Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reading free memory after unrolling a gen loop #1386

Closed
veripoolbot opened this issue Jan 4, 2019 · 3 comments
Closed

Reading free memory after unrolling a gen loop #1386

veripoolbot opened this issue Jan 4, 2019 · 3 comments
Assignees
@wsnyder
Labels
resolution: fixed Closed; fixed

Comments

@veripoolbot
Copy link
Contributor

Author Name: Al Grant
Original Redmine Issue: 1386 from https://www.veripool.org

Original Assignee: Wilson Snyder (@wsnyder)

module top(output [1:0] o);
  for (genvar i = 0; i < 4; i++) begin: B
     reg [1:0] r;
     always begin
       r = 2'(i);
     end
  end
  assign o = B[0].r;
endmodule

valgrind memcheck shows a use-after-free issue.

As far as I can tell from the memcheck report and the debug trace, it looks like the unroller, when finished, deletes the 'for' node, but a later traversal then reaches something that was deleted.

This also shows up with verilator_bin_dbg, with better quality source info, but it needs --no-debug-leak.
@veripoolbot
Copy link
Contributor Author

Original Redmine Comment
Author Name: Wilson Snyder (@wsnyder)
Original Date: 2019-01-05T11:32:46Z

This is caused by the B[0] reference, but that's supported the code valgrind sees is actually looking for interfaces so the mis-reference is unlikely to cause real problems. Fix is non-trivial but will get to it shortly.

@veripoolbot
Copy link
Contributor Author

Original Redmine Comment
Author Name: Wilson Snyder (@wsnyder)
Original Date: 2019-01-06T21:57:03Z

Fixed in git towards 4.010.

@veripoolbot
Copy link
Contributor Author

Original Redmine Comment
Author Name: Wilson Snyder (@wsnyder)
Original Date: 2019-01-28T12:32:31Z

In 4.010.

@veripoolbot veripoolbot added the resolution: fixed Closed; fixed label Dec 22, 2019
@wsnyder wsnyder mentioned this issue May 3, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wsnyder wsnyder

Labels
resolution: fixed Closed; fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wsnyder @veripoolbot