This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Missing guard in ira-color.c ?


Hi,

I am getting a segfault in ira-color.c:2945 on the trunk:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000a79f37 in move_spill_restore () at ../../src/gcc/ira-color.c:2945
2945		      || ira_reg_equiv_const[regno] != NULL_RTX
(gdb) l
2940		      /* don't do the optimization because it can create
2941			 copies and the reload pass can spill the allocno set
2942			 by copy although the allocno will not get memory
2943			 slot.  */
2944		      || ira_reg_equiv_invariant_p[regno]
2945		      || ira_reg_equiv_const[regno] != NULL_RTX
2946		      || !bitmap_bit_p (loop_node->border_allocnos, ALLOCNO_NUM (a)))
2947		    continue;
2948		  mode = ALLOCNO_MODE (a);
2949		  rclass = ALLOCNO_CLASS (a);

while building gcc (gnatcmd.adb file) for ia64-vms using a cross compiler (target=ia64-vms, host=x86_64-linux).

The reason looks to be an out of bounds access:

(gdb) print regno
$10 = 18476
(gdb) print ira_reg_equiv_len 
$11 = 17984

(I suppose this setup is not easy at all to reproduce, but I can provide any files, if necessary).

Wild guess, as I don't know IRA at all:  looks like in this file most accesses to ira_reg_equiv_* are guarded.  Is it expected that they aren't at this point ?

[I am currently trying with the following chunk:

--- a/gcc/ira-color.c
+++ b/gcc/ira-color.c
@@ -2941,8 +2941,9 @@ move_spill_restore (void)
                 copies and the reload pass can spill the allocno set
                 by copy although the allocno will not get memory
                 slot.  */
-             || ira_reg_equiv_invariant_p[regno]
-             || ira_reg_equiv_const[regno] != NULL_RTX
+             || (regno < ira_reg_equiv_len
+                 && (ira_reg_equiv_invariant_p[regno]
+                     || ira_reg_equiv_const[regno] != NULL_RTX))
              || !bitmap_bit_p (loop_node->border_allocnos, ALLOCNO_NUM (a)))
            continue;
          mode = ALLOCNO_MODE (a);
]

Thanks for any comment,
Tristan.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]