This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug rtl-optimization/14863] [3.4 regression] unit-at-a-time causes miscompilation
- From: "rguenth at tat dot physik dot uni-tuebingen dot de" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 2 Jun 2004 11:54:47 -0000
- Subject: [Bug rtl-optimization/14863] [3.4 regression] unit-at-a-time causes miscompilation
- References: <20040406114325.14863.rguenth@tat.physik.uni-tuebingen.de>
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
------- Additional Comments From rguenth at tat dot physik dot uni-tuebingen dot de 2004-06-02 11:54 -------
Subject: Re: [3.4 regression] unit-at-a-time
causes miscompilation
On Wed, 2 Jun 2004, belyshev at lubercy dot com wrote:
>
> ------- Additional Comments From belyshev at lubercy dot com 2004-06-02 11:15 -------
> >The minimized testcase is of course invalid. I'm currently investigating
>
> I would not say that. Consider:
While I don't understand what you are hinting at here, looking at the
actual code doesn't reveal any obvious failure in handling invalid data,
still valgrind tells us:
==21613== Invalid read of size 4
==21613== at 0x804E6EF: void Engine<1, int,
Dynamic>::performDestroy<IntervalIterator>(IntervalIterator const&,
IntervalIterator const&, BackFill const&, bool)
(/home/rguenth/src/pooma-bk/r2/src/Utilities/algorithms.h:233)
==21613== by 0x804EE9E: void Engine<1, int,
Dynamic>::performDestroy<Interval<1> >(Interval<1> const&, BackFill
const&, bool)
(/home/rguenth/src/pooma-bk/r2/src/Engine/DynamicEngine.cpp:254)
==21613== by 0x804EF44: void Engine<1, int,
Dynamic>::destroy<Interval<1> >(Interval<1> const&)
(/home/rguenth/src/pooma-bk/r2/src/Layout/DynamicEvents.h:127)
==21613== by 0x804F11F:
Particles<MPDynamicUniform>::performDestroy(int, bool)
(/home/rguenth/src/pooma-bk/r2/src/Array/Array.h:2201)
==21613== by 0x8049E1A: main (bctest3.cpp:143)
==21613== Address 0xBFFFEF3C is just below %esp. Possibly a bug in
GCC/G++
==21613== v 2.96 or 3.0.X. To suppress, use:
--workaround-gcc296-bugs=yes
==21613==
==21613== Invalid write of size 4
==21613== at 0x804E77E: void Engine<1, int,
Dynamic>::performDestroy<IntervalIterator>(IntervalIterator const&,
IntervalIterator const&, BackFill const&, bool)
(/home/rguenth/src/pooma-bk/r2/src/Utilities/RefCountedBlockPtr.h:635)
==21613== by 0x804EE9E: void Engine<1, int,
Dynamic>::performDestroy<Interval<1> >(Interval<1> const&, BackFill
const&, bool)
(/home/rguenth/src/pooma-bk/r2/src/Engine/DynamicEngine.cpp:254)
==21613== by 0x804EF44: void Engine<1, int,
Dynamic>::destroy<Interval<1> >(Interval<1> const&)
(/home/rguenth/src/pooma-bk/r2/src/Layout/DynamicEvents.h:127)
==21613== by 0x804F11F:
Particles<MPDynamicUniform>::performDestroy(int, bool)
(/home/rguenth/src/pooma-bk/r2/src/Array/Array.h:2201)
==21613== by 0x8049E1A: main (bctest3.cpp:143)
==21613== Address 0x60F177E4 is not stack'd, malloc'd or free'd
==21613==
==21613== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
which is at src/Utilities/algorithms.h:233 - I remember looking at this
stuff and was not able to come to the conclusion that this part of
(arguably ugly) code is wrong. Oh - of course POOMA_NONSTANDARD_ITERATOR
is zero. The exact signature of the performDestroy is
void Engine<(int)1, int, Dynamic>::performDestroy<IntervalIterator>
(IntervalIterator const&, IntervalIterator const&, BackFill const&, bool)
we have inlined the delete_backfill method here (probably the key of the
failure, marking the delete_backfill __attribute__((noinline)) "fixes"
the failure).
Maybe we are wrongly re-using some stack slots here? Or is it possible
for (source) code to become invalid wrt references to temporaries after
inlining?
I'm confused.
Richard.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14863