37419 – [4.4 Regression] mpfr related memory corruption

Bug 37419 - [4.4 Regression] mpfr related memory corruption

Summary: [4.4 Regression] mpfr related memory corruption

Status:	RESOLVED FIXED

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	other (show other bugs)
Version:	4.4.0

Importance:	P3 normal
Target Milestone:	4.4.0
Assignee:	Jakub Jelinek

URL:	http://gcc.gnu.org/ml/gcc-patches/200...
Keywords:	ice-on-valid-code

Depends on:
Blocks:

Reported:	2008-09-08 08:50 UTC by Martin Michlmayr
Modified:	2008-09-09 20:26 UTC (History)
CC List:	3 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:	2008-09-09 10:45:57

Attachments
Preprocessed code (12.08 KB, application/octet-stream) 2008-09-08 08:54 UTC, Martin Michlmayr	Details
Reduced testcase (1.00 KB, text/plain) 2008-09-08 23:28 UTC, Andrew Pinski	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Michlmayr 2008-09-08 08:50:36 UTC

With current trunk (revision 140100):


(sid)2294:tbm@em64t: ~] /usr/lib/gcc-snapshot/bin/gcc -c -finline-limit=1048576 -O3 gutenprint-mxml-file.i
*** glibc detected *** /usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/4.4.0/cc1: malloc(): memory corruption (fast): 0x0000000001da1890 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f136138a968]
/lib/libc.so.6[0x7f136138d69f]
/lib/libc.so.6[0x7f136138e354]
/lib/libc.so.6(realloc+0x12f)[0x7f136138efdf]
/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/4.4.0/cc1[0xb4098d]
/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/4.4.0/cc1[0x86c584]
/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/4.4.0/cc1[0x8af750]
/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/4.4.0/cc1[0x8af6d6]
/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/4.4.0/cc1[0x8ac6ad]
/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/4.4.0/cc1[0x63b073]
/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/4.4.0/cc1[0x63b3a8]
/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/4.4.0/cc1[0x8a5717]
/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/4.4.0/cc1[0x416493]
/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/4.4.0/cc1[0x6e0faf]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f13613351a6]
/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/4.4.0/cc1(mpfr_cosh+0xb9)[0x404029]
======= Memory map: ========
00400000-00d87000 r-xp 00000000 08:07 6129876                            /usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/4.4.0/cc1
00f87000-01011000 rw-p 00987000 08:07 6129876                            /usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/4.4.0/cc1
01011000-010a5000 rw-p 01011000 00:00 0
01d3c000-01ddb000 rw-p 01d3c000 00:00 0                                  [heap]
7f135c000000-7f135c021000 rw-p 7f135c000000 00:00 0
7f135c021000-7f1360000000 ---p 7f135c021000 00:00 0
7f1360c8e000-7f1360ca4000 r-xp 00000000 08:07 5524480                    /lib/libgcc_s.so.1
7f1360ca4000-7f1360ea4000 ---p 00016000 08:07 5524480                    /lib/libgcc_s.so.1
7f1360ea4000-7f1360ea5000 rw-p 00016000 08:07 5524480                    /lib/libgcc_s.so.1
7f1360edc000-7f1361317000 rw-p 7f1360edc000 00:00 0
7f1361317000-7f1361461000 r-xp 00000000 08:07 5048300                    /lib/libc-2.7.so
7f1361461000-7f1361660000 ---p 0014a000 08:07 5048300                    /lib/libc-2.7.so
7f1361660000-7f1361663000 r--p 00149000 08:07 5048300                    /lib/libc-2.7.so
7f1361663000-7f1361665000 rw-p 0014c000 08:07 5048300                    /lib/libc-2.7.so
7f1361665000-7f136166a000 rw-p 7f1361665000 00:00 0
7f136166a000-7f13616a8000 r-xp 00000000 08:07 5523167                    /usr/lib/libgmp.so.3.4.2
7f13616a8000-7f13618a8000 ---p 0003e000 08:07 5523167                    /usr/lib/libgmp.so.3.4.2
7f13618a8000-7f13618a9000 rw-p 0003e000 08:07 5523167                    /usr/lib/libgmp.so.3.4.2
7f13618a9000-7f13618ea000 r-xp 00000000 08:07 5526259                    /usr/lib/libmpfr.so.1.1.1
7f13618ea000-7f1361ae9000 ---p 00041000 08:07 5526259                    /usr/lib/libmpfr.so.1.1.1
7f1361ae9000-7f1361aeb000 rw-p 00040000 08:07 5526259                    /usr/lib/libmpfr.so.1.1.1
7f1361aeb000-7f1361b07000 r-xp 00000000 08:07 5048312                    /lib/ld-2.7.so
7f1361bca000-7f1361ccc000 rw-p 7f1361bca000 00:00 0
7f1361cd1000-7f1361d06000 rw-p 7f1361cd1000 00:00 0
7f1361d06000-7f1361d08000 rw-p 0001b000 08:07 5048312                    /lib/ld-2.7.so
7fff69cf3000-7fff69d08000 rw-p 7ffffffea000 00:00 0                      [stack]
7fff69dff000-7fff69e00000 r-xp 7fff69dff000 00:00 0                      [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
../../../../src/main/mxml-file.c:1431: internal compiler error: Aborted
Please submit a full bug report,

Comment 1 Martin Michlmayr 2008-09-08 08:54:13 UTC

Created attachment 16253 [details]
Preprocessed code

Comment 2 Andrew Pinski 2008-09-08 21:47:50 UTC

I get a different ICE with revision 139912 on i386-apple-darwin8.11.1.
GNU C (GCC) version 4.4.0 20080902 (experimental) [trunk revision 139912] (i386-apple-darwin8.11.1)
        compiled by GNU C version 4.4.0 20080902 (experimental) [trunk revision 139912], GMP version 4.2.2, MPFR version 2.3.0.

Comment 3 Andrew Pinski 2008-09-08 23:28:34 UTC

Created attachment 16259 [details]
Reduced testcase

This is as far as I can get this testcase.

Comment 4 Andrew Pinski 2008-09-08 23:29:52 UTC

#0  add_new_edges_to_heap (heap=0x43909090, new_edges=0x4390d2d0) at /Users/apinski/src/local/gcc/gcc/ipa-inline.c:817

Comment 5 Jakub Jelinek 2008-09-09 10:45:56 UTC

Fixed one bug, but apparently there are some more.  Debugging.

Comment 6 Jakub Jelinek 2008-09-09 19:21:03 UTC

Subject: Bug 37419

Author: jakub
Date: Tue Sep  9 19:19:41 2008
New Revision: 140168

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=140168
Log:
	PR other/37419
	* ipa-prop.h (ipa_propagate_indirect_call_infos): Change last argument
	to pointer to vector pointer.
	* ipa-prop.c (ipa_propagate_indirect_call_infos,
	propagate_info_to_inlined_callees): Likewise.
	(update_call_notes_after_inlining): Likewise.  Push new indirect edge
	to *new_edges instead of new_edges.  Reread IPA_EDGE_REF after
	ipa_check_create_edge_args.
	* ipa-inline.c (cgraph_decide_recursive_inlining): Change last argument
	to pointer to vector pointer.
	(cgraph_decide_inlining_of_small_function): Adjust
	cgraph_decide_recursive_inlining and ipa_propagate_indirect_call_infos
	calls.

Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/ipa-inline.c
    trunk/gcc/ipa-prop.c
    trunk/gcc/ipa-prop.h

Comment 7 Jakub Jelinek 2008-09-09 20:26:59 UTC

Fixed.