[Bug target/91767] [10 regression] After r274953, clang-compiled xgcc segfaults during RTL pass: stv
pinskia at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Fri Sep 20 02:17:00 GMT 2019
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91767
--- Comment #6 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Dimitry Andric from comment #5)
> Hmm, it appears that this diff "fixes" it:
>
> diff --git a/gcc/config/i386/i386-features.c
> b/gcc/config/i386/i386-features.c
> index 9505b4a1330..091a59f3cb9 100644
> --- a/gcc/config/i386/i386-features.c
> +++ b/gcc/config/i386/i386-features.c
> @@ -1166,7 +1166,11 @@ general_scalar_chain::convert_registers ()
> bitmap_iterator bi;
> unsigned id;
> EXECUTE_IF_SET_IN_BITMAP (defs_conv, 0, id, bi)
> - defs_map.put (regno_reg_rtx[id], gen_reg_rtx (smode));
> + {
> + rtx key = regno_reg_rtx[id];
> + rtx val = gen_reg_rtx (smode);
> + defs_map.put (key, val);
> + }
> EXECUTE_IF_SET_IN_BITMAP (insns_conv, 0, id, bi)
> for (df_ref ref = DF_INSN_UID_DEFS (id); ref; ref = DF_REF_NEXT_LOC
> (ref))
> if (bitmap_bit_p (defs_conv, DF_REF_REGNO (ref)))
>
> but obviously that can't be right, unless gen_reg_rtx() is doing something
> horrible to regno_reg_rtx[]. I only see it adding another element at the
> end, though.
>
> I think this might indeed be some clang code generation bug, as the assembly
> looks a little different with the above patch applied.
>
> Digging further...
Ok, just a quick note, it can make a different if defs_map.put takes a constant
reference for its arguments. As gen_reg_rtx can free the old regno_reg_rtx.
Basically the old code is equivalant to:
+ {
+ const rtx &key = regno_reg_rtx[id];
+ const rtx &val = gen_reg_rtx (smode);
+ defs_map.put (key, val);
+ }
so taking the reference of a pointer which can be free is a big no-no.
More information about the Gcc-bugs
mailing list