The following code crashes when I compile it with -O2 (mainline) ========================== #include<vector> struct A { std::vector<int> v; char c; }; struct B {}; int main() { A a; A a2(a); std::vector<B*> b; return 0; } ========================== The program dies with: *** glibc detected *** free(): invalid pointer: 0x00002aaaaabc0c60 *** zsh: 13987 abort a.out I'll come up with a reduced testcase next week if nobody beats me. Happens only with mainline, -O1 is not affected.
Btw, this is on x86_64-unknown-linux-gnu.
Something is removing the store to _M_start. this_252 = (struct _Vector_base<B*,std::allocator<B*> > *) &b; this_253 = this_252; # VUSE <SMT.84_402>; D.13530_256 = this_252->_M_impl._M_start; I think the cast there is causing the problem.
This is related to PR 19817, the C++ front-end is producing that construct which causes us not to constant prop zero.
But even without fixing PR 19817, it seems like the cast should be valid, or maybe not someone who knows if the cast is valid in C++ where the struct is not an inheirtance.
Created attachment 11539 [details] reduced testcase
I think there's something hosed with aliasing. The code crashes with -O2, but runs fine with -O2 -fno-strict-aliasing.
I already mentioned this is most likely a C++ front-end.
Created attachment 11550 [details] modified testcase
The modified testcase from comment #8 should return 0, but returns 255 (a.k.a -1) when compiled with -O2. The bad news is that this also affects the 4.1 branch (4.1.0 and later). The failure on the 4.1 branch is not reproducible with -m32 whereas mainline also crashes with -m32. The testcase from comment #5 also crashes with 4.1.0 (without -m32), but not with 4.1.1.
This problem persists with gcc4.1.x from 2006-06-13. I believe I get the same glibc fault in one of my codes, which isn't particularly surprising given that Volker used widely used std:: components in his program as well... Definitely an important bug! W.
Turns out to be a bug in alias grouping. Patch in testing.
Subject: Bug 27768 Author: jason Date: Thu Jun 29 01:12:20 2006 New Revision: 115062 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=115062 Log: PR c++/27768 * tree-ssa-alias.c (compute_flow_insensitive_aliasing): Add may_aliases already in the tag's annotations to the bitmap. Added: trunk/gcc/testsuite/g++.dg/opt/alias4.C Modified: trunk/gcc/ChangeLog trunk/gcc/tree-ssa-alias.c
Fixed on the mainline at least.
Subject: Bug 27768 Author: jason Date: Fri Jun 30 15:19:50 2006 New Revision: 115090 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=115090 Log: PR c++/27768 * tree-ssa-alias.c (compute_flow_insensitive_aliasing): Add may_aliases already in the tag's annotations to the bitmap. Added: branches/gcc-4_1-branch/gcc/testsuite/g++.dg/opt/alias4.C - copied unchanged from r115062, trunk/gcc/testsuite/g++.dg/opt/alias4.C Modified: branches/gcc-4_1-branch/gcc/ChangeLog branches/gcc-4_1-branch/gcc/tree-ssa-alias.c
Fixed.