x0000000000856ad0 in cgraph_expand_function (node=0x2b08b4fb6800) at
/home/marcus/projects/gcc/gcc/cgraphunit.c:1077
#16 0x0000000000858fba in cgraph_optimize () at
/home/marcus/projects/gcc/gcc/cgraphunit.c:1146
#17 0x000000000041599e in c_write_global_declarations () at
/home/marcus/projects/gcc/gcc/c-decl.c:7897
#18 0x00000000006a3d7d in toplev_main (argc=<value optimized out>, argv=<value
optimized out>)
    at /home/marcus/projects/gcc/gcc/toplev.c:1056
#19 0x00002b08b4268ae4 in __libc_start_main () from /lib64/libc.so.6
#20 0x0000000000403ee9 in _start ()


I bisected across gcc/Changelog and it happens after this commit:



@@ -1,3 +1,22 @@
+2007-08-14  Daniel Berlin  <dberlin@dberlin.org>
+
+       * tree-pass.h (PROP_pta): Removed.
+       (TODO_rebuild_alias): New.
+       (pass_may_alias): Removed.
+       * tree-ssa-ccp.c (execute_fold_all_builtins): Only rebuild
+       aliasing if we changed something.
+       * tree-ssa-alias.c (compute_may_aliases): Make non-static.  Update
+       SSA internally.
+       (pass_may_alias): Removed.
+       (create_structure_vars): Return TODO_rebuild_alias.
+       * tree-ssa-pre.c (do_pre): Return TODO_rebuild_alias.
+       * tree-sra.c (tree_sra): Only rebuild aliasing if something
+       changed.
+       (tree_sra_early): We never affect aliasing right now.
+       * tree-flow.h (compute_may_aliases): New prototype.
+       * passes.c: Remove pass_may_alias from the passes.
+       (execute_function_todo): Support TODO_rebuild_alias.    
+


-- 
           Summary: segfault in garbage collector
           Product: gcc
           Version: 4.3.0
            Status: UNCONFIRMED
          Severity: blocker
          Priority: P3
         Component: c
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: marcus at jet dot franken dot de
 GCC build triplet: x86_64-unknown-linux-gnu
  GCC host triplet: x86_64-unknown-linux-gnu
GCC target triplet: x86_64-unknown-linux-gnu


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=33107

[Bug tree-optimization/33107] [4.3 regression] segfault in garbage collector

[pinskia at gcc dot gnu dot org]

-- 

pinskia at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |pinskia at gcc dot gnu dot
                   |                            |org
           Severity|blocker                     |normal
          Component|c                           |tree-optimization
           Keywords|                            |GC, ice-on-valid-code
            Summary|segfault in garbage         |[4.3 regression] segfault in
                   |collector                   |garbage collector
   Target Milestone|---                         |4.3.0


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=33107

[Bug tree-optimization/33107] [4.3 regression] segfault in garbage collector

[pinskia at gcc dot gnu dot org]

------- Comment #1 from pinskia at gcc dot gnu dot org  2007-08-18 17:25 -------
> Unfortunately it only happens with full C source.

Stll attach the preprocessed source, I know how to handle GC issues.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=33107

[Bug tree-optimization/33107] [4.3 regression] segfault in garbage collector

[marcus at jet dot franken dot de]

------- Comment #2 from marcus at jet dot franken dot de  2007-08-18 17:36 -------
Created an attachment (id=14073)
 --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=14073&action=view)
network.i

needs a i386 target build (-m32 on x86_64)


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=33107

[Bug tree-optimization/33107] [4.3 regression] segfault in garbage collector

[mmitchel at gcc dot gnu dot org]

-- 

mmitchel at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P3                          |P1


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=33107

[Bug tree-optimization/33107] [4.3 regression] segfault in garbage collector

[jakub at gcc dot gnu dot org]

------- Comment #3 from jakub at gcc dot gnu dot org  2007-09-05 13:59 -------
This testcase with ENABLE_GC_ALWAYS_COLLECT ICEs here in validate_free_objects
in r127491, but is cured by the
http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=127946
fix, at which point it compiles just fine with always collect.

Marcus, if you can still reproduce it with r127491 on the original
non-preprocessed testcase, can you please apply the r127946 fix and retry?


-- 

jakub at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |WAITING


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=33107

[Bug tree-optimization/33107] [4.3 regression] segfault in garbage collector

[jakub at gcc dot gnu dot org]

------- Comment #4 from jakub at gcc dot gnu dot org  2007-09-05 14:03 -------
Given the backtrace I believe it is the same issue, particularly that
__builtin___strcpy_chk call was folded into __builtin_strcpy, set_rhs
copied over the annotations from the former to the latter CALL_EXPR, but
cgraph_edge still contained a pointer to the old CALL_EXPR.  When clearing
up annotations, delete_tree_cfg_annotations would ggc_free the annotation
from latter CALL_EXPR and later on during ggc_collect when marking the
cgraph_edge's call_stmt GC crashed, because we were trying to mark something
that has been already ggc_freed.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=33107

[Bug tree-optimization/33107] [4.3 regression] segfault in garbage collector

[marcus at jet dot franken dot de]

------- Comment #5 from marcus at jet dot franken dot de  2007-09-05 15:22 -------
its was happening for various SVN revisions, and now no longer does.

And there is a strcpy() in the function, so it might just be the same.

I guess it is fixed :)


-- 

marcus at jet dot franken dot de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|WAITING                     |RESOLVED
         Resolution|                            |FIXED


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=33107