Hi,
Could a gatekeeper please help review the fix for bug954(
http://bugs.open64.net/show_bug.cgi?id=954)?
Bug954 is a segmentation fault in wgen. This error only happens in m32, not
in m64.
This case is a constructor of a derived class calling the constructor of
its superclass to create object, and when expanding this call expression,
the function WGEN_Expand_Expr may append the generated call wn to whirl
tree and then return a null wn. And this segmentation happens when set
rtype to such a null-wn.
1. The cutdown test case:
class CaretBoxLine;
class CaretBoxIterator {
public:
CaretBoxLine *cbl;
CaretBoxLine *operator *() const { return cbl; }
};
class CaretBoxLine {
public:
CaretBoxIterator end() { }
};
class EditableCaretBoxIterator : public CaretBoxIterator {
public:
EditableCaretBoxIterator(CaretBoxIterator &lit, bool fromEnd) :
CaretBoxIterator(fromEnd ? (*lit)->end() : (*lit)->end()){}
};
void foo(CaretBoxIterator &it)
{
EditableCaretBoxIterator fbit(it,1);
With debug compiler:
openCC -m32 -O0 -c test.cpp
Signal: Segmentation fault in Writing WHIRL file phase.
Error: Signal Segmentation fault in phase Writing WHIRL file – processing
aborted
*** Internal stack backtrace:
/fc/proj/ctires/open64/o64guru/OPEN64_X86_OPT/Thu/bits/lib/gcc-lib/x86_64-open64-linux/5.0/wgen42()[0x8141286]
/fc/proj/ctires/open64/o64guru/OPEN64_X86_OPT/Thu/bits/lib/gcc-lib/x86_64-open64-linux/5.0/wgen42()[0x81422fb]
openCC INTERNAL ERROR:
/fc/proj/ctires/open64/o64guru/OPEN64_X86_OPT/Thu/bits/lib/gcc-lib/x86_64-open64-linux/5.0/wgen42
died due to signal 4
2. Gspin tree dump
GS_TARGET_EXPR
GS_COMPONENT_REF
GS_COND_EXPR
<operand 0>
GS_TARGET_EXPR
GS_COMPONENT_REF
GS_CALL_EXPR
GS_ADDR_EXPR
GS_TREE_LIST
GS_TARGET_EXP
GS_COMPONENT_REF
GS_CALL_EXPR
GS_ADDR_EXPR
GS_TREE_LIST
gspin tree of a simpler case(remove the condition expression “fromEnd ?”
in line13) is below:
GS_TARGET_EXPR
GS_COMPONENT_REF
GS_CALL_EXPR
GS_ADDR_EXPR
GS_TREE_LIST
GS_ADDR_EXPR
GS_TREE_LIST
3. Analysis
In this case,the return WN of WGEN_Expand_Expr is a NULL-WN, so it got a
segmentation fault when we set rtype for the null wn.
>>In Wgen_expr.cxx:6511 ( t is a GS_CALL_EXPR, which is a call of
constructor “CaretBoxIterator” )
WN *target_wn = WGEN_Address_Of(opnd0);
WN *result_wn = WGEN_Expand_Expr (t, TRUE /* for
return_in_mem*/,
=> 0, 0, 0, 0, FALSE, FALSE,
target_wn);
wn = result_wn;
WN_set_rtype(wn, MTYPE_V);
break;
But for this case, if we remove the condition expression “fromEnd ?” in
line13, the issues could not reproduce. In this simpler case, the RETURN
*result_wn is also NULL, and the two cases have the same GS_CALL_EXPR, and
then it is expanded to the same call_wn, and return a null-wn in function
WGEN_Expand_Expr when expand this expression.
>>In Wgen_expr.cxx:6541
WN *target_wn = WN_Lda (Pointer_Mtype, 0, st, 0);
WN *result_wn = WGEN_Expand_Expr (t, TRUE, 0, 0, 0, 0,
FALSE,
=> FALSE, target_wn);
if (result_wn) {
if (WN_operator(result_wn) == OPR_ILOAD ||
WN_operator(result_wn) == OPR_LDID) {
WGEN_Stmt_Append(WN_Stid (mtype, ST_ofst(st), st, ty,
result_wn), Get_Srcpos());
} else if (WN_operator(result_wn) == OPR_CSELECT) {
WN *wn = WN_CreateEval(result_wn);
WGEN_Stmt_Append(wn, Get_Srcpos());
}
}
4. Patch
Index: osprey/wgen/wgen_expr.cxx
===================================================================
--- osprey/wgen/wgen_expr.cxx (revision 3895)
+++ osprey/wgen/wgen_expr.cxx (working copy)
@@ -6508,8 +6508,10 @@
WN *target_wn = WGEN_Address_Of(opnd0);
WN *result_wn = WGEN_Expand_Expr (t, TRUE /* for
return_in_mem*/,
0, 0, 0, 0, FALSE, FALSE,
target_wn);
+ if (result_wn != NULL) {
wn = result_wn;
WN_set_rtype(wn, MTYPE_V);
+ }
break;
}
}
5. Explanation
In m32, the gs_aggregate_value_p(GS_RECORD_TYPE) is true, so the TY of
CaretBoxIterator is set to return_in_mem, and in wgen_expr.cxx, the
function WGEN_Expand_Expr will go to append the call_wn and then return a
null wn, but in m64, the gs_aggregate_value_p(GS_RECORD_TYPE) is not true,
the function WGEN_Expand_Expr will do some extra process, and then get a wn
later, so m64 didn’t have this segmentation fault.
------
Regards
Zhang Xiao-Jing
------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Open64-devel mailing list
Open64-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/open64-devel
