+++ This bug was initially created as a clone of Bug #41762 +++ Found in r153542. r151451 seems to be affected as well, 4.4 branch doesn't seem to be. $ valgrind /mnt/svn/gcc-trunk/build-153542/libexec/gcc/x86_64-unknown-linux-gnu/4.5.0/cc1 -m32 -O2 -o testcase.s testcase.i -version ==26448== Memcheck, a memory error detector ==26448== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==26448== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info ==26448== Command: /mnt/svn/gcc-trunk/build-153542/libexec/gcc/x86_64-unknown-linux-gnu/4.5.0/cc1 -m32 -O2 -o testcase.s testcase.i -version ==26448== GNU C (GCC) version 4.5.0 20091025 (experimental) (x86_64-unknown-linux-gnu) compiled by GNU C version 4.5.0 20091025 (experimental), GMP version 4.3.1, MPFR version 2.4.1-p5, MPC version 0.7 GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096 GNU C (GCC) version 4.5.0 20091025 (experimental) (x86_64-unknown-linux-gnu) compiled by GNU C version 4.5.0 20091025 (experimental), GMP version 4.3.1, MPFR version 2.4.1-p5, MPC version 0.7 GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096 options passed: -m32 -O2 testcase.i options enabled: -falign-labels -falign-loops -fargument-alias -fauto-inc-dec -fbranch-count-reg -fcaller-saves -fcommon -fcprop-registers -fcrossjumping -fcse-follow-jumps -fdefer-pop -fdelete-null-pointer-checks -fdwarf2-cfi-asm -fearly-inlining -feliminate-unused-debug-types -fexpensive-optimizations -fforward-propagate -ffunction-cse -fgcse -fgcse-lm -fguess-branch-probability -fident -fif-conversion -fif-conversion2 -findirect-inlining -finline -finline-functions-called-once -finline-small-functions -fipa-cp -fipa-pure-const -fipa-reference -fipa-sra -fira-share-save-slots -fira-share-spill-slots -fivopts -fkeep-static-consts -fleading-underscore -fmath-errno -fmerge-constants -fmerge-debug-strings -fmove-loop-invariants -foptimize-register-move -foptimize-sibling-calls -fpcc-struct-return -fpeephole -fpeephole2 -fregmove -freorder-blocks -freorder-functions -frerun-cse-after-loop -fsched-critical-path-heuristic -fsched-dep-count-heuristic -fsched-group-heuristic -fsched-interblock -fsched-last-insn-heuristic -fsched-rank-heuristic -fsched-spec -fsched-spec-insn-heuristic -fsched-stalled-insns-dep -fschedule-insns2 -fshow-column -fsigned-zeros -fsplit-ivs-in-unroller -fsplit-wide-types -fstrict-aliasing -fstrict-overflow -fthread-jumps -ftoplevel-reorder -ftrapping-math -ftree-builtin-call-dce -ftree-ccp -ftree-ch -ftree-copy-prop -ftree-copyrename -ftree-cselim -ftree-dce -ftree-dominator-opts -ftree-dse -ftree-forwprop -ftree-fre -ftree-loop-im -ftree-loop-ivcanon -ftree-loop-optimize -ftree-parallelize-loops= -ftree-phiprop -ftree-pre -ftree-pta -ftree-reassoc -ftree-scev-cprop -ftree-sink -ftree-slp-vectorize -ftree-sra -ftree-switch-conversion -ftree-ter -ftree-vect-loop-version -ftree-vrp -funit-at-a-time -fvar-tracking -fvar-tracking-assignments -fvect-cost-model -fzero-initialized-in-bss -m32 -m80387 -m96bit-long-double -maccumulate-outgoing-args -malign-stringops -mfancy-math-387 -mfp-ret-in-387 -mglibc -mieee-fp -mno-red-zone -mno-sse4 -mpush-args -msahf -mtls-direct-seg-refs Compiler executable checksum: e3f8774dea091f6c29da5b8842041488 getchar fgetc_unlocked getc_unlocked getchar_unlocked putchar fputc_unlocked putc_unlocked putchar_unlocked getline feof_unlocked ferror_unlocked sprintf vsprintf snprintf vsnprintf fprintf printf vprintf vfprintf asprintf __asprintf dprintf obstack_printf vasprintf vdprintf obstack_vprintf gets fgets fread fgets_unlocked fread_unlocked atof atoi atol atoll gnu_dev_major gnu_dev_minor gnu_dev_makedev realpath ptsname_r wctomb mbstowcs wcstombs tolower toupper read pread pread64 readlink readlinkat getcwd getwd confstr getgroups ttyname_r getlogin_r gethostname getdomainname __signbitf __signbit __signbitl __sgn __sgnf __sgnl __atan2l fabs fabsf fabsl __fabsl __sgn1l floor floorf floorl ceil ceilf ceill lrintf lrint lrintl llrintf llrint llrintl __finite __strcspn_c1 __strcspn_c2 __strcspn_c3 __strspn_c1 __strspn_c2 __strspn_c3 __strpbrk_c2 __strpbrk_c3 __strtok_r_1c __strsep_1c __strsep_2c __strsep_3c memcpy memmove mempcpy memset bcopy bzero strcpy stpcpy strncpy stpncpy strcat strncat {GC 5326k -> 3881k} XkbGetRulesDflts XkbWriteRulesProp XkbSetRulesUsed XkbSetRulesDflts initTypeNames initIndicatorNames XkbInitKeyTypes XkbInitRadioGroups XkbInitCompatStructs XkbInitSemantics XkbInitNames XkbInitIndicatorMap XkbInitControls XkbInitDevice XkbInitKeyboardDeviceStruct XkbFinishDeviceInit XkbFreeInfo XkbProcessArguments XkbUseMsg Analyzing compilation unit {GC 5751k -> 4740k}Performing interprocedural optimizations <visibility> <> <early_local_cleanups>==26448== Invalid read of size 4 ==26448== at 0x8B27B5: get_constraint_for_ptr_offset (tree-ssa-structalias.c:2884) ==26448== by 0x8B3DD3: find_func_aliases (tree-ssa-structalias.c:3727) ==26448== by 0x8B6F7F: compute_may_aliases (tree-ssa-structalias.c:5435) ==26448== by 0x710F5E: execute_function_todo (passes.c:1171) ==26448== by 0x711369: execute_todo (passes.c:1249) ==26448== by 0x7115A4: execute_one_pass (passes.c:1542) ==26448== by 0x711774: execute_pass_list (passes.c:1568) ==26448== by 0x711786: execute_pass_list (passes.c:1569) ==26448== by 0x71378C: execute_ipa_pass_list (passes.c:1111) ==26448== by 0x982620: cgraph_optimize (cgraphunit.c:1362) ==26448== by 0x98283E: cgraph_finalize_compilation_unit (cgraphunit.c:1089) ==26448== by 0x4ADA2A: c_write_global_declarations (c-decl.c:9368) ==26448== Address 0x7bb077c is 12 bytes inside a block of size 72 free'd ==26448== at 0x4C271DF: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26448== by 0xC8C60C: xrealloc (xmalloc.c:179) ==26448== by 0x943BD6: vec_heap_o_reserve_1 (vec.c:320) ==26448== by 0x8B27EF: get_constraint_for_ptr_offset (tree-ssa-structalias.c:406) ==26448== by 0x8B3DD3: find_func_aliases (tree-ssa-structalias.c:3727) ==26448== by 0x8B6F7F: compute_may_aliases (tree-ssa-structalias.c:5435) ==26448== by 0x710F5E: execute_function_todo (passes.c:1171) ==26448== by 0x711369: execute_todo (passes.c:1249) ==26448== by 0x7115A4: execute_one_pass (passes.c:1542) ==26448== by 0x711774: execute_pass_list (passes.c:1568) ==26448== by 0x711786: execute_pass_list (passes.c:1569) ==26448== by 0x71378C: execute_ipa_pass_list (passes.c:1111) ==26448== {GC 6225k -> 5402k} <whole-program> <cp> <inline> <static-var> <pure-const>Assembling functions: XkbWriteRulesProp XkbGetRulesDflts XkbSetRulesUsed XkbSetRulesDflts XkbInitDevice XkbInitKeyboardDeviceStruct XkbFinishDeviceInit XkbFreeInfo XkbProcessArguments {GC 7023k -> 4729k} XkbUseMsg Execution times (seconds) ...
Created attachment 18892 [details] partially reduced testcase
Mine.
Subject: Bug 41826 Author: rguenth Date: Mon Oct 26 12:21:50 2009 New Revision: 153550 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=153550 Log: 2009-10-26 Richard Guenther <rguenther@suse.de> PR tree-optimization/41826 * tree-ssa-structalias.c (get_constraint_for_ptr_offset): Avoid access to re-allocated vector fields. Modified: trunk/gcc/ChangeLog trunk/gcc/tree-ssa-structalias.c
Fixed on the trunk sofar. Confirmed on the 4.4 and 4.3 branch.
Subject: Bug 41826 Author: rguenth Date: Wed Jan 20 13:06:40 2010 New Revision: 156078 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=156078 Log: 2010-01-20 Richard Guenther <rguenther@suse.de> PR tree-optimization/41826 * tree-ssa-structalias.c (get_constraint_for_ptr_offset): Avoid access to re-allocated vector fields. Modified: branches/gcc-4_4-branch/gcc/ChangeLog branches/gcc-4_4-branch/gcc/tree-ssa-structalias.c
Subject: Bug 41826 Author: rguenth Date: Wed Jan 20 13:07:41 2010 New Revision: 156079 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=156079 Log: 2010-01-20 Richard Guenther <rguenther@suse.de> PR tree-optimization/41826 * tree-ssa-structalias.c (get_constraint_for_ptr_offset): Avoid access to re-allocated vector fields. Modified: branches/gcc-4_3-branch/gcc/ChangeLog branches/gcc-4_3-branch/gcc/tree-ssa-structalias.c
Fixed.