(I've sent this first to gcc-patches accidently :(
> Kenny thought it would be nice, rather than pass the actual bb info to free
> to the freeing function, to instead pass some random bitmap.
>
>
> The attached fixes *that*, but this just causes a crash deeper in trying to
> free some chains.
>
> However, it looks like that is either caused by a double free, or because
> we never null out pointers to things after we free the memory for what they
> are pointing to.
>
Here is a reduced testcase failing with -O1:
__udivmodti4 ()
{
unsigned long d0, a;
for (a = 56; a > 0; a -= 8)
if ((d0 & 0xff) != 0)
break;
for (a = 57; a > 0; a -= 7)
if ((d0 & 0xff) != 0)
break;
}
With your patch:
Program received signal SIGSEGV, Segmentation fault.
0x0000000080188d16 in bitmap_obstack_free (map=0x808dea80) at
/build/gcc-4.2/gcc/bitmap.c:272
272 map->first = (void *)map->obstack->heads;
(gdb) bt
#0 0x0000000080188d16 in bitmap_obstack_free (map=0x808dea80) at
/build/gcc-4.2/gcc/bitmap.c:272
#1 0x00000000802319fc in df_rd_free (dflow=0x808c9eb0) at
/build/gcc-4.2/gcc/df-problems.c:1191
#2 0x000000008022a2b6 in df_finish1 (df=0x808d7db0) at
/build/gcc-4.2/gcc/df-core.c:406
#3 0x00000000802914be in iv_analysis_done () at
/build/gcc-4.2/gcc/loop-iv.c:1238
#4 0x00000000803d4a42 in estimate_probability (loops_info=0x3ffffcd9ce0)
at /build/gcc-4.2/gcc/predict.c:844
#5 0x00000000803e699c in rest_of_handle_branch_prob () at
/build/gcc-4.2/gcc/profile.c:1363
Without your patch:
Program received signal SIGSEGV, Segmentation fault.
0x0000000080188d16 in bitmap_obstack_free (map=0x808ca708) at
/build/gcc-4.2/gcc/bitmap.c:272
272 map->first = (void *)map->obstack->heads;
(gdb) bt
#0 0x0000000080188d16 in bitmap_obstack_free (map=0x808ca708) at
/build/gcc-4.2/gcc/bitmap.c:272
#1 0x00000000802307b0 in df_rd_free_bb_info (dflow=0x808c9eb0,
bb=0x2000001ad80, vbb_info=0x808ca660)
at /build/gcc-4.2/gcc/df-problems.c:853
#2 0x0000000080229cd6 in df_set_blocks (df=0x808d7db0, blocks=0x808ca5a0)
at /build/gcc-4.2/gcc/df-core.c:373
#3 0x000000008028e2ac in iv_analysis_loop_init (loop=0x808d7ca0) at
/build/gcc-4.2/gcc/loop-iv.c:267
#4 0x00000000803d3efa in predict_loops (loops_info=0x3ffff889ce0,
rtlsimpleloops=1 '\001')
at /build/gcc-4.2/gcc/predict.c:618
#5 0x00000000803d4a24 in estimate_probability (loops_info=0x3ffff889ce0)
at /build/gcc-4.2/gcc/predict.c:842
#6 0x00000000803e6984 in rest_of_handle_branch_prob () at
/build/gcc-4.2/gcc/profile.c:1363
Bye,
-Andreas-
> Index: df-core.c
> ===================================================================
> --- df-core.c (revision 110017)
> +++ df-core.c (working copy)
> @@ -292,6 +292,7 @@ are write-only operations.
> static struct df *ddf = NULL;
> struct df *shared_df = NULL;
>
> +static void * df_get_bb_info (struct dataflow *, unsigned int);
>
> /*----------------------------------------------------------------------------
> Functions to create, destroy and manipulate an instance of df.
>
> ----------------------------------------------------------------------------*/
> @@ -370,7 +371,7 @@ df_set_blocks (struct df *df, bitmap blo
> EXECUTE_IF_SET_IN_BITMAP (diff, 0, bb_index, bi)
> {
> basic_block bb = BASIC_BLOCK (bb_index);
> - (*dflow->problem->free_bb_fun) (dflow, bb, diff);
> + (*dflow->problem->free_bb_fun) (dflow, bb, df_get_bb_info
> (dflow, bb_index));
> }
> }
> }
