[Bug debug/41307] Valgrind failures / illegal reads with VTA turned on.

Tue, 08 Sep 2009 07:28:06 -0700 


------- Comment #2 from jakub at gcc dot gnu dot org  2009-09-08 14:27 -------
The problem is that a VALUE leaks into NOTE_VAR_INSN_LOCATION argument, which
is obviously wrong, because all VALUEs are freed at the end of vartrack pass.

The problem is that vartrack relies on all VALUEs being replaced when using the
vt_expand_loc_callback callback.  But unfortunately cselib doesn't always
guarantee that.  In particular this:

        rtx subreg = cselib_expand_value_rtx_1 (SUBREG_REG (orig), evd,
                                                max_depth - 1);
        if (!subreg)  
          return NULL;
        scopy = simplify_gen_subreg (GET_MODE (orig), subreg,
                                     GET_MODE (SUBREG_REG (orig)),
                                     SUBREG_BYTE (orig));
        if (scopy == NULL
            || (GET_CODE (scopy) == SUBREG
                && !REG_P (SUBREG_REG (scopy))
                && !MEM_P (SUBREG_REG (scopy))
                && (REG_P (SUBREG_REG (orig))
                    || MEM_P (SUBREG_REG (orig)))))
          return shallow_copy_rtx (orig);
        return scopy;

subreg has correctly replaced SUBREG_REG (VALUE) with a DImode reg, for which
unfortunately SImode SUBREG isn't considered valid on the target.  So
simplify_gen_subreg returns NULL and then it returns just a copy of orig, i.e.
(subreg:SI (value:DI ...)).

The following patch should cure it:
--- gcc/cselib.c        2009-09-03 09:59:40.000000000 +0200
+++ gcc/cselib.c        2009-09-08 16:25:05.694497501 +0200
@@ -1171,7 +1171,7 @@ cselib_expand_value_rtx_1 (rtx orig, str
                && !MEM_P (SUBREG_REG (scopy))
                && (REG_P (SUBREG_REG (orig))
                    || MEM_P (SUBREG_REG (orig)))))
-         return shallow_copy_rtx (orig);
+         return NULL;
        return scopy;
       }

we could do that just for the evd->callback != NULL case, but thinking about
it, shallow_copy_rtx (orig) is wrong even for the other callers, as we want to
avoid invalid RTL sharing, but if we copy orig (but not recursively its
argument), it might be still shared.


-- 

jakub at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|[4.5 Regression] Valgrind   |Valgrind failures / illegal
                   |failures / illegal reads    |reads with VTA turned on.
                   |with VTA turned on.         |
   Target Milestone|4.5.0                       |---
            Version|4.5.0                       |unknown


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41307

Reply via email to