gcc 3.3.1 segmentation fault (in rtlanal.c, rtx_varies_p())

gcc 3.3.1 segmentation fault (in rtlanal.c, rtx_varies_p())

[Grigory Tolstolytkin]

[-- Attachment #1: Type: text/plain, Size: 1893 bytes --]

When compiling attached source file, the compiler crashes with 
segmentation fault in rtx_varies_p() function in rtlanal.c
I reproduced it at least for two tragets: arm_v5t_le and arm_iwmmxt_le. 
It doesn't occur when compiling with -O0 or -O1,
but for others do.

I debugged the compiler and found that the compiler generates the 
following rtl instruction:

(insn 16 15 17 0 0x4021b344 (set (reg/f:SI 71)
        (reg:SI 0 r0)) 345 {*iwmmxt_movsi_insn} (nil)
        (insn_list:REG_RETVAL 15 (expr_list:REG_EQUAL (expr_list 
(symbol_ref:SI ("cl"))
        (nil))
        (nil))))

Then, the "expr_list (symbol_ref:SI("cl"))" comes to the hash table for 
CSE optimization (the hash table declared in cse.c)

And when CSE optimization is applied
(cse_insn() is called on the rtl instruction
    (insn 28 47 36 1 0x4021b318 (set (mem/f:SI (plus:SI (reg/f:SI 25 sfp)
    (const_int -4 [0xfffffffc])) [2 S4 A32])
    (reg/v/f:SI 68)) 345 {*iwmmxt_movsi_insn} (nil)
    (nil))
) the rtl expression from the hash table is extracted and rtx_varies_p() 
function is called on each parameter of expr_list.
But the second parameter is NIL and rtx_varies_p() crashes on the first 
line (code = GET_CODE(x)), since the x is NULL.

If I add the follwing code in the beginning of rtx_varies_p():
"
    if (x == NULL)
        return 0;    // nil expression doesn't have have a value which 
can vary even between two executions of the program
"
then the compiler successfully generates object file. I wrote a simple 
test which calls the code from that object file and everything seems to 
work fine.

But I suppose that my fix might be wrong since I don't clearly 
understand how the compiler should work. In fact, does anybody know 
whether it's possible that such expressions may occur in the hash table 
or not?

Compilation parameters:
'arm_v5t_le-gcc -Os -c test.c -o test.o'

Any help is appreciated.

[-- Attachment #2: test.c --]
[-- Type: text/plain, Size: 231 bytes --]

struct st 
{
	int ia[256];
	unsigned char uc;
};

extern struct st *cl(void) __attribute__ ((__const__));
extern void bar(int **);

void foo(int *f, __builtin_va_list arg) 
{
	if (((*cl()).uc) != 1) {
		int *p = f;
		bar(&p);
	}
}

Re: gcc 3.3.1 segmentation fault (in rtlanal.c, rtx_varies_p())

[Paul Brook]

On Thursday 26 August 2004 15:50, Grigory Tolstolytkin wrote:
> When compiling attached source file, the compiler crashes with
> segmentation fault in rtx_varies_p() function in rtlanal.c
> I reproduced it at least for two tragets: arm_v5t_le and arm_iwmmxt_le.
> It doesn't occur when compiling with -O0 or -O1,
> but for others do.
>
> I debugged the compiler and found that the compiler generates the
> following rtl instruction:
>
> (insn 16 15 17 0 0x4021b344 (set (reg/f:SI 71)
>         (reg:SI 0 r0)) 345 {*iwmmxt_movsi_insn} (nil)
>         (insn_list:REG_RETVAL 15 (expr_list:REG_EQUAL (expr_list
> (symbol_ref:SI ("cl"))
>         (nil))
>         (nil))))
>
> Then, the "expr_list (symbol_ref:SI("cl"))" comes to the hash table for
> CSE optimization (the hash table declared in cse.c)
>
> And when CSE optimization is applied
> (cse_insn() is called on the rtl instruction
>     (insn 28 47 36 1 0x4021b318 (set (mem/f:SI (plus:SI (reg/f:SI 25 sfp)
>     (const_int -4 [0xfffffffc])) [2 S4 A32])
>     (reg/v/f:SI 68)) 345 {*iwmmxt_movsi_insn} (nil)
>     (nil))
> ) the rtl expression from the hash table is extracted and rtx_varies_p()
> function is called on each parameter of expr_list.
> But the second parameter is NIL and rtx_varies_p() crashes on the first
> line (code = GET_CODE(x)), since the x is NULL.
>
> If I add the follwing code in the beginning of rtx_varies_p():
> "
>     if (x == NULL)
>         return 0;    // nil expression doesn't have have a value which
> can vary even between two executions of the program
> "
<...>
> Any help is appreciated.

I this patch (present in 3.4) did something similar:
http://gcc.gnu.org/ml/gcc-patches/2004-02/msg01518.html

I couldn't reproduce with 3.3, so didn't apply the patch there.

Paul

Re: gcc 3.3.1 segmentation fault (in rtlanal.c, rtx_varies_p())

[Giovanni Bajo]

Grigory Tolstolytkin wrote:


>> Any help is appreciated.

Grigory, given Paul's reply, would you please open a bug report in Bugzilla
against 3.3 and have a link to Paul's patch there, together with your testcase?
This way we make sure this doesn't get forgotten and the patch actually makes
it to 3.3. Thanks.
-- 
Giovanni Bajo

Re: gcc 3.3.1 segmentation fault (in rtlanal.c, rtx_varies_p())

[Grigory Tolstolytkin]

Giovanni Bajo wrote:

>Grigory, given Paul's reply, would you please open a bug report in Bugzilla
>against 3.3 and have a link to Paul's patch there, together with your testcase?
>This way we make sure this doesn't get forgotten and the patch actually makes
>it to 3.3. Thanks.
>  
>
Since I'm new there, could you explain some things:

I didn't find the bug in Bugzilla (using search not only for 3.3, but 
for all versions), whether you want me to add the bug, Paul's patch and 
testcase to the Bugzilla (for 3.3) or you meant something else?

Also, I reproduced the bug using Montavista gcc snapshot, not FSF. And I 
don't know whether the bug can be reproduced in original 3.3 (As I 
understand - Paul tried to use my testcase and the bug wasn't reproduced).

So, despite of these facts if you still wants me to add the bug to the 
Bugzilla - just tell me and I'll do it.

Thanks,
    Grigory

Re: gcc 3.3.1 segmentation fault (in rtlanal.c, rtx_varies_p())

[Giovanni Bajo]

Grigory Tolstolytkin wrote:

> I didn't find the bug in Bugzilla (using search not only for 3.3, but
> for all versions), whether you want me to add the bug, Paul's patch
> and testcase to the Bugzilla (for 3.3) or you meant something else?
> Also, I reproduced the bug using Montavista gcc snapshot, not FSF.

Yes, I meant create a new bug report, and add the testcase, a link to the patch
(to the html page from the mailing list archives) and your new testcase. But
can you try with FSF's latest release, 3.3.4? If it cannot be reproduced there,
there is no point in applying the patch.

> And I don't know whether the bug can be reproduced in original 3.3 (As I
> understand - Paul tried to use my testcase and the bug wasn't
> reproduced).

What I understood was that Paul tried with *his* testcase back when the bug was
fixed but could not reproduce the bug on 3.3. Your testcase is different.

Thanks
Giovanni Bajo

Re: gcc 3.3.1 segmentation fault (in rtlanal.c, rtx_varies_p())

[Grigory Tolstolytkin]

Giovanni Bajo wrote:

>Yes, I meant create a new bug report, and add the testcase, a link to the patch
>(to the html page from the mailing list archives) and your new testcase. But
>can you try with FSF's latest release, 3.3.4? If it cannot be reproduced there,
>there is no point in applying the patch.
>
Sorry for my delay. I tried my testcase with the FSF release 3.3.4 and 
the bug wasn't reproduced, so as I understand there is no need to apply 
the patch.

Thanks
 Grigory Tolstolytkin