This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[PATCH, PR81192] Fix sigsegv in find_same_succ_bb
- From: Tom de Vries <Tom_deVries at mentor dot com>
- To: Richard Biener <rguenther at suse dot de>
- Cc: GCC Patches <gcc-patches at gcc dot gnu dot org>
- Date: Mon, 3 Jul 2017 00:26:32 +0200
- Subject: [PATCH, PR81192] Fix sigsegv in find_same_succ_bb
- Authentication-results: sourceware.org; auth=none
[ Trying again with before.svg instead of before.pdf ]
Hi,
consider this test-case:
...
unsigned a;
int b, c;
static int
fn1 (int p1, int p2)
{
return p1 > 2147483647 - p2 ? p1 : p1 + p2;
}
void
fn2 (void)
{
int j;
a = 30;
for (; a;)
for (; c; b = fn1 (j, 1))
;
}
...
When compiling the test-case with -Os, just before tail-merge it looks
as in before.svg.
During tail-merge, it runs into a sigsegv.
What happens is the following:
- tail-merge decides to merge blocks 4 and 6, and removes block 6.
- bb8, a predecessor of block 6, is marked as member of
deleted_bb_preds.
- during update_worklist, same_succ_flush_bb is called for bb8
- same_succ_flush_bb runs into a sigsegv because
BB_SAME_SUCC (bb8) == NULL
- the reason that BB_SAME_SUCC (bb8) == NULL, is because it hit the
bb->loop_father->latch == bb clause in find_same_succ_bb at the start
of the tail-merge pass.
This patch fixes the sigsegv by doing an early-out in same_succ_flush_bb
if BB_SAME_SUCC () == NULL.
Bootstrapped and reg-tested on x86_64.
OK for trunk and gcc-[567]-branch?
Thanks,
- Tom
Fix sigsegv in find_same_succ_bb
2017-06-30 Tom de Vries <tom@codesourcery.com>
PR tree-optimization/81192
* tree-ssa-tail-merge.c (same_succ_flush_bb): Handle
BB_SAME_SUCC (bb) == NULL.
* gcc.dg/pr81192.c: New test.
---
gcc/testsuite/gcc.dg/pr81192.c | 22 ++++++++++++++++++++++
gcc/tree-ssa-tail-merge.c | 3 +++
2 files changed, 25 insertions(+)
diff --git a/gcc/testsuite/gcc.dg/pr81192.c b/gcc/testsuite/gcc.dg/pr81192.c
new file mode 100644
index 0000000..57eb478
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/pr81192.c
@@ -0,0 +1,22 @@
+/* { dg-options "-Os -fdump-tree-pre-details" } */
+
+unsigned a;
+int b, c;
+
+static int
+fn1 (int p1, int p2)
+{
+ return p1 > 2147483647 - p2 ? p1 : p1 + p2;
+}
+
+void
+fn2 (void)
+{
+ int j;
+ a = 30;
+ for (; a;)
+ for (; c; b = fn1 (j, 1))
+ ;
+}
+
+/* { dg-final { scan-tree-dump-times "(?n)find_duplicates: <bb .*> duplicate of <bb .*>" 1 "pre" } } */
diff --git a/gcc/tree-ssa-tail-merge.c b/gcc/tree-ssa-tail-merge.c
index f6c9878..bb8a308 100644
--- a/gcc/tree-ssa-tail-merge.c
+++ b/gcc/tree-ssa-tail-merge.c
@@ -809,6 +809,9 @@ static void
same_succ_flush_bb (basic_block bb)
{
same_succ *same = BB_SAME_SUCC (bb);
+ if (! same)
+ return;
+
BB_SAME_SUCC (bb) = NULL;
if (bitmap_single_bit_set_p (same->bbs))
same_succ_htab->remove_elt_with_hash (same, same->hashval);