From patchwork Thu May 10 13:10:38 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Missing guard in ira-color.c ?
From: Tristan Gingold <gingold@adacore.com>
X-Patchwork-Id: 158283
Message-Id: <73132AAC-F8D8-4807-9703-3731332D7A93@adacore.com>
To: GCC Patches <gcc-patches@gcc.gnu.org>
Cc: vmakarov@redhat.com
Date: Thu, 10 May 2012 15:10:38 +0200

Hi,

I am getting a segfault in ira-color.c:2945 on the trunk:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000a79f37 in move_spill_restore () at ../../src/gcc/ira-color.c:2945
2945		      || ira_reg_equiv_const[regno] != NULL_RTX
(gdb) l
2940		      /* don't do the optimization because it can create
2941			 copies and the reload pass can spill the allocno set
2942			 by copy although the allocno will not get memory
2943			 slot.  */
2944		      || ira_reg_equiv_invariant_p[regno]
2945		      || ira_reg_equiv_const[regno] != NULL_RTX
2946		      || !bitmap_bit_p (loop_node->border_allocnos, ALLOCNO_NUM (a)))
2947		    continue;
2948		  mode = ALLOCNO_MODE (a);
2949		  rclass = ALLOCNO_CLASS (a);

while building gcc (gnatcmd.adb file) for ia64-vms using a cross compiler (target=ia64-vms, host=x86_64-linux).

The reason looks to be an out of bounds access:

(gdb) print regno
$10 = 18476
(gdb) print ira_reg_equiv_len 
$11 = 17984

(I suppose this setup is not easy at all to reproduce, but I can provide any files, if necessary).

Wild guess, as I don't know IRA at all:  looks like in this file most accesses to ira_reg_equiv_* are guarded.  Is it expected that they aren't at this point ?

[I am currently trying with the following chunk:

]

Thanks for any comment,
Tristan.


--- a/gcc/ira-color.c
+++ b/gcc/ira-color.c
@@ -2941,8 +2941,9 @@ move_spill_restore (void)
                 copies and the reload pass can spill the allocno set
                 by copy although the allocno will not get memory
                 slot.  */
-             || ira_reg_equiv_invariant_p[regno]
-             || ira_reg_equiv_const[regno] != NULL_RTX
+             || (regno < ira_reg_equiv_len
+                 && (ira_reg_equiv_invariant_p[regno]
+                     || ira_reg_equiv_const[regno] != NULL_RTX))
              || !bitmap_bit_p (loop_node->border_allocnos, ALLOCNO_NUM (a)))
            continue;
          mode = ALLOCNO_MODE (a);