public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/44937] New: crash due to null pointer deref
@ 2010-07-14 18:34 regehr at cs dot utah dot edu
2010-07-15 8:22 ` [Bug tree-optimization/44937] [4.6 Regression] IPA-split causes " rguenth at gcc dot gnu dot org
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: regehr at cs dot utah dot edu @ 2010-07-14 18:34 UTC (permalink / raw)
To: gcc-bugs
[regehr@gamow tmp420]$ current-gcc -v
Using built-in specs.
COLLECT_GCC=current-gcc
COLLECT_LTO_WRAPPER=/uusoc/exports/scratch/regehr/z/compiler-install/gcc-r162143-install/bin/../libexec/gcc/x86_64-unknown-linux-gnu/4.6.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: ../configure --with-libelf=/usr/local --enable-lto
--prefix=/home/regehr/z/compiler-install/gcc-r162143-install
--program-prefix=r162143- --enable-languages=c,c++
Thread model: posix
gcc version 4.6.0 20100713 (experimental) (GCC)
[regehr@gamow tmp420]$ valgrind -q --trace-children=yes current-gcc -O2 small.c
-w
==30337== Invalid read of size 2
==30337== at 0x697485: walk_stmt_load_store_addr_ops (gimple.c:4776)
==30337== by 0x9B3512: rebuild_cgraph_edges (cgraphbuild.c:471)
==30337== by 0x72D5CD: execute_one_pass (passes.c:1565)
==30337== by 0x72D864: execute_pass_list (passes.c:1620)
==30337== by 0x72CACB: do_per_function_toporder (passes.c:1158)
==30337== by 0x72DC85: execute_ipa_pass_list (passes.c:1920)
==30337== by 0x9B8BF0: cgraph_optimize (cgraphunit.c:1851)
==30337== by 0x9B8E4A: cgraph_finalize_compilation_unit (cgraphunit.c:1171)
==30337== by 0x4A7C32: c_write_global_declarations (c-decl.c:9698)
==30337== by 0x7CED29: toplev_main (toplev.c:990)
==30337== by 0x5935ABC: (below main) (libc-start.c:220)
==30337== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==30337==
small.c: In function 'func_4':
small.c:29:1: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.
[regehr@gamow tmp420]$ cat small.c
int g_19;
int *g_42;
int **volatile g = &g_42;
int g_67[5][9][2][1] = {
};
int
func_4 (int p_5, unsigned char p_6, unsigned char p_7)
{
unsigned char l_8[1];
if (p_6)
goto lbl_13;
for (p_6 = 0; p_6; p_6 = (p_6, 0))
if (0)
{
}
else
lbl_13:for (p_6 = 0; p_6 < 1; p_6 += 1)
l_8[p_6] = 0;
return 0;
}
int *
func_45 (unsigned long p_46, unsigned char p_47)
{
int *l_56 = &g_19;
&l_56 != &g | !1 == func_4 (0, g_67[2][6][1][0], 0) ^ func_4 (1, 0, 0);
return 0;
}
--
Summary: crash due to null pointer deref
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: regehr at cs dot utah dot edu
GCC build triplet: x86_64-unknown-linux-gnu
GCC host triplet: x86_64-unknown-linux-gnu
GCC target triplet: x86_64-unknown-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44937
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/44937] [4.6 Regression] IPA-split causes crash due to null pointer deref
2010-07-14 18:34 [Bug c/44937] New: crash due to null pointer deref regehr at cs dot utah dot edu
@ 2010-07-15 8:22 ` rguenth at gcc dot gnu dot org
2010-07-15 9:37 ` hubicka at ucw dot cz
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2010-07-15 8:22 UTC (permalink / raw)
To: gcc-bugs
------- Comment #1 from rguenth at gcc dot gnu dot org 2010-07-15 08:21 -------
Confirmed.
(gdb) call debug_gimple_stmt (stmt)
.MEM_12 = PHI <.MEM_13(D)(2), (3)>
we miss a PHI arg here after splitting the function.
func_4 (int p_5, unsigned char p_6, unsigned char p_7)
{
<bb 2>:
if (p_6_3(D) != 0)
goto <bb 3>;
else
goto <bb 4>;
<bb 3>:
# p_6_10 = PHI <0(2)>
func_4.part.0 ();
<bb 4>:
# .MEM_12 = PHI <.MEM_13(D)(2), (3)>
return 0;
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hubicka at gcc dot gnu dot
| |org
Status|UNCONFIRMED |NEW
Component|c |tree-optimization
Ever Confirmed|0 |1
Last reconfirmed|0000-00-00 00:00:00 |2010-07-15 08:21:55
date| |
Summary|crash due to null pointer |[4.6 Regression] IPA-split
|deref |causes crash due to null
| |pointer deref
Target Milestone|--- |4.6.0
Version|unknown |4.6.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44937
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/44937] [4.6 Regression] IPA-split causes crash due to null pointer deref
2010-07-14 18:34 [Bug c/44937] New: crash due to null pointer deref regehr at cs dot utah dot edu
2010-07-15 8:22 ` [Bug tree-optimization/44937] [4.6 Regression] IPA-split causes " rguenth at gcc dot gnu dot org
@ 2010-07-15 9:37 ` hubicka at ucw dot cz
2010-07-15 9:59 ` rguenth at gcc dot gnu dot org
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: hubicka at ucw dot cz @ 2010-07-15 9:37 UTC (permalink / raw)
To: gcc-bugs
------- Comment #2 from hubicka at ucw dot cz 2010-07-15 09:37 -------
Subject: Re: [4.6 Regression] IPA-split
causes crash due to null pointer deref
> (gdb) call debug_gimple_stmt (stmt)
> .MEM_12 = PHI <.MEM_13(D)(2), (3)>
Hmm, I make no attempts to update alias info. Why return has VOP?
Honza
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44937
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/44937] [4.6 Regression] IPA-split causes crash due to null pointer deref
2010-07-14 18:34 [Bug c/44937] New: crash due to null pointer deref regehr at cs dot utah dot edu
2010-07-15 8:22 ` [Bug tree-optimization/44937] [4.6 Regression] IPA-split causes " rguenth at gcc dot gnu dot org
2010-07-15 9:37 ` hubicka at ucw dot cz
@ 2010-07-15 9:59 ` rguenth at gcc dot gnu dot org
2010-07-15 10:01 ` rguenth at gcc dot gnu dot org
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2010-07-15 9:59 UTC (permalink / raw)
To: gcc-bugs
------- Comment #3 from rguenth at gcc dot gnu dot org 2010-07-15 09:58 -------
It doesn't. It's a PHI node. So I suppose there was a CFG confluence
point here.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44937
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/44937] [4.6 Regression] IPA-split causes crash due to null pointer deref
2010-07-14 18:34 [Bug c/44937] New: crash due to null pointer deref regehr at cs dot utah dot edu
` (2 preceding siblings ...)
2010-07-15 9:59 ` rguenth at gcc dot gnu dot org
@ 2010-07-15 10:01 ` rguenth at gcc dot gnu dot org
2010-07-15 11:31 ` hubicka at ucw dot cz
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2010-07-15 10:01 UTC (permalink / raw)
To: gcc-bugs
------- Comment #4 from rguenth at gcc dot gnu dot org 2010-07-15 10:00 -------
CDDCE removes the single store in the loop but doesn't remove the virtual
PHI nodes. But you still have to deal with them I guess.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44937
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/44937] [4.6 Regression] IPA-split causes crash due to null pointer deref
2010-07-14 18:34 [Bug c/44937] New: crash due to null pointer deref regehr at cs dot utah dot edu
` (3 preceding siblings ...)
2010-07-15 10:01 ` rguenth at gcc dot gnu dot org
@ 2010-07-15 11:31 ` hubicka at ucw dot cz
2010-07-23 12:41 ` rguenth at gcc dot gnu dot org
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: hubicka at ucw dot cz @ 2010-07-15 11:31 UTC (permalink / raw)
To: gcc-bugs
------- Comment #5 from hubicka at ucw dot cz 2010-07-15 11:31 -------
Subject: Re: [4.6 Regression] IPA-split
causes crash due to null pointer deref
> CDDCE removes the single store in the loop but doesn't remove the virtual
> PHI nodes. But you still have to deal with them I guess.
OK, how I deal with those then?
Honza
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44937
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/44937] [4.6 Regression] IPA-split causes crash due to null pointer deref
2010-07-14 18:34 [Bug c/44937] New: crash due to null pointer deref regehr at cs dot utah dot edu
` (4 preceding siblings ...)
2010-07-15 11:31 ` hubicka at ucw dot cz
@ 2010-07-23 12:41 ` rguenth at gcc dot gnu dot org
2010-09-02 10:52 ` rguenth at gcc dot gnu dot org
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2010-07-23 12:41 UTC (permalink / raw)
To: gcc-bugs
------- Comment #6 from rguenth at gcc dot gnu dot org 2010-07-23 12:40 -------
(In reply to comment #5)
> Subject: Re: [4.6 Regression] IPA-split
> causes crash due to null pointer deref
>
> > CDDCE removes the single store in the loop but doesn't remove the virtual
> > PHI nodes. But you still have to deal with them I guess.
> OK, how I deal with those then?
Well, you have to either delete it, update it or avoid splitting.
As I said earlier splitting the edge to the split part if there are PHI
nodes would avoid most of the issues.
> Honza
>
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44937
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/44937] [4.6 Regression] IPA-split causes crash due to null pointer deref
2010-07-14 18:34 [Bug c/44937] New: crash due to null pointer deref regehr at cs dot utah dot edu
` (5 preceding siblings ...)
2010-07-23 12:41 ` rguenth at gcc dot gnu dot org
@ 2010-09-02 10:52 ` rguenth at gcc dot gnu dot org
2010-09-02 13:43 ` rguenth at gcc dot gnu dot org
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2010-09-02 10:52 UTC (permalink / raw)
To: gcc-bugs
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P1
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44937
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/44937] [4.6 Regression] IPA-split causes crash due to null pointer deref
2010-07-14 18:34 [Bug c/44937] New: crash due to null pointer deref regehr at cs dot utah dot edu
` (7 preceding siblings ...)
2010-09-02 13:43 ` rguenth at gcc dot gnu dot org
@ 2010-09-02 13:43 ` rguenth at gcc dot gnu dot org
2010-09-06 13:54 ` rguenth at gcc dot gnu dot org
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2010-09-02 13:43 UTC (permalink / raw)
To: gcc-bugs
------- Comment #7 from rguenth at gcc dot gnu dot org 2010-09-02 13:42 -------
Subject: Bug 44937
Author: rguenth
Date: Thu Sep 2 13:42:25 2010
New Revision: 163775
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=163775
Log:
2010-09-02 Richard Guenther <rguenther@suse.de>
PR tree-optimization/44937
PR tree-optimization/45412
* ipa-split.c (split_function): Properly remove PHI nodes.
* g++.dg/opt/pr45412.C: New testcase.
* gcc.c-torture/compile/pr45412.c: Likewise.
* gcc.c-torture/compile/pr44937.c: Likewise.
Added:
trunk/gcc/testsuite/g++.dg/opt/pr45412.C
trunk/gcc/testsuite/gcc.c-torture/compile/pr44937.c
trunk/gcc/testsuite/gcc.c-torture/compile/pr45412.c
Modified:
trunk/gcc/ChangeLog
trunk/gcc/ipa-split.c
trunk/gcc/testsuite/ChangeLog
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44937
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/44937] [4.6 Regression] IPA-split causes crash due to null pointer deref
2010-07-14 18:34 [Bug c/44937] New: crash due to null pointer deref regehr at cs dot utah dot edu
` (6 preceding siblings ...)
2010-09-02 10:52 ` rguenth at gcc dot gnu dot org
@ 2010-09-02 13:43 ` rguenth at gcc dot gnu dot org
2010-09-02 13:43 ` rguenth at gcc dot gnu dot org
2010-09-06 13:54 ` rguenth at gcc dot gnu dot org
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2010-09-02 13:43 UTC (permalink / raw)
To: gcc-bugs
------- Comment #8 from rguenth at gcc dot gnu dot org 2010-09-02 13:43 -------
Fixed.
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44937
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/44937] [4.6 Regression] IPA-split causes crash due to null pointer deref
2010-07-14 18:34 [Bug c/44937] New: crash due to null pointer deref regehr at cs dot utah dot edu
` (8 preceding siblings ...)
2010-09-02 13:43 ` rguenth at gcc dot gnu dot org
@ 2010-09-06 13:54 ` rguenth at gcc dot gnu dot org
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2010-09-06 13:54 UTC (permalink / raw)
To: gcc-bugs
------- Comment #9 from rguenth at gcc dot gnu dot org 2010-09-06 13:53 -------
*** Bug 45557 has been marked as a duplicate of this bug. ***
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |alexey at feldgendler dot ru
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44937
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2010-09-06 13:54 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-07-14 18:34 [Bug c/44937] New: crash due to null pointer deref regehr at cs dot utah dot edu
2010-07-15 8:22 ` [Bug tree-optimization/44937] [4.6 Regression] IPA-split causes " rguenth at gcc dot gnu dot org
2010-07-15 9:37 ` hubicka at ucw dot cz
2010-07-15 9:59 ` rguenth at gcc dot gnu dot org
2010-07-15 10:01 ` rguenth at gcc dot gnu dot org
2010-07-15 11:31 ` hubicka at ucw dot cz
2010-07-23 12:41 ` rguenth at gcc dot gnu dot org
2010-09-02 10:52 ` rguenth at gcc dot gnu dot org
2010-09-02 13:43 ` rguenth at gcc dot gnu dot org
2010-09-02 13:43 ` rguenth at gcc dot gnu dot org
2010-09-06 13:54 ` rguenth at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).