From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1805 invoked by alias); 10 Nov 2002 20:46:03 -0000 Mailing-List: contact gcc-prs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Archive: List-Post: List-Help: Sender: gcc-prs-owner@gcc.gnu.org Received: (qmail 1781 invoked by uid 71); 10 Nov 2002 20:46:03 -0000 Date: Sun, 10 Nov 2002 12:46:00 -0000 Message-ID: <20021110204603.1780.qmail@sources.redhat.com> To: nobody@gcc.gnu.org Cc: gcc-prs@gcc.gnu.org, From: Zack Weinberg Subject: Re: c++/8511: (hopefully) reproducible cc1plus SIGSEGV. Reply-To: Zack Weinberg X-SW-Source: 2002-11/txt/msg00487.txt.bz2 List-Id: The following reply was made to PR c++/8511; it has been noted by GNATS. From: Zack Weinberg To: wwieser@gmx.de Cc: gcc-gnats@gcc.gnu.org Subject: Re: c++/8511: (hopefully) reproducible cc1plus SIGSEGV. Date: Sun, 10 Nov 2002 12:43:03 -0800 On Sat, Nov 09, 2002 at 12:33:14PM -0000, wwieser@gmx.de wrote: > Compiling the attached code, I am able to reproducible > SIGSEGV the GNU C++ compiler. > > I am sorry for not reducing code size very much but after spending more > than an hour on stripping it down, gcc-3.2.1 crashed while 3.3 did not. > Also, removing lines which I think have little to do with the problem > also turns the crash into "just" an internal compiler error. That is an expected effect for the sort of bug you have found. > First of all, I patched toplev.c to not call signal(SIGSEGV,crash_signal) > but die of SIGSEGV instead. This makes it possible to find the crash > with gdb. [BTW, to ease debugging, I suggest you do not _exit(1) on > SIGSEGV/ILL/... and ICE but terminate the program by killing itself via > SIGABRT. This way, it gets much easier to debug internal errors.] I do not understand why you need this. When I run cc1(plus) under GDB and it takes a fatal signal, GDB recovers control at the point of the signal, before signal handlers have a chance to run. For debugging 'plain' ICEs, the thing to do is set a breakpoint on internal_error() before running the program. > if (type == 0 || TREE_CODE (type) != REFERENCE_TYPE) > { > ==> if (TREE_CODE (TREE_TYPE (val)) == ARRAY_TYPE > || TREE_CODE (TREE_TYPE (val)) == FUNCTION_TYPE > || TREE_CODE (TREE_TYPE (val)) == METHOD_TYPE) > val = default_conversion (val); > } > > if (val == error_mark_node) > return error_mark_node; > > ... > > (Neither type nor val are NULL.) There's not enough information here to know what went wrong. Probably TREE_TYPE (val) was an invalid pointer. > ==> switch (TREE_CODE (t)) > { > case IDENTIFIER_NODE: > return do_identifier (t, 0, NULL_TREE); > > Crash with t=0xa5a5a5a5 (uh, looks suspicious...) Yeah. That means the garbage collector ate a piece of live data. These are a pain to debug -- even slight changes in the input will make the problem vanish. Unfortunately, using the code you posted, I cannot reproduce the crash; I see same the ICE in c_expand_expr that Volker Reichelt did. This is very likely to be because the libstdc++ headers have changed just enough to perturb the bug into going away; I don't see any logged changes that could plausibly have fixed the bug. We need you to give us a preprocessed source file. Using your installation, issue this command: g++ -V3.3 -v -save-temps -I. -Wno-non-template-friend -Wno-unused \ -ftemplate-depth-30 -c -o spline.o spline.cpp That should provoke the same crash, but it will produce a file named spline.i as a side effect. Send us that file (compressed! it will be huge) and the complete output of the command. zw