[regehr@gamow tmp420]$ current-gcc -v Using built-in specs. COLLECT_GCC=current-gcc COLLECT_LTO_WRAPPER=/uusoc/exports/scratch/regehr/z/compiler-install/gcc-r162143-install/bin/../libexec/gcc/x86_64-unknown-linux-gnu/4.6.0/lto-wrapper Target: x86_64-unknown-linux-gnu Configured with: ../configure --with-libelf=/usr/local --enable-lto --prefix=/home/regehr/z/compiler-install/gcc-r162143-install --program-prefix=r162143- --enable-languages=c,c++ Thread model: posix gcc version 4.6.0 20100713 (experimental) (GCC) [regehr@gamow tmp420]$ valgrind -q --trace-children=yes current-gcc -O2 small.c -w ==30337== Invalid read of size 2 ==30337== at 0x697485: walk_stmt_load_store_addr_ops (gimple.c:4776) ==30337== by 0x9B3512: rebuild_cgraph_edges (cgraphbuild.c:471) ==30337== by 0x72D5CD: execute_one_pass (passes.c:1565) ==30337== by 0x72D864: execute_pass_list (passes.c:1620) ==30337== by 0x72CACB: do_per_function_toporder (passes.c:1158) ==30337== by 0x72DC85: execute_ipa_pass_list (passes.c:1920) ==30337== by 0x9B8BF0: cgraph_optimize (cgraphunit.c:1851) ==30337== by 0x9B8E4A: cgraph_finalize_compilation_unit (cgraphunit.c:1171) ==30337== by 0x4A7C32: c_write_global_declarations (c-decl.c:9698) ==30337== by 0x7CED29: toplev_main (toplev.c:990) ==30337== by 0x5935ABC: (below main) (libc-start.c:220) ==30337== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==30337== small.c: In function 'func_4': small.c:29:1: internal compiler error: Segmentation fault Please submit a full bug report, with preprocessed source if appropriate. See <http://gcc.gnu.org/bugs.html> for instructions. [regehr@gamow tmp420]$ cat small.c int g_19; int *g_42; int **volatile g = &g_42; int g_67[5][9][2][1] = { }; int func_4 (int p_5, unsigned char p_6, unsigned char p_7) { unsigned char l_8[1]; if (p_6) goto lbl_13; for (p_6 = 0; p_6; p_6 = (p_6, 0)) if (0) { } else lbl_13:for (p_6 = 0; p_6 < 1; p_6 += 1) l_8[p_6] = 0; return 0; } int * func_45 (unsigned long p_46, unsigned char p_47) { int *l_56 = &g_19; &l_56 != &g | !1 == func_4 (0, g_67[2][6][1][0], 0) ^ func_4 (1, 0, 0); return 0; }
Confirmed. (gdb) call debug_gimple_stmt (stmt) .MEM_12 = PHI <.MEM_13(D)(2), (3)> we miss a PHI arg here after splitting the function. func_4 (int p_5, unsigned char p_6, unsigned char p_7) { <bb 2>: if (p_6_3(D) != 0) goto <bb 3>; else goto <bb 4>; <bb 3>: # p_6_10 = PHI <0(2)> func_4.part.0 (); <bb 4>: # .MEM_12 = PHI <.MEM_13(D)(2), (3)> return 0;
Subject: Re: [4.6 Regression] IPA-split causes crash due to null pointer deref > (gdb) call debug_gimple_stmt (stmt) > .MEM_12 = PHI <.MEM_13(D)(2), (3)> Hmm, I make no attempts to update alias info. Why return has VOP? Honza
It doesn't. It's a PHI node. So I suppose there was a CFG confluence point here.
CDDCE removes the single store in the loop but doesn't remove the virtual PHI nodes. But you still have to deal with them I guess.
Subject: Re: [4.6 Regression] IPA-split causes crash due to null pointer deref > CDDCE removes the single store in the loop but doesn't remove the virtual > PHI nodes. But you still have to deal with them I guess. OK, how I deal with those then? Honza
(In reply to comment #5) > Subject: Re: [4.6 Regression] IPA-split > causes crash due to null pointer deref > > > CDDCE removes the single store in the loop but doesn't remove the virtual > > PHI nodes. But you still have to deal with them I guess. > OK, how I deal with those then? Well, you have to either delete it, update it or avoid splitting. As I said earlier splitting the edge to the split part if there are PHI nodes would avoid most of the issues. > Honza >
Subject: Bug 44937 Author: rguenth Date: Thu Sep 2 13:42:25 2010 New Revision: 163775 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=163775 Log: 2010-09-02 Richard Guenther <rguenther@suse.de> PR tree-optimization/44937 PR tree-optimization/45412 * ipa-split.c (split_function): Properly remove PHI nodes. * g++.dg/opt/pr45412.C: New testcase. * gcc.c-torture/compile/pr45412.c: Likewise. * gcc.c-torture/compile/pr44937.c: Likewise. Added: trunk/gcc/testsuite/g++.dg/opt/pr45412.C trunk/gcc/testsuite/gcc.c-torture/compile/pr44937.c trunk/gcc/testsuite/gcc.c-torture/compile/pr45412.c Modified: trunk/gcc/ChangeLog trunk/gcc/ipa-split.c trunk/gcc/testsuite/ChangeLog
Fixed.
*** Bug 45557 has been marked as a duplicate of this bug. ***