From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 20BE93888C5E; Thu, 24 Mar 2022 10:10:44 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 20BE93888C5E From: "marxin at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug rtl-optimization/104985] [12 Regression] ICE: SIGSEGV in undo_to_marker / adjust_reg_mode with -Os -frounding-math since r12-4767-g81342e95827f77 Date: Thu, 24 Mar 2022 10:10:43 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: rtl-optimization X-Bugzilla-Version: 12.0 X-Bugzilla-Keywords: ice-on-valid-code X-Bugzilla-Severity: normal X-Bugzilla-Who: marxin at gcc dot gnu.org X-Bugzilla-Status: WAITING X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 12.0 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Mar 2022 10:10:44 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D104985 --- Comment #7 from Martin Li=C5=A1ka --- With the following debugging patch: diff --git a/gcc/combine.cc b/gcc/combine.cc index 8f06ee0e54f..150cc6fae1b 100644 --- a/gcc/combine.cc +++ b/gcc/combine.cc @@ -4755,6 +4755,7 @@ undo_to_marker (void *marker) *undo->where.i =3D undo->old_contents.i; break; case UNDO_MODE: + fprintf (stderr, "undo called: %p\n", undo->where.r); adjust_reg_mode (*undo->where.r, undo->old_contents.m); break; case UNDO_LINKS: diff --git a/gcc/emit-rtl.cc b/gcc/emit-rtl.cc index f4404d7abe3..f98e5eb46f7 100644 --- a/gcc/emit-rtl.cc +++ b/gcc/emit-rtl.cc @@ -1226,6 +1226,8 @@ emit_status::ensure_regno_capacity () regno_pointer_align =3D (unsigned char *) tmp; rtx *new1 =3D GGC_RESIZEVEC (rtx, regno_reg_rtx, new_size); + fprintf (stderr, "emit_status::ensure_regno_capacity: %p-%p\n", new1, ne= w1 + + (new_size * sizeof(rtx))); memset (new1 + old_size, 0, (new_size - old_size) * sizeof (rtx)); regno_reg_rtx =3D new1; emit_status::ensure_regno_capacity: 0x7ffff75fc000-0x7ffff7605300 emit_status::ensure_regno_capacity: 0x7ffff75f8000-0x7ffff760a600 undo called: 0x7ffff75f87e8 undo called: 0x7ffff75f87e8 ... emit_status::ensure_regno_capacity: 0x7ffff75ea000-0x7ffff760ec00 undo called: 0x7ffff75f8c48 As seen the last *undo->where.r access a memory that is GGC freed and that = was previously allocated by emit_status::ensure_regno_capacity. The last emit_status::ensure_regno_capacity that reallocates is called here: #0 emit_status::ensure_regno_capacity (this=3D0x3082010 ) at /home/marxin/Programming/gcc/gcc/emit-rtl.cc:1229 #1 0x0000000000e2fa3f in gen_reg_rtx (mode=3DE_DImode) at /home/marxin/Programming/gcc/gcc/emit-rtl.cc:1201 #2 0x00000000012f088d in maybe_legitimize_operand (icode=3DCODE_FOR_ashldi= 3, opno=3D0, op=3D0x7fffffff9f90) at /home/marxin/Programming/gcc/gcc/optabs.c= c:7791 #3 0x00000000012f126d in maybe_legitimize_operands (icode=3DCODE_FOR_ashld= i3, opno=3D0, nops=3D3, ops=3D0x7fffffff9f90) at /home/marxin/Programming/gcc/gcc/optabs.cc:7935 #4 0x00000000012f1326 in maybe_gen_insn (icode=3DCODE_FOR_ashldi3, nops=3D= 3, ops=3D0x7fffffff9f90) at /home/marxin/Programming/gcc/gcc/optabs.cc:7954 #5 0x00000000012dadde in expand_binop_directly (icode=3DCODE_FOR_ashldi3, mode=3DE_DImode, binoptab=3Dashl_optab, op0=3D0x7ffff72cb420, op1=3D0x7ffff= 760f5c0, target=3D0x0, unsignedp=3D1, methods=3DOPTAB_LIB_WIDEN, last=3D0x7ffff72c78= c0) at /home/marxin/Programming/gcc/gcc/optabs.cc:1442 #6 0x00000000012db335 in expand_binop (mode=3DE_DImode, binoptab=3Dashl_op= tab, op0=3D0x7ffff72cb420, op1=3D0x7ffff760f5c0, target=3D0x0, unsignedp=3D1, methods=3DOPTAB_LIB_WIDEN) at /home/marxin/Programming/gcc/gcc/optabs.cc:15= 29 #7 0x00000000012da55c in expand_simple_binop (mode=3DE_DImode, code=3DASHI= FT, op0=3D0x7ffff72cb420, op1=3D0x7ffff760f5c0, target=3D0x0, unsignedp=3D1, methods=3DOPTAB_LIB_WIDEN) at /home/marxin/Programming/gcc/gcc/optabs.cc:12= 61 #8 0x0000000000eba222 in force_operand (value=3D0x7ffff72cb450, target=3D0= x0) at /home/marxin/Programming/gcc/gcc/expr.cc:7957 #9 0x0000000000e68948 in force_reg (mode=3DE_DImode, x=3D0x7ffff72cb450) at /home/marxin/Programming/gcc/gcc/explow.cc:682 #10 0x0000000001ac255f in mips_move_integer (temp=3D0x7ffff7769bd0, dest=3D0x7ffff7769c60, value=3D4294167595) at /home/marxin/Programming/gcc/gcc/config/mips/mips.cc:3662 #11 0x0000000002172535 in gen_split_51 (curr_insn=3D0x7ffff7768840, operands=3D0x3168f20 ) at /home/marxin/Programming/gcc/gcc/config/mips/mips.md:4699 #12 0x000000000231ce2f in split_6 (x1=3D0x7ffff72c9760, insn=3D0x7ffff77688= 40) at /home/marxin/Programming/gcc/gcc/config/mips/mips.md:796 #13 0x000000000232072d in split_7 (x1=3D0x7ffff72c9760, insn=3D0x7ffff77688= 40) at /home/marxin/Programming/gcc/gcc/config/mips/mips.md:7077 #14 0x00000000023220a6 in split_insns (x1=3D0x7ffff72c9760, insn=3D0x7ffff7= 768840) at /home/marxin/Programming/gcc/gcc/config/mips/mips.md:7060 #15 0x00000000023608c9 in combine_split_insns (pattern=3D0x7ffff72c9760, insn=3D0x7ffff7768840) at /home/marxin/Programming/gcc/gcc/combine.cc:530 #16 0x0000000002373b1d in try_combine (i3=3D0x7ffff7768840, i2=3D0x7ffff776= 8800, i1=3D0x7ffff77687c0, i0=3D0x0, new_direct_jump_p=3D0x7fffffffd5f8, last_combined_insn=3D0x7ffff7768840) at /home/marxin/Programming/gcc/gcc/combine.cc:3588 and the crashing undo with: #0 0x0000000000e2ff70 in adjust_reg_mode (reg=3D0xa5a5a5a5a5a5a5a5, mode=3DE_SImode) at /home/marxin/Programming/gcc/gcc/emit-rtl.cc:1296 #1 0x00000000023814f1 in undo_to_marker (marker=3D0x0) at /home/marxin/Programming/gcc/gcc/combine.cc:4759 #2 0x0000000002381571 in undo_all () at /home/marxin/Programming/gcc/gcc/combine.cc:4780 #3 0x000000000237c2e4 in try_combine (i3=3D0x7ffff7768840, i2=3D0x7ffff776= 8800, i1=3D0x7ffff77687c0, i0=3D0x0, new_direct_jump_p=3D0x7fffffffd5f8, last_combined_insn=3D0x7ffff7768840) at /home/marxin/Programming/gcc/gcc/combine.cc:4050=