[Bug other/58712] [4.9 Regression] issues found by --enable-checking=valgrind

markus at trippelsdorf dot de gcc-bugzilla@gcc.gnu.org
Tue Oct 15 07:15:00 GMT 2013 

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58712

--- Comment #4 from Markus Trippelsdorf <markus at trippelsdorf dot de> ---
Adding --track-origins=yes to the valgrind invocation in gcc/gcc.c shows:

1)
==27870== Conditional jump or move depends on uninitialised value(s)
==27870==    at 0x557CDC: cgraph_create_edge_1(cgraph_node*, cgraph_node*,
gimple_statement_d*, long, int) (cgraph.c:695)
==27870==    by 0x55882E: cgraph_create_edge(cgraph_node*, cgraph_node*,
gimple_statement_d*, long, int) (cgraph.c:890)
==27870==    by 0x560891: cgraph_clone_edge(cgraph_edge*, cgraph_node*,
gimple_statement_d*, unsigned int, long, int, bool) (cgraphclones.c:135)
==27870==    by 0x7F1F14: copy_body(copy_body_data*, long, int,
basic_block_def*, basic_block_def*, basic_block_def*) (tree-inline.c:1741)
==27870==    by 0x7F507F: optimize_inline_calls(tree_node*)
(tree-inline.c:4258)
==27870==    by 0xB8B523: inline_transform(cgraph_node*)
(ipa-inline-transform.c:436)
==27870==    by 0x718C47: execute_all_ipa_transforms() (passes.c:2046)
==27870==    by 0x55EA6C: expand_function(cgraph_node*) (cgraphunit.c:1743)
==27870==    by 0x560296: compile() (cgraphunit.c:1855)
==27870==    by 0x505C6C: lto_main() (lto.c:3235)
==27870==    by 0x7B2545: compile_file() (toplev.c:546)
==27870==    by 0x7B40C9: toplev_main(int, char**) (toplev.c:1893)
==27870==  Uninitialised value was created by a client request
==27870==    at 0x50BBEE: ggc_internal_alloc_stat(unsigned long)
(ggc-page.c:1339)
==27870==    by 0x557D92: cgraph_create_edge_1(cgraph_node*, cgraph_node*,
gimple_statement_d*, long, int) (cgraph.c:842)
==27870==    by 0x55882E: cgraph_create_edge(cgraph_node*, cgraph_node*,
gimple_statement_d*, long, int) (cgraph.c:890)
==27870==    by 0x560891: cgraph_clone_edge(cgraph_edge*, cgraph_node*,
gimple_statement_d*, unsigned int, long, int, bool) (cgraphclones.c:135)
==27870==    by 0x7F1F14: copy_body(copy_body_data*, long, int,
basic_block_def*, basic_block_def*, basic_block_def*) (tree-inline.c:1741)
==27870==    by 0x7F507F: optimize_inline_calls(tree_node*)
(tree-inline.c:4258)
==27870==    by 0xB8B523: inline_transform(cgraph_node*)
(ipa-inline-transform.c:436)
==27870==    by 0x718C47: execute_all_ipa_transforms() (passes.c:2046)
==27870==    by 0x55EA6C: expand_function(cgraph_node*) (cgraphunit.c:1743)
==27870==    by 0x560296: compile() (cgraphunit.c:1855)
==27870==    by 0x505C6C: lto_main() (lto.c:3235)
==27870==    by 0x7B2545: compile_file() (toplev.c:546)

Seems to be fixable by initializing edge->indirect_unknown_callee earlier:

diff --git a/gcc/cgraph.c b/gcc/cgraph.c
index 124ee0adf855..c5c4e13ba145 100644
--- a/gcc/cgraph.c
+++ b/gcc/cgraph.c
@@ -874,6 +874,7 @@ cgraph_create_edge_1 (struct cgraph_node *caller, struct
cgraph_node *callee,
   edge->indirect_info = NULL;
   edge->indirect_inlining_edge = 0;
   edge->speculative = false;
+  edge->indirect_unknown_callee = 0;
   if (call_stmt && caller->call_site_hash)
     cgraph_add_edge_to_call_site_hash (edge);

@@ -889,7 +890,6 @@ cgraph_create_edge (struct cgraph_node *caller, struct
cgraph_node *callee,
   struct cgraph_edge *edge = cgraph_create_edge_1 (caller, callee, call_stmt,
                                                   count, freq);

-  edge->indirect_unknown_callee = 0;
   initialize_inline_failed (edge);

   edge->next_caller = callee->callers;


2)

==27501== Use of uninitialised value of size 8
==27501==    at 0x7220B5: pointer_set_lookup(pointer_set_t const*, void const*,
unsigned long*) (pointer-set.c:90)
==27501==    by 0x722134: pointer_set_insert(pointer_set_t*, void const*)
(pointer-set.c:147)
==27501==    by 0x6DF580: compute_ltrans_boundary(lto_symtab_encoder_d*)
(lto-cgraph.c:854)
==27501==    by 0x50A739: lto_promote_cross_file_statics()
(lto-partition.c:925)
==27501==    by 0x50557C: lto_main() (lto.c:2400)
==27501==    by 0x7B2545: compile_file() (toplev.c:546)
==27501==    by 0x7B40C9: toplev_main(int, char**) (toplev.c:1893)
==27501==    by 0x4ED5A6D: (below main) (in /lib64/libc-2.18.90.so)
==27501==  Uninitialised value was created by a stack allocation
==27501==    at 0x6DF180: compute_ltrans_boundary(lto_symtab_encoder_d*)
(lto-cgraph.c:764)
==27501== 
==27501== Conditional jump or move depends on uninitialised value(s)
==27501==    at 0x7220BC: pointer_set_lookup(pointer_set_t const*, void const*,
unsigned long*) (pointer-set.c:90)
==27501==    by 0x722134: pointer_set_insert(pointer_set_t*, void const*)
(pointer-set.c:147)
==27501==    by 0x6DF580: compute_ltrans_boundary(lto_symtab_encoder_d*)
(lto-cgraph.c:854)
==27501==    by 0x50A739: lto_promote_cross_file_statics()
(lto-partition.c:925)
==27501==    by 0x50557C: lto_main() (lto.c:2400)
==27501==    by 0x7B2545: compile_file() (toplev.c:546)
==27501==    by 0x7B40C9: toplev_main(int, char**) (toplev.c:1893)
==27501==    by 0x4ED5A6D: (below main) (in /lib64/libc-2.18.90.so)
==27501==  Uninitialised value was created by a stack allocation
==27501==    at 0x6DF180: compute_ltrans_boundary(lto_symtab_encoder_d*)
(lto-cgraph.c:764)

>From gcc/cgraphunit.c:
   838 {
   839   unsigned int i;
   840   void *cache_token;
   841   bool final;
   842   vec <cgraph_node *>targets
   843     = possible_polymorphic_call_targets
   844         (edge, &final, &cache_token);
   845
   846   if (!pointer_set_insert (reachable_call_targets,
   847                            cache_token))

This idiom also appears in gcc/ipa.c and gcc/lto-cgraph.c.

More information about the Gcc-bugs mailing list