-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/23/11 08:25, Jeff Law wrote:
> On 03/21/11 11:50, Jakub Jelinek wrote:
>> On Mon, Mar 21, 2011 at 11:37:16AM -0600, Jeff Law wrote:
>>> Similarly for redirect_edge_succ_nodup in this fragment:
>>>
>>> ret = redirect_edge_succ_nodup (e, dest);
>>> if (dump_file)
>>> fprintf (dump_file, "Fallthru edge %i->%i redirected to %i\n",
>>> e->src->index, e->dest->index, dest->index);
>>> }
>>> Luckily in this case the use-after-free only occurs when dumping, so it
>>> won't typically affect end users.
>
>> Well, the message is wrong anyway, becase e->dest->index will be
>> dest->index (with the exception that e has been remove_edge, but then it is
>> the use after free). Guess the message should be printed before the
>> redirect_edge_succ_nodup call, or remember e->dest->index in some local
>> variable and print that variable after the call.
> Yea, I'll just move the message before the call to
> redirecT_edge_succ_nodup.
Attached is the actual patch that was checked in after another bootstrap
and regression test.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNii+4AAoJEBRtltQi2kC7aLsIAJQ8JrBCCCSNC0HH+1NgAdyp
aUFEpQJUV9KgYpKzcqtKY5+kJI4WXRnRXsMmXuC4rWKV5rsnGmCzOSoHolHecLXB
F7J3KaCwg51tcJ/wxXUCPUy+MhZ/ZWHBVbLzw+aQ+O4mXqwnHoRRxnUwGmas6rDk
+pFXjmTArphMQdQ/xnOtXqUylecf4iu06Axn+0UXVy2J3CHT3jPvjuNZUHVUcVq+
qNrUTwYhDMHPXQtZWGz4RNqoACmpY/ku53xXwJq4PrcD1g/rl8Vy6aVnTPE9lONv
rXmxr/FgNFZixKxNhaYz6A+maXbM4uRGZvSoGuO0do/YulZXXN+Ym5HHlocM/pQ=
=/fA+
-----END PGP SIGNATURE-----
Index: cfg.c
===================================================================
*** cfg.c (revision 171351)
--- cfg.c (working copy)
*************** redirect_edge_succ_nodup (edge e, basic_
*** 402,409 ****
if (s->probability > REG_BR_PROB_BASE)
s->probability = REG_BR_PROB_BASE;
s->count += e->count;
- remove_edge (e);
redirect_edge_var_map_dup (s, e);
e = s;
}
else
--- 402,409 ----
if (s->probability > REG_BR_PROB_BASE)
s->probability = REG_BR_PROB_BASE;
s->count += e->count;
redirect_edge_var_map_dup (s, e);
+ remove_edge (e);
e = s;
}
else
Index: cfgrtl.c
===================================================================
*** cfgrtl.c (revision 171351)
--- cfgrtl.c (working copy)
*************** cfg_layout_redirect_edge_and_branch (edg
*** 2537,2545 ****
e->flags &= ~EDGE_FALLTHRU;
redirected = redirect_branch_edge (e, dest);
gcc_assert (redirected);
! e->flags |= EDGE_FALLTHRU;
! df_set_bb_dirty (e->src);
! return e;
}
/* In case we are redirecting fallthru edge to the branch edge
of conditional jump, remove it. */
--- 2537,2545 ----
e->flags &= ~EDGE_FALLTHRU;
redirected = redirect_branch_edge (e, dest);
gcc_assert (redirected);
! redirected->flags |= EDGE_FALLTHRU;
! df_set_bb_dirty (redirected->src);
! return redirected;
}
/* In case we are redirecting fallthru edge to the branch edge
of conditional jump, remove it. */
*************** cfg_layout_redirect_edge_and_branch (edg
*** 2553,2562 ****
&& onlyjump_p (BB_END (src)))
delete_insn (BB_END (src));
}
- ret = redirect_edge_succ_nodup (e, dest);
if (dump_file)
fprintf (dump_file, "Fallthru edge %i->%i redirected to %i\n",
e->src->index, e->dest->index, dest->index);
}
else
ret = redirect_branch_edge (e, dest);
--- 2553,2562 ----
&& onlyjump_p (BB_END (src)))
delete_insn (BB_END (src));
}
if (dump_file)
fprintf (dump_file, "Fallthru edge %i->%i redirected to %i\n",
e->src->index, e->dest->index, dest->index);
+ ret = redirect_edge_succ_nodup (e, dest);
}
else
ret = redirect_branch_edge (e, dest);
