Hello!
Here are my results so far.
It's not just the "next" pointer that is corrupted. The "nr" field in
struct ptr_list is corrupted too. It becomes -1, which is an invalid
value. This can be reproduced on both i386 and x86_64 platforms.
The earliest signs of problem I could find are in simplify_one_symbol().
The lower 4 bytes of insn->phi_list->list[0] should be a valid nr (from
0 to 29), but it's 0xffffffff.
I also found the place where -1 comes from. If I change -1 to -2 in
symbol_pseudo(), the lower 4 bytes of insn->phi_list->list[0] become
0xfffffffe. It other words, the same area of memory is treated as
struct ptr_list and as pseudo_t.
Here's the patch that demonstrates the problem.
diff --git a/flow.c b/flow.c
index 82fb23a..4946388 100644
--- a/flow.c
+++ b/flow.c
@@ -620,6 +620,7 @@ static void simplify_one_symbol(struct entrypoint *ep, struct symbol *sym)
/* We know that the symbol-pseudo use is the "src" in the instruction */
struct instruction *insn = pu->insn;
+ fprintf(stderr, "nr = %lx\n", (long int)(insn->phi_list->list[0]));
switch (insn->opcode) {
case OP_STORE:
stores++;
diff --git a/linearize.c b/linearize.c
index 8a68f05..fb03a4b 100644
--- a/linearize.c
+++ b/linearize.c
@@ -761,7 +761,7 @@ static pseudo_t symbol_pseudo(struct entrypoint *ep, struct symbol *sym)
pseudo = sym->pseudo;
if (!pseudo) {
pseudo = __alloc_pseudo(0);
- pseudo->nr = -1;
+ pseudo->nr = -2;
pseudo->type = PSEUDO_SYM;
pseudo->sym = sym;
pseudo->ident = sym->ident;
--
Regards,
Pavel Roskin
-
To unsubscribe from this list: send the line "unsubscribe linux-sparse" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
