romcc segfaults; serious help needed

Submitter	Patrick Georgi
Date	2010-03-11 10:33:35
Message ID	<4B98C6FF.6080707@georgi-clan.de>
Download	mbox \| patch
Permalink	/patch/1034/
State	Accepted
Commit	r5210
Headers	show Return-path: <coreboot-bounces+patchwork=coreboot.org@coreboot.org> Envelope-to: patchwork@coreboot.org sender: patrick) by t-stueck.streichelzoo.local (Postfix) with ESMTPSA id AE25F2003608B for <coreboot@coreboot.org>; Thu, 11 Mar 2010 11:33:31 +0100 (CET) Message-ID: <4B98C6FF.6080707@georgi-clan.de> Date: Thu, 11 Mar 2010 11:33:35 +0100 From: Patrick Georgi <patrick@georgi-clan.de> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.8) Gecko/20100227 Lightning/1.0b1 Thunderbird/3.0.3 MIME-Version: 1.0 To: coreboot@coreboot.org References: <b72cdb061003101925k7acf86a6h4037b6ed90366313@mail.gmail.com> In-Reply-To: <b72cdb061003101925k7acf86a6h4037b6ed90366313@mail.gmail.com> Content-Type: multipart/mixed; boundary="------------010707020907090705090306" Subject: Re: [coreboot] romcc segfaults; serious help needed Precedence: list Sender: coreboot-bounces+patchwork=coreboot.org@coreboot.org Errors-To: coreboot-bounces+patchwork=coreboot.org@coreboot.org

Comments

Patrick Georgi - 2010-03-11 10:33:35

Am 11.03.2010 04:25, schrieb Keith Hui:
> Hi guys,
> 
> I posted a new 440BX RAM init code a few days ago that was segfaulting
> romcc, and I didn't get any response.
> 
> In the meantime I have narrowed the cause to this code fragment, with
> enough wrapper added so it can be fed to romcc on its own:
Thank you for the test case, I could reproduce the crash.

Attached patch fixes the romcc segfaults when using the |=, +=, ^=
operators on array fields and produces reasonably looking code.

I did some tests to verify that the behaviour didn't change, but your
test case compiles to no code (except some useless jmp instructions) as
it has no side effects, so I can only verify it builds.
Please test it on your real world code.

Signed-off-by: Patrick Georgi <patrick.georgi@coresystems.de>

Patch

Index: util/romcc/romcc.c
===================================================================
--- util/romcc/romcc.c	(revision 5200)
+++ util/romcc/romcc.c	(working copy)
@@ -1896,12 +1896,16 @@ 
 		return;
 	if (!user)
 		return;
-	ptr = &used->use;
-	while(*ptr) {
-		if ((*ptr)->member == user) {
-			return;
+	if (used->use == (void*)-1)
+		used->use = 0;
+	if (used->use) {
+		ptr = &used->use;
+		while(*ptr) {
+			if ((*ptr)->member == user) {
+				return;
+			}
+			ptr = &(*ptr)->next;
 		}
-		ptr = &(*ptr)->next;
 	}
 	/* Append new to the head of the list, 
 	 * copy_func and rename_block_variables
@@ -11599,19 +11603,19 @@ 
 		}
 		def = write_expr(state, left,
 			triple(state, op, left->type, 
-				read_expr(state, left), right));
+				read_expr(state, copy_triple(state, left)), right));
 		break;
 	case TOK_PLUSEQ:
 		lvalue(state, left);
 		eat(state, TOK_PLUSEQ);
 		def = write_expr(state, left,
-			mk_add_expr(state, left, assignment_expr(state)));
+			mk_add_expr(state, copy_triple(state, left), assignment_expr(state)));
 		break;
 	case TOK_MINUSEQ:
 		lvalue(state, left);
 		eat(state, TOK_MINUSEQ);
 		def = write_expr(state, left,
-			mk_sub_expr(state, left, assignment_expr(state)));
+			mk_sub_expr(state, copy_triple(state, left), assignment_expr(state)));
 		break;
 	case TOK_SLEQ:
 	case TOK_SREQ:
@@ -11635,7 +11639,7 @@ 
 		}
 		def = write_expr(state, left,
 			triple(state, op, left->type, 
-				read_expr(state, left), right));
+				read_expr(state, copy_triple(state,left)), right));
 		break;
 	}
 	return def;

Patchwork romcc segfaults; serious help needed

Comments

Patch