[Bug rtl-optimization/104985] [12 Regression] ICE: SIGSEGV in undo_to_marker / adjust_reg_mode with -Os -frounding-math since r12-4767-g81342e95827f77

marxin at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Thu Mar 24 10:10:43 GMT 2022 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104985

--- Comment #7 from Martin Liška <marxin at gcc dot gnu.org> ---
With the following debugging patch:

diff --git a/gcc/combine.cc b/gcc/combine.cc
index 8f06ee0e54f..150cc6fae1b 100644
--- a/gcc/combine.cc
+++ b/gcc/combine.cc
@@ -4755,6 +4755,7 @@ undo_to_marker (void *marker)
          *undo->where.i = undo->old_contents.i;
          break;
        case UNDO_MODE:
+         fprintf (stderr, "undo called: %p\n", undo->where.r);
          adjust_reg_mode (*undo->where.r, undo->old_contents.m);
          break;
        case UNDO_LINKS:
diff --git a/gcc/emit-rtl.cc b/gcc/emit-rtl.cc
index f4404d7abe3..f98e5eb46f7 100644
--- a/gcc/emit-rtl.cc
+++ b/gcc/emit-rtl.cc
@@ -1226,6 +1226,8 @@ emit_status::ensure_regno_capacity ()
   regno_pointer_align = (unsigned char *) tmp;

   rtx *new1 = GGC_RESIZEVEC (rtx, regno_reg_rtx, new_size);
+  fprintf (stderr, "emit_status::ensure_regno_capacity: %p-%p\n", new1, new1
+          + (new_size * sizeof(rtx)));
   memset (new1 + old_size, 0, (new_size - old_size) * sizeof (rtx));
   regno_reg_rtx = new1;


emit_status::ensure_regno_capacity: 0x7ffff75fc000-0x7ffff7605300
emit_status::ensure_regno_capacity: 0x7ffff75f8000-0x7ffff760a600
undo called: 0x7ffff75f87e8
undo called: 0x7ffff75f87e8
...
emit_status::ensure_regno_capacity: 0x7ffff75ea000-0x7ffff760ec00
undo called: 0x7ffff75f8c48

As seen the last *undo->where.r access a memory that is GGC freed and that was
previously allocated by emit_status::ensure_regno_capacity.

The last emit_status::ensure_regno_capacity that reallocates is called here:

#0  emit_status::ensure_regno_capacity (this=0x3082010 <x_rtl+48>) at
/home/marxin/Programming/gcc/gcc/emit-rtl.cc:1229
#1  0x0000000000e2fa3f in gen_reg_rtx (mode=E_DImode) at
/home/marxin/Programming/gcc/gcc/emit-rtl.cc:1201
#2  0x00000000012f088d in maybe_legitimize_operand (icode=CODE_FOR_ashldi3,
opno=0, op=0x7fffffff9f90) at /home/marxin/Programming/gcc/gcc/optabs.cc:7791
#3  0x00000000012f126d in maybe_legitimize_operands (icode=CODE_FOR_ashldi3,
opno=0, nops=3, ops=0x7fffffff9f90) at
/home/marxin/Programming/gcc/gcc/optabs.cc:7935
#4  0x00000000012f1326 in maybe_gen_insn (icode=CODE_FOR_ashldi3, nops=3,
ops=0x7fffffff9f90) at /home/marxin/Programming/gcc/gcc/optabs.cc:7954
#5  0x00000000012dadde in expand_binop_directly (icode=CODE_FOR_ashldi3,
mode=E_DImode, binoptab=ashl_optab, op0=0x7ffff72cb420, op1=0x7ffff760f5c0,
target=0x0, unsignedp=1, methods=OPTAB_LIB_WIDEN, last=0x7ffff72c78c0) at
/home/marxin/Programming/gcc/gcc/optabs.cc:1442
#6  0x00000000012db335 in expand_binop (mode=E_DImode, binoptab=ashl_optab,
op0=0x7ffff72cb420, op1=0x7ffff760f5c0, target=0x0, unsignedp=1,
methods=OPTAB_LIB_WIDEN) at /home/marxin/Programming/gcc/gcc/optabs.cc:1529
#7  0x00000000012da55c in expand_simple_binop (mode=E_DImode, code=ASHIFT,
op0=0x7ffff72cb420, op1=0x7ffff760f5c0, target=0x0, unsignedp=1,
methods=OPTAB_LIB_WIDEN) at /home/marxin/Programming/gcc/gcc/optabs.cc:1261
#8  0x0000000000eba222 in force_operand (value=0x7ffff72cb450, target=0x0) at
/home/marxin/Programming/gcc/gcc/expr.cc:7957
#9  0x0000000000e68948 in force_reg (mode=E_DImode, x=0x7ffff72cb450) at
/home/marxin/Programming/gcc/gcc/explow.cc:682
#10 0x0000000001ac255f in mips_move_integer (temp=0x7ffff7769bd0,
dest=0x7ffff7769c60, value=4294167595) at
/home/marxin/Programming/gcc/gcc/config/mips/mips.cc:3662
#11 0x0000000002172535 in gen_split_51 (curr_insn=0x7ffff7768840,
operands=0x3168f20 <recog_data>) at
/home/marxin/Programming/gcc/gcc/config/mips/mips.md:4699
#12 0x000000000231ce2f in split_6 (x1=0x7ffff72c9760, insn=0x7ffff7768840) at
/home/marxin/Programming/gcc/gcc/config/mips/mips.md:796
#13 0x000000000232072d in split_7 (x1=0x7ffff72c9760, insn=0x7ffff7768840) at
/home/marxin/Programming/gcc/gcc/config/mips/mips.md:7077
#14 0x00000000023220a6 in split_insns (x1=0x7ffff72c9760, insn=0x7ffff7768840)
at /home/marxin/Programming/gcc/gcc/config/mips/mips.md:7060
#15 0x00000000023608c9 in combine_split_insns (pattern=0x7ffff72c9760,
insn=0x7ffff7768840) at /home/marxin/Programming/gcc/gcc/combine.cc:530
#16 0x0000000002373b1d in try_combine (i3=0x7ffff7768840, i2=0x7ffff7768800,
i1=0x7ffff77687c0, i0=0x0, new_direct_jump_p=0x7fffffffd5f8,
last_combined_insn=0x7ffff7768840) at
/home/marxin/Programming/gcc/gcc/combine.cc:3588

and the crashing undo with:

#0  0x0000000000e2ff70 in adjust_reg_mode (reg=0xa5a5a5a5a5a5a5a5,
mode=E_SImode) at /home/marxin/Programming/gcc/gcc/emit-rtl.cc:1296
#1  0x00000000023814f1 in undo_to_marker (marker=0x0) at
/home/marxin/Programming/gcc/gcc/combine.cc:4759
#2  0x0000000002381571 in undo_all () at
/home/marxin/Programming/gcc/gcc/combine.cc:4780
#3  0x000000000237c2e4 in try_combine (i3=0x7ffff7768840, i2=0x7ffff7768800,
i1=0x7ffff77687c0, i0=0x0, new_direct_jump_p=0x7fffffffd5f8,
last_combined_insn=0x7ffff7768840) at
/home/marxin/Programming/gcc/gcc/combine.cc:4050

More information about the Gcc-bugs mailing list