On Tue, 9 Aug 2005, Linus Torvalds wrote:
>
> Thanks. I'll see if I get around to looking closer later too.
Ok, found it.
It's a really silly one. What happens is:
- clean_up_insns() loops over ep->bbs, and over bb->insns and calls
clean_up_one_instruction()
- clean_up_one_instruction() will call "simplify_instruction()"
- simplify_instruction() calls "simplify_switch()" for a switch
instruction, which will replace the switch with a branch.
- However, the way it replaces the OP_SWITCH with an OP_BR is to remove
the OP_SWITCH and insert a OP_BR, and if the OP_SWITCH happens to be
the only instruction in a particular ptr-list block, the removal will
unallocate the old block (and then inserting OP_BR will allocate a new
one).
- this instruction block happens to be the one we're iterating over in
clean_up_insns(), and we keep a pointer to it, so when we return all
the way up, the block will have been free'd.
I'll have to rewrite "insert_branch()" to not delete the instruction, but
just replace it in place or something. Give me ten minutes.
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-sparse" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
