diff mbox series

c++: Fix tinst_level::to_list [PR112968]

Message ID	ZXl+DgQFUfnH5dJY@tucnak
State	Unresolved
Headers	Received-SPF: pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BF696385841A Date: Wed, 13 Dec 2023 10:49:02 +0100 From: Jakub Jelinek <jakub@redhat.com> To: Jason Merrill <jason@redhat.com> Cc: gcc-patches@gcc.gnu.org Subject: [PATCH] c++: Fix tinst_level::to_list [PR112968] Message-ID: <ZXl+DgQFUfnH5dJY@tucnak> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Precedence: list Reply-To: Jakub Jelinek <jakub@redhat.com> Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org X-getmail-retrieved-from-mailbox: INBOX
Series	c++: Fix tinst_level::to_list [PR112968] \| c++: Fix tinst_level::to_list [PR112968]

Checks

Context	Check	Description
snail/gcc-patch-check	warning	Git am fail log

Commit Message

Jakub Jelinek Dec. 13, 2023, 9:49 a.m. UTC

  Hi!

With valgrind checking, there are various errors reported on some C++26
libstdc++ tests, like:
==2009913== Conditional jump or move depends on uninitialised value(s)
==2009913==    at 0x914C59: gt_ggc_mx_lang_tree_node(void*) (gt-cp-tree.h:107)
==2009913==    by 0x8AB7A5: gt_ggc_mx_tinst_level(void*) (gt-cp-pt.h:32)
==2009913==    by 0xB89B25: ggc_mark_root_tab(ggc_root_tab const*) (ggc-common.cc:75)
==2009913==    by 0xB89DF4: ggc_mark_roots() (ggc-common.cc:104)
==2009913==    by 0x9D6311: ggc_collect(ggc_collect) (ggc-page.cc:2227)
==2009913==    by 0xDB70F6: execute_one_pass(opt_pass*) (passes.cc:2738)
==2009913==    by 0xDB721F: execute_pass_list_1(opt_pass*) (passes.cc:2755)
==2009913==    by 0xDB7258: execute_pass_list(function*, opt_pass*) (passes.cc:2766)
==2009913==    by 0xA55525: cgraph_node::analyze() (cgraphunit.cc:695)
==2009913==    by 0xA57CC7: analyze_functions(bool) (cgraphunit.cc:1248)
==2009913==    by 0xA5890D: symbol_table::finalize_compilation_unit() (cgraphunit.cc:2555)
==2009913==    by 0xEB02A1: compile_file() (toplev.cc:473)

I think the problem is in the tinst_level::to_list optimization from 2018.
That function returns a TREE_LIST with TREE_PURPOSE/TREE_VALUE filled in.
Either it freshly allocates using build_tree_list (NULL, NULL); + stores
TREE_PURPOSE/TREE_VALUE, that case is fine (the whole tree_list object
is zeros, except for TREE_CODE set to TREE_LIST and TREE_PURPOSE/TREE_VALUE
modified later; the above also means in particular TREE_TYPE of it is NULL
and TREE_CHAIN is NULL and both are accessible/initialized even in valgrind
annotations.
Or it grabs a TREE_LIST node from a freelist.
If defined(ENABLE_GC_CHECKING), the object is still all zeros except
for TREE_CODE/TREE_PURPOSE/TREE_VALUE like in the fresh allocation case
(but unlike the build_tree_list case in the valgrind annotations
TREE_TYPE and TREE_CHAIN are marked as uninitialized).
If !defined(ENABLE_GC_CHECKING), I believe the actual memory content
is that everything but TREE_CODE/TREE_PURPOSE/TREE_VALUE/TREE_CHAIN is
zeros and TREE_CHAIN is something random (whatever next entry is in the
freelist, nothing overwrote it) and from valgrind POV again,
TREE_TYPE and TREE_CHAIN are marked as uninitialized.

When using the other freelist instantiations (pending_template and
tinst_level) I believe everything is correct, from valgrind POV it marks
the whole pending_template or tinst_level as uninitialized, but the
caller initializes it all).

One way to fix this would be let tinst_level::to_list not store just
  TREE_PURPOSE (ret) = tldcl;
  TREE_VALUE (ret) = targs;
but also
  TREE_TYPE (ret) = NULL_TREE;
  TREE_CHAIN (ret) = NULL_TREE;
Though, that seems like wasted effort in the build_tree_list case to me.

So, the following patch instead does that TREE_CHAIN = NULL_TREE store only
in the case where it isn't already done and marks both TREE_CHAIN and
TREE_TYPE as initialized (the latter is at that spot, the former is because
we never really touch TREE_TYPE of a TREE_LIST anywhere and so the NULL
gets stored into the freelist and restored from there (except for
ENABLE_GC_CHECKING where it is poisoned and then cleared again).

Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

2023-12-13  Jakub Jelinek  <jakub@redhat.com>

	PR c++/112968
	* pt.cc (freelist<tree_node>::reinit): Make whole obj->common
	defined for valgrind annotations rather than just obj->base,
	and do it even for ENABLE_GC_CHECKING.  If not ENABLE_GC_CHECKING,
	clear TREE_CHAIN (obj).


	Jakub

Comments

Jason Merrill Dec. 13, 2023, 5:23 p.m. UTC | #1

On 12/13/23 04:49, Jakub Jelinek wrote:
> Hi!
> 
> With valgrind checking, there are various errors reported on some C++26
> libstdc++ tests, like:
> ==2009913== Conditional jump or move depends on uninitialised value(s)
> ==2009913==    at 0x914C59: gt_ggc_mx_lang_tree_node(void*) (gt-cp-tree.h:107)
> ==2009913==    by 0x8AB7A5: gt_ggc_mx_tinst_level(void*) (gt-cp-pt.h:32)
> ==2009913==    by 0xB89B25: ggc_mark_root_tab(ggc_root_tab const*) (ggc-common.cc:75)
> ==2009913==    by 0xB89DF4: ggc_mark_roots() (ggc-common.cc:104)
> ==2009913==    by 0x9D6311: ggc_collect(ggc_collect) (ggc-page.cc:2227)
> ==2009913==    by 0xDB70F6: execute_one_pass(opt_pass*) (passes.cc:2738)
> ==2009913==    by 0xDB721F: execute_pass_list_1(opt_pass*) (passes.cc:2755)
> ==2009913==    by 0xDB7258: execute_pass_list(function*, opt_pass*) (passes.cc:2766)
> ==2009913==    by 0xA55525: cgraph_node::analyze() (cgraphunit.cc:695)
> ==2009913==    by 0xA57CC7: analyze_functions(bool) (cgraphunit.cc:1248)
> ==2009913==    by 0xA5890D: symbol_table::finalize_compilation_unit() (cgraphunit.cc:2555)
> ==2009913==    by 0xEB02A1: compile_file() (toplev.cc:473)
> 
> I think the problem is in the tinst_level::to_list optimization from 2018.
> That function returns a TREE_LIST with TREE_PURPOSE/TREE_VALUE filled in.
> Either it freshly allocates using build_tree_list (NULL, NULL); + stores
> TREE_PURPOSE/TREE_VALUE, that case is fine (the whole tree_list object
> is zeros, except for TREE_CODE set to TREE_LIST and TREE_PURPOSE/TREE_VALUE
> modified later; the above also means in particular TREE_TYPE of it is NULL
> and TREE_CHAIN is NULL and both are accessible/initialized even in valgrind
> annotations.
> Or it grabs a TREE_LIST node from a freelist.
> If defined(ENABLE_GC_CHECKING), the object is still all zeros except
> for TREE_CODE/TREE_PURPOSE/TREE_VALUE like in the fresh allocation case
> (but unlike the build_tree_list case in the valgrind annotations
> TREE_TYPE and TREE_CHAIN are marked as uninitialized).
> If !defined(ENABLE_GC_CHECKING), I believe the actual memory content
> is that everything but TREE_CODE/TREE_PURPOSE/TREE_VALUE/TREE_CHAIN is
> zeros and TREE_CHAIN is something random (whatever next entry is in the
> freelist, nothing overwrote it) and from valgrind POV again,
> TREE_TYPE and TREE_CHAIN are marked as uninitialized.
> 
> When using the other freelist instantiations (pending_template and
> tinst_level) I believe everything is correct, from valgrind POV it marks
> the whole pending_template or tinst_level as uninitialized, but the
> caller initializes it all).
> 
> One way to fix this would be let tinst_level::to_list not store just
>    TREE_PURPOSE (ret) = tldcl;
>    TREE_VALUE (ret) = targs;
> but also
>    TREE_TYPE (ret) = NULL_TREE;
>    TREE_CHAIN (ret) = NULL_TREE;
> Though, that seems like wasted effort in the build_tree_list case to me.
> 
> So, the following patch instead does that TREE_CHAIN = NULL_TREE store only
> in the case where it isn't already done and marks both TREE_CHAIN and
> TREE_TYPE as initialized (the latter is at that spot, the former is because
> we never really touch TREE_TYPE of a TREE_LIST anywhere and so the NULL
> gets stored into the freelist and restored from there (except for
> ENABLE_GC_CHECKING where it is poisoned and then cleared again).

We sometimes do put things in the TREE_TYPE of a TREE_LIST, so I would 
be more comfortable setting it here as well.  OK with that change.

> Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?
> 
> 2023-12-13  Jakub Jelinek  <jakub@redhat.com>
> 
> 	PR c++/112968
> 	* pt.cc (freelist<tree_node>::reinit): Make whole obj->common
> 	defined for valgrind annotations rather than just obj->base,
> 	and do it even for ENABLE_GC_CHECKING.  If not ENABLE_GC_CHECKING,
> 	clear TREE_CHAIN (obj).
> 
> --- gcc/cp/pt.cc.jj	2023-12-11 23:52:03.592513063 +0100
> +++ gcc/cp/pt.cc	2023-12-12 16:40:09.259903877 +0100
> @@ -9525,7 +9525,7 @@ template <>
>   inline void
>   freelist<tree_node>::reinit (tree obj ATTRIBUTE_UNUSED)
>   {
> -  tree_base *b ATTRIBUTE_UNUSED = &obj->base;
> +  tree_common *c ATTRIBUTE_UNUSED = &obj->common;
>   
>   #ifdef ENABLE_GC_CHECKING
>     gcc_checking_assert (TREE_CODE (obj) == TREE_LIST);
> @@ -9540,8 +9540,9 @@ freelist<tree_node>::reinit (tree obj AT
>   #ifdef ENABLE_GC_CHECKING
>     TREE_SET_CODE (obj, TREE_LIST);
>   #else
> -  VALGRIND_DISCARD (VALGRIND_MAKE_MEM_DEFINED (b, sizeof (*b)));
> +  TREE_CHAIN (obj) = NULL_TREE;
>   #endif
> +  VALGRIND_DISCARD (VALGRIND_MAKE_MEM_DEFINED (c, sizeof (*c)));
>   }
>   
>   /* Point to the first object in the TREE_LIST freelist.  */
> 
> 	Jakub
>

diff mbox series

Patch

--- gcc/cp/pt.cc.jj	2023-12-11 23:52:03.592513063 +0100
+++ gcc/cp/pt.cc	2023-12-12 16:40:09.259903877 +0100
@@ -9525,7 +9525,7 @@  template <>
 inline void
 freelist<tree_node>::reinit (tree obj ATTRIBUTE_UNUSED)
 {
-  tree_base *b ATTRIBUTE_UNUSED = &obj->base;
+  tree_common *c ATTRIBUTE_UNUSED = &obj->common;
 
 #ifdef ENABLE_GC_CHECKING
   gcc_checking_assert (TREE_CODE (obj) == TREE_LIST);
@@ -9540,8 +9540,9 @@  freelist<tree_node>::reinit (tree obj AT
 #ifdef ENABLE_GC_CHECKING
   TREE_SET_CODE (obj, TREE_LIST);
 #else
-  VALGRIND_DISCARD (VALGRIND_MAKE_MEM_DEFINED (b, sizeof (*b)));
+  TREE_CHAIN (obj) = NULL_TREE;
 #endif
+  VALGRIND_DISCARD (VALGRIND_MAKE_MEM_DEFINED (c, sizeof (*c)));
 }
 
 /* Point to the first object in the TREE_LIST freelist.  */