[Bug debug/43540] New: ICE: vector VEC(dw_cfi_ref,heap) grow domain error, in output_cfis at dwarf2out.c:3346 or OOM-killed

[Bug debug/43540] New: ICE: vector VEC(dw_cfi_ref,heap) grow domain error, in output_cfis at dwarf2out.c:3346 or OOM-killed

[zsojka at seznam dot cz]

Command line:
$ CXX="/mnt/svn/gcc-trunk/binary-157723-lto/bin/g++"
$ FLAGS="-O1 -freorder-blocks-and-partition -ftree-vectorize
-fgraphite-identity -m32 -mstackrealign"
$ $CXX -fprofile-arcs $FLAGS testcase.c
$ ./a.out
$ $CXX -fprofile-use $FLAGS testcase.c
testcase.c: In function 'int test_for2(int, int)':
testcase.c:10:1: internal compiler error: vector VEC(dw_cfi_ref,heap) grow
domain error, in output_cfis at dwarf2out.c:3346
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.

The worse situation is when gcc is OOM-killed, or shows error message about not
being able to allocate (random big number) bytes of memory:
cc1plus: out of memory allocating 1305533456 bytes after a total of 0 bytes

What happens is random, but "echo 0 > /proc/sys/kernel/randomize_va_space"
seems to prevent the random behaviour.

Tested revisions:
r157723 - crash
r157460 - crash
r157326 - crash
r157161 - OK
r156293 - OK
r153685 - OK

Valgrind doesn't show any warning


-- 
           Summary: ICE: vector VEC(dw_cfi_ref,heap) grow domain error, in
                    output_cfis at dwarf2out.c:3346 or OOM-killed
           Product: gcc
           Version: 4.5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: debug
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: zsojka at seznam dot cz
  GCC host triplet: x86_64-pc-linux-gnu
GCC target triplet: x86_64-pc-linux-gnu


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43540

[Bug debug/43540] ICE: vector VEC(dw_cfi_ref,heap) grow domain error, in output_cfis at dwarf2out.c:3346 or OOM-killed

[zsojka at seznam dot cz]

------- Comment #1 from zsojka at seznam dot cz  2010-03-26 13:55 -------
Created an attachment (id=20210)
 --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=20210&action=view)
reduced testcase


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43540

[Bug debug/43540] ICE: vector VEC(dw_cfi_ref,heap) grow domain error, in output_cfis at dwarf2out.c:3346 or OOM-killed

[jakub at gcc dot gnu dot org]

------- Comment #2 from jakub at gcc dot gnu dot org  2010-03-26 14:39 -------
Can't reproduce this (ran cc1plus in a loop, still haven't reproduced after
several minutes).


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43540

[Bug debug/43540] ICE: vector VEC(dw_cfi_ref,heap) grow domain error, in output_cfis at dwarf2out.c:3346 or OOM-killed

[zsojka at seznam dot cz]

------- Comment #3 from zsojka at seznam dot cz  2010-03-26 14:56 -------
Created an attachment (id=20211)
 --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=20211&action=view)
generated profile data

It can be reproduced only when compiled as C++ code.

With this profile file and file from comment #1, I get:

$ /mnt/svn/gcc-trunk/binary-157723-lto/bin/g++ -O1
-freorder-blocks-and-partition -ftree-vectorize -fgraphite-identity -m32
-mstackrealign -fprofile-use pr43540.C -v
Using built-in specs.
COLLECT_GCC=/mnt/svn/gcc-trunk/binary-157723-lto/bin/g++
COLLECT_LTO_WRAPPER=/mnt/svn/gcc-trunk/binary-157723-lto/libexec/gcc/x86_64-unknown-linux-gnu/4.5.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: /mnt/svn/gcc-trunk/configure --enable-languages=c,c++,lto
--prefix=/mnt/svn/gcc-trunk/binary-157723-lto
Thread model: posix
gcc version 4.5.0 20100325 (experimental) (GCC) 
COLLECT_GCC_OPTIONS='-O1' '-freorder-blocks-and-partition' '-ftree-vectorize'
'-fgraphite-identity' '-m32' '-mstackrealign' '-fprofile-use' '-v'
'-shared-libgcc' '-mtune=generic' '-march=x86-64'

/mnt/svn/gcc-trunk/binary-157723-lto/libexec/gcc/x86_64-unknown-linux-gnu/4.5.0/cc1plus
-quiet -v -imultilib 32 -D_GNU_SOURCE pr43540.C -quiet -dumpbase pr43540.C -m32
-mstackrealign -mtune=generic -march=x86-64 -auxbase pr43540 -O1 -version
-freorder-blocks-and-partition -ftree-vectorize -fgraphite-identity
-fprofile-use -o /tmp/cci7jSME.s
GNU C++ (GCC) version 4.5.0 20100325 (experimental) (x86_64-unknown-linux-gnu)
        compiled by GNU C version 4.5.0 20100325 (experimental), GMP version
4.3.2, MPFR version 2.4.2-p3, MPC version 0.8.1
GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096
ignoring nonexistent directory "/usr/local/include"
ignoring nonexistent directory
"/mnt/svn/gcc-trunk/binary-157723-lto/lib/gcc/x86_64-unknown-linux-gnu/4.5.0/../../../../x86_64-unknown-linux-gnu/include"
#include "..." search starts here:
#include <...> search starts here:

/mnt/svn/gcc-trunk/binary-157723-lto/lib/gcc/x86_64-unknown-linux-gnu/4.5.0/../../../../include/c++/4.5.0

/mnt/svn/gcc-trunk/binary-157723-lto/lib/gcc/x86_64-unknown-linux-gnu/4.5.0/../../../../include/c++/4.5.0/x86_64-unknown-linux-gnu/32

/mnt/svn/gcc-trunk/binary-157723-lto/lib/gcc/x86_64-unknown-linux-gnu/4.5.0/../../../../include/c++/4.5.0/backward
 /mnt/svn/gcc-trunk/binary-157723-lto/include

/mnt/svn/gcc-trunk/binary-157723-lto/lib/gcc/x86_64-unknown-linux-gnu/4.5.0/include

/mnt/svn/gcc-trunk/binary-157723-lto/lib/gcc/x86_64-unknown-linux-gnu/4.5.0/include-fixed
 /usr/include
End of search list.
GNU C++ (GCC) version 4.5.0 20100325 (experimental) (x86_64-unknown-linux-gnu)
        compiled by GNU C version 4.5.0 20100325 (experimental), GMP version
4.3.2, MPFR version 2.4.2-p3, MPC version 0.8.1
GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096
Compiler executable checksum: c5e882d80018cd4c9e542f2a29b233c3
pr43540.C: In function 'int foo(int, int)':
pr43540.C:10:1: internal compiler error: vector VEC(dw_cfi_ref,heap) grow
domain error, in output_cfis at dwarf2out.c:3346
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43540

[Bug debug/43540] ICE: vector VEC(dw_cfi_ref,heap) grow domain error, in output_cfis at dwarf2out.c:3346 or OOM-killed

[rguenth at gcc dot gnu dot org]

------- Comment #4 from rguenth at gcc dot gnu dot org  2010-03-26 14:58 -------
I can't reproduce this either but regs seems to leak in that function.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43540

[Bug debug/43540] ICE: vector VEC(dw_cfi_ref,heap) grow domain error, in output_cfis at dwarf2out.c:3346 or OOM-killed

[zsojka at seznam dot cz]

------- Comment #5 from zsojka at seznam dot cz  2010-03-26 15:07 -------
Created an attachment (id=20212)
 --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=20212&action=view)
reduced executable testcase

This testcase aborts for me when compiled with -fprofile-use, but works with
-fprofile-arcs


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43540

[Bug debug/43540] ICE: vector VEC(dw_cfi_ref,heap) grow domain error, in output_cfis at dwarf2out.c:3346 or OOM-killed

[zsojka at seznam dot cz]

------- Comment #6 from zsojka at seznam dot cz  2010-03-26 15:17 -------
(From update of attachment 20212)
The testcase is invalid


-- 

zsojka at seznam dot cz changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #20212|0                           |1
        is obsolete|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43540

[Bug debug/43540] ICE: vector VEC(dw_cfi_ref,heap) grow domain error, in output_cfis at dwarf2out.c:3346 or OOM-killed

[jakub at gcc dot gnu dot org]

------- Comment #7 from jakub at gcc dot gnu dot org  2010-03-26 15:51 -------
Created an attachment (id=20214)
 --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=20214&action=view)
gcc45-pr43540.patch

Ah, finally managed to reproduce it.  The problem seems to be in confusion
about the operand order for DW_CFA_expression.  The code that creates
DW_CFA_expression as well as the consumers were using operand1 for location and
operand2 for regnum, while in DWARF standard DW_CFA_expression has first
argument regnum and second block, and I assumed that too when writing
output_cfis.  While changing output_cfis would be probably tiny bit shorter, I
think it is really terribly confusing and a maintainance nightmare if
DW_CFA_expression is the only code where the order of operands in GCC internal
representation doesn't match the order of operands emitted.


-- 

jakub at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|unassigned at gcc dot gnu   |jakub at gcc dot gnu dot org
                   |dot org                     |
             Status|UNCONFIRMED                 |ASSIGNED


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43540

[Bug debug/43540] ICE: vector VEC(dw_cfi_ref,heap) grow domain error, in output_cfis at dwarf2out.c:3346 or OOM-killed

[zsojka at seznam dot cz]

------- Comment #8 from zsojka at seznam dot cz  2010-03-26 17:12 -------
Patch from comment #7 seems to solve the isue even for the nonreduced testcase.
Thanks


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43540

[Bug debug/43540] ICE: vector VEC(dw_cfi_ref,heap) grow domain error, in output_cfis at dwarf2out.c:3346 or OOM-killed

[jakub at gcc dot gnu dot org]

------- Comment #9 from jakub at gcc dot gnu dot org  2010-03-26 20:54 -------
Subject: Bug 43540

Author: jakub
Date: Fri Mar 26 20:53:58 2010
New Revision: 157762

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=157762
Log:
        PR debug/43540
        * dwarf2out.c (reg_save): For DW_CFA_expression put regnum
        into first operand and location into second.
        (dw_cfi_oprnd1_desc): Return dw_cfi_oprnd_reg_num instead of
        dw_cfi_oprnd_loc for DW_CFA_expression.
        (dw_cfi_oprnd2_desc): Return dw_cfi_oprnd_loc for DW_CFA_expression.
        (output_cfa_loc, output_cfa_loc_raw): For DW_CFA_expression
        assume first argument is regnum and second argument is location.

Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/dwarf2out.c


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43540

[Bug debug/43540] ICE: vector VEC(dw_cfi_ref,heap) grow domain error, in output_cfis at dwarf2out.c:3346 or OOM-killed

[jakub at gcc dot gnu dot org]

------- Comment #10 from jakub at gcc dot gnu dot org  2010-05-19 14:56 -------
Fixed.


-- 

jakub at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED
   Target Milestone|---                         |4.5.0


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43540