[Bug middle-end/55279] New: New pseudo registers aren't supported in CSE

hjl.tools at gmail dot com gcc-bugzilla@gcc.gnu.org
Mon Nov 12 03:47:00 GMT 2012 

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55279

             Bug #: 55279
           Summary: New pseudo registers aren't supported in CSE
    Classification: Unclassified
           Product: gcc
           Version: 4.8.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: hjl.tools@gmail.com


Since CSE allocates register table in init_cse_reg_info,
if a pseudo register is created to convert memory address,
we get

==23925== 
==23925== Debugger has detached.  Valgrind regains control.  We continue.
==23925== Invalid write of size 4
==23925==    at 0xF813E1: get_cse_reg_info_1(unsigned int) (cse.c:826)
==23925==    by 0xF81473: get_cse_reg_info(unsigned int) (cse.c:841)
==23925==    by 0xF84792: hash_rtx_cb(rtx_def const*, machine_mode, int*, int*,
bool, int (*)(rtx_def const*, machine_mode, rtx_def**, machine_mode*))
(cse.c:2312)
==23925==    by 0xF85097: hash_rtx(rtx_def const*, machine_mode, int*, int*,
bool) (cse.c:2560)
==23925==    by 0xF850C7: canon_hash(rtx_def*, machine_mode) (cse.c:2571)
==23925==    by 0xF899F7: cse_insn(rtx_def*) (cse.c:4703)
==23925==    by 0xF8EA8A: cse_extended_basic_block(cse_basic_block_data*)
(cse.c:6408)
==23925==    by 0xF8F024: cse_main(rtx_def*, int) (cse.c:6585)
==23925==    by 0xF90D40: rest_of_handle_cse() (cse.c:7435)
==23925==    by 0x936857: execute_one_pass(opt_pass*) (passes.c:2337)
==23925==    by 0x936ACE: execute_pass_list(opt_pass*) (passes.c:2398)
==23925==    by 0x936AFF: execute_pass_list(opt_pass*) (passes.c:2399)
==23925==  Address 0xb7611fc is 12 bytes after a block of size 2,560 alloc'd
==23925==    at 0x4A0881C: malloc (vg_replace_malloc.c:270)
==23925==    by 0x10E4F74: xmalloc (xmalloc.c:147)
==23925==    by 0xF812FF: init_cse_reg_info(unsigned int) (cse.c:793)
==23925==    by 0xF8EE57: cse_main(rtx_def*, int) (cse.c:6528)
==23925==    by 0xF90D40: rest_of_handle_cse() (cse.c:7435)
==23925==    by 0x936857: execute_one_pass(opt_pass*) (passes.c:2337)
==23925==    by 0x936ACE: execute_pass_list(opt_pass*) (passes.c:2398)
==23925==    by 0x936AFF: execute_pass_list(opt_pass*) (passes.c:2399)
==23925==    by 0x666D1D: expand_function(cgraph_node*) (cgraphunit.c:1643)
==23925==    by 0x6671D8: expand_all_functions() (cgraphunit.c:1747)
==23925==    by 0x667C62: compile() (cgraphunit.c:2045)
==23925==    by 0x667DE1: finalize_compilation_unit() (cgraphunit.c:2122)
==23925== 

get_cse_reg_info_1 doesn't check if regno < cse_reg_info_table_size.

More information about the Gcc-bugs mailing list