Reading free memory after unrolling a gen loop
module top(output [1:0] o); for (genvar i = 0; i < 4; i++) begin: B reg [1:0] r; always begin r = 2'(i); end end assign o = B.r; endmodulevalgrind memcheck shows a use-after-free issue.
As far as I can tell from the memcheck report and the debug trace, it looks like the unroller, when finished, deletes the 'for' node, but a later traversal then reaches something that was deleted.
This also shows up with verilator_bin_dbg, with better quality source info, but it needs --no-debug-leak.
#1 Updated by Wilson Snyder 9 months ago
- Category set to TranslationError
- Status changed from New to Confirmed
- Assignee set to Wilson Snyder
This is caused by the B0 reference, but that's supported the code valgrind sees is actually looking for interfaces so the mis-reference is unlikely to cause real problems. Fix is non-trivial but will get to it shortly.
Also available in: Atom