https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110313
--- Comment #6 from Tobias Burnus <burnus at gcc dot gnu.org> ---
Some more debugging: We have:
(gdb) p debug_rtx(curr_id->insn)
(insn 106 3450 3080 4 (parallel [
(set (reg/f:DI 1433)
(plus:DI (reg/f:DI 16 s16 [3483])
(const_int -48 [0xffffffffffffffd0])))
(clobber (reg:BI 1852))
(clobber (reg:DI 1853))
]) "libgomp/testsuite/libgomp.c/../libgomp.c-c++-common/for-2.h":530:9
29 {adddi3}
(expr_list:REG_UNUSED (reg:DI 1853)
(expr_list:REG_UNUSED (reg:BI 1852)
(nil))))
With:
debug_rtx(*curr_id->operand_loc[0]) → (reg/f:DI 1433)
debug_rtx(*curr_id->operand_loc[1]) → (reg/f:DI 16 s16 [3483])
where 3483 == ORIGINAL_REGNO (op) == ORIGINAL_REGNO(operand_reg[nop])
and lra_reg_info[3483] → Cannot access memory at address 0x43ad8a0
* * *
This seems to be gcn.md's:
(define_expand "adddi3_scc"
[(parallel [(set (match_operand:DI 0 "register_operand")
(plus:DI (match_operand:DI 1 "register_operand")
(match_operand:DI 2 "nonmemory_operand")))
(clobber (reg:BI SCC_REG))
(clobber (scratch:DI))])]
""
{})
* * *
The ORIGINAL_REGNO with value 3483 is created via
#0 init_raw_REG (x=x@entry=0x7ffff7829618, mode=mode@entry=E_DImode,
regno=regno@entry=3483)
at emit-rtl.cc:477
#1 0x0000000000bca0e0 in gen_raw_REG (mode=mode@entry=E_DImode, regno=3483)
at emit-rtl.cc:489
#2 0x0000000000bca97f in gen_reg_rtx (mode=mode@entry=E_DImode) at
emit-rtl.cc:1213
#3 0x000000000104039a in lra_create_new_reg_with_unique_value
(md_mode=md_mode@entry=E_DImode, original=original@entry=0x0,
rclass=rclass@entry=VGPR_REGS,
exclude_start_hard_regs=exclude_start_hard_regs@entry=0x0,
title=title@entry=0x2de1511 "base + disp")
at lra.cc:192
#4 0x0000000001040807 in lra_create_new_reg (md_mode=E_DImode,
original=original@entry=0x0, rclass=rclass@entry=VGPR_REGS,
exclude_start_hard_regs=exclude_start_hard_regs@entry=0x0,
title=title@entry=0x2de1511 "base + disp")
at lra.cc:233
#5 0x0000000001054d84 in base_plus_disp_to_reg (ad=ad@entry=0x7fffffffd1f0,
disp=0x7ffff78a0240)
at lra-constraints.cc:3335
#6 0x0000000001063484 in process_address_1 (nop=nop@entry=1,
check_only_p=check_only_p@entry=false, before=before@entry=0x7fffffffd498,
after=after@entry=0x7fffffffd490)
at lra-constraints.cc:3781
#7 0x0000000001063de5 in process_address (nop=nop@entry=1,
check_only_p=check_only_p@entry=false, before=before@entry=0x7fffffffd498,
after=after@entry=0x7fffffffd490)
at lra-constraints.cc:3869
#8 0x0000000001068fb9 in curr_insn_transform
(check_only_p=check_only_p@entry=false)
at lra-constraints.cc:4177
#9 0x000000000106d61c in lra_constraints (first_p=<optimized out>)
at lra-constraints.cc:5397
#10 0x00000000010470e7 in lra (f=0x0) at lra.cc:2396
#11 0x0000000000fc1efb in do_reload () at ira.cc:5967
* * *
lra_reg_info is first allocated in init_reg_info to:
lra_reg_info = XNEWVEC (class lra_reg, reg_info_size);
and later possibly extended via expand_reg_info:
lra_reg_info = XRESIZEVEC (class lra_reg, lra_reg_info, reg_info_size);
At the time of the backtrace above (call to init_raw_REG), we have:
reg_info_size == 3659 which is > 3483
and it is possible to print lra_reg_info[3483].
* * *
However, the init_raw_REG is called many times with regno = 3483.
In the failing case (segfault), lra_reg_info is still 3659 but accessing
lra_reg_info[3483] fails.
Additionally lra_reg_info[0] shows: 'insn_bitmap = {static crashme' indicating
that memory has been released.
