It is most likely that this bug is actually caused by one of the
modifications that you have made to the backend.
In 4.3, the rtl backend is very picky about the kinds of modifications
that can be made to insns and in particular the api's that are used to
modify, insert or delete insns or even whole basic blocks.
It is no long acceptable for a back end to just replace all or part of
an insn by just zapping or modifying the fields of the rtl. Each
change must go one of the variants of validate change. Failures to do
this tend to manifest themselves as downstream bugs that look like
the one you describe.
There are verification tools (that slow down a bootstrap by about 20%)
that are available to help track down this kind of failure. If you
build your compiler with --enable-checking=df,yes (basically add "df"
onto what ever you normally set for --enable-checking) it will check that
there have been no unauthorized changes to any instructions after
every rtl pass. This is generally the fastest way to find the at
least which pass has unauthorized changes.
I hope that this helps. There is very little otherwise that I can do
with a private port. But this is generally the problem.
Kenny
> While working on a Cygwin/AVR backend patch, I had segmentation fault
> occur in df-scan.c - which appears unrelated to target.
> I can't provide testcase as backend is modfied - but source was 20011113-1.c
>
> It all happens in df_scan.c (Rev 130805 14 Dec 2007)
>
> df_ref_create_structure() trys to access EMPTY collection_rec->def_vec
> as type DF_REF_REG_DEF is being set by df_uses_record(), yet no space
> was allocated by df_noted_rescan()
>
> This appears to be a bug but seek your combined wisdom before filling a
> report:
>
> 1) emit-rtl (line 4647) calls df_notes_rescan (insn);
> 2) df_notes_rescan (line 2043) creates struct df_collection_rec
> collection_rec but does not allocate any storage for member "def_vec"
> then (line 2062) calls df_uses_record - related to usage of
> REG_EQUIV and REG_EQUAL notes
> 3) df_uses_record (line 2994) , calls df_ref_record (relate to recording
> definition for PRE_DEC..POST_MODIFY) - with type set as DF_REF_REG_DEF
> 5) df_ref_record calls df_ref_create_structure - which fails
>
>
> Below is stack dump and a few variables and RTX of insn printed out
>
>
> Copyright (C) 2006 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "i686-pc-cygwin"...
> (gdb) source ./gdbini.in
> ./gdbini.in: No such file or directory.
> (gdb) source ./gdbinit.in
> Breakpoint 1 at 0x6268d6: file ../../gcc/gcc/diagnostic.c, line 660.
> Breakpoint 2 at 0x626863: file ../../gcc/gcc/diagnostic.c, line 604.
> Breakpoint 3 at 0xa77a20
> Breakpoint 4 at 0xa77a10
> (gdb) run -mmcu=atmega128 -g -w -O3 -DSTACK_SIZE=400 -da
> -DNO_TRAMPOLINES -fno-show-column -DSIGNAL_SUPPRESS -std=gnu99 200
> 11113-1.c -o 20011113-1.o
> Starting program: /cygdrive/e/awhconf/gcc/cc1.exe -mmcu=atmega128 -g
> -w -O3 -DSTACK_SIZE=400 -da -DNO_TRAMPOLINES -fno-show-col
> umn -DSIGNAL_SUPPRESS -std=gnu99 20011113-1.c -o 20011113-1.o
> Loaded symbols for /cygdrive/c/WINDOWS/system32/ntdll.dll
> Loaded symbols for /cygdrive/c/WINDOWS/system32/kernel32.dll
> Loaded symbols for /usr/bin/cygwin1.dll
> Loaded symbols for /cygdrive/c/WINDOWS/system32/advapi32.dll
> Loaded symbols for /cygdrive/c/WINDOWS/system32/rpcrt4.dll
> Loaded symbols for /usr/bin/cygiconv-2.dll
> foo baz bar main
> Analyzing compilation unit
> Performing interprocedural optimizations
> <visibility> <early_local_cleanups> <inline> <static-var>
> <pure-const>Assembling functions:
> bar foo baz main
> Program received signal SIGSEGV, Segmentation fault.
> 0x007a03de in df_ref_create_structure (collection_rec=0x22c840,
> reg=0x124, loc=0x7ff31b04, bb=0x7fec3c00, insn=0x7ff778a0,
> ref_type=DF_REF_REG_DEF, ref_flags=292) at ../../gcc/gcc/df-scan.c:2611
> 2611 collection_rec->def_vec[collection_rec->next_def++] =
> this_ref;
> (gdb) where
> #0 0x007a03de in df_ref_create_structure (collection_rec=0x22c840,
> reg=0x124, loc=0x7ff31b04, bb=0x7fec3c00, insn=0x7ff778a0,
> ref_type=DF_REF_REG_DEF, ref_flags=292) at ../../gcc/gcc/df-scan.c:2611
> #1 0x007a2d8a in df_uses_record (collection_rec=0x22c840, loc=0x0,
> ref_type=DF_REF_REG_MEM_LOAD, bb=0x7fec3c00,
> insn=0x7ff778a0, flags=DF_REF_IN_NOTE) at ../../gcc/gcc/df-scan.c:2994
> #2 0x007a56db in df_notes_rescan (insn=0x7ff778a0) at
> ../../gcc/gcc/df-scan.c:2062
> #3 0x004d3c91 in set_unique_reg_note (insn=0x7ff778a0, kind=REG_EQUAL,
> datum=0x7ff1e8f0) at ../../gcc/gcc/emit-rtl.c:4647
> #4 0x005ce935 in try_replace_reg (from=0x7ff1d740, to=0x1bebbd8,
> insn=0x7ff778a0) at ../../gcc/gcc/gcse.c:2687
> #5 0x005cef5d in constprop_register (insn=0x7ff778a0, from=0x7ff1d740,
> to=0x7ff319c8, alter_jumps=0 '\0')
> at ../../gcc/gcc/gcse.c:2904
> #6 0x005cfdfc in one_cprop_pass (pass=1, cprop_jumps=0 '\0',
> bypass_jumps=0 '\0') at ../../gcc/gcc/gcse.c:2973
> #7 0x005d5166 in rest_of_handle_gcse () at ../../gcc/gcc/gcse.c:722
> #8 0x00621508 in execute_one_pass (pass=0xa79770) at
> ../../gcc/gcc/passes.c:1118
> #9 0x006216ae in execute_pass_list (pass=0xa79350) at
> ../../gcc/gcc/passes.c:1171
> #10 0x006216c1 in execute_pass_list (pass=0xa79630) at
> ../../gcc/gcc/passes.c:1172
> #11 0x00848b4c in tree_rest_of_compilation (fndecl=0x7fdcf340) at
> ../../gcc/gcc/tree-optimize.c:404
> #12 0x0062277b in cgraph_expand_function (node=0x7ff40480) at
> ../../gcc/gcc/cgraphunit.c:1151
> #13 0x006243fe in cgraph_optimize () at ../../gcc/gcc/cgraphunit.c:1214
> #14 0x0041aff7 in c_write_global_declarations () at
> ../../gcc/gcc/c-decl.c:8074
> #15 0x006295e6 in toplev_main (argc=14, argv=0x1b91d60) at
> ../../gcc/gcc/toplev.c:1055
> #16 0x004938da in main (argc=14, argv=0x1b91d60) at ../../gcc/gcc/main.c:35
> (gdb) pr
> The history is empty.
> (gdb) print insn
> $1 = (rtx) 0x7ff778a0
> (gdb) pr
> (insn 10 84 11 3 20011113-1.c:36 (set (reg:QI 50)
> (mem:QI (post_inc:HI (reg:HI 48)) [0 S1 A8])) 8 {*movqi}
> (expr_list:REG_EQUAL (mem:QI (post_inc:HI (reg:HI 48)) [0 S1 A8])
>
> (nil)))
> (gdb) print collection_rec
> $2 = (struct df_collection_rec *) 0x22c840
> (gdb) print *collection_rec
> $3 = {def_vec = 0x0, next_def = 0, use_vec = 0x0, next_use = 0,
> eq_use_vec = 0x22b860, next_eq_use = 0, mw_vec = 0x22a8b0,
> next_mw = 0}
