From patchwork Wed Sep  6 13:40:01 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Malcolm <dmalcolm@redhat.com>
X-Patchwork-Id: 137577
Return-Path: <gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:ab0a:0:b0:3f2:4152:657d with SMTP id m10csp2317844vqo;
        Wed, 6 Sep 2023 06:41:10 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IHVkVIHsJM+Phw8VDoX9YklL0d2jqDQ8UoeGcFN7Gse0/1MBbIGgzQb2QN6oVQsD0fa+061
X-Received: by 2002:a17:907:b0c:b0:9a5:bd92:48f with SMTP id
 h12-20020a1709070b0c00b009a5bd92048fmr1927705ejl.77.1694007670402;
        Wed, 06 Sep 2023 06:41:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1694007670; cv=none;
        d=google.com; s=arc-20160816;
        b=FA8zfE/MILZtvLYwoFcqtIMLZNAPvnyawLIfg+owl5IeCD51zxJygYIrqMj/5LbBfb
         FTvbv4F1wjGAf4mkT9T1xNEEDG7OAVmwsvW0ooEZoC3YsR1dvPdaredjGhDi4ch6Eg4d
         WIHBNk+Kv8fO/gIz/SeGbtqGuvO5FmsQKo9BXcovZvzJ8vmd3RDZpKnvGIQy499l0psO
         TGRoL6DhMdHUIFjR3PEKl7DmJ+cvTTwVQj69QSEvmqFcbVytQ0AuLHkjawDtrFe3NnIv
         Kn0vQqaoMfFiSt2wA5w0iDNUkc7Mh9WQQNrHoVmeu3HAfC0zBHGCUPD7Wmx/Pmg4jQqr
         la/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:cc:reply-to:from:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence
         :content-transfer-encoding:mime-version:message-id:date:subject:to
         :dmarc-filter:delivered-to:dkim-signature:dkim-filter;
        bh=U0qn11nT+sZb03AcBS7pKl7Y9V0vIKrq0zqQ0S/hg4M=;
        fh=R6vOIYEbP1BSY96rjvK9ROfplXVM+Aqe0e6ysYfn15k=;
        b=o30WJXMts297rz/vKAem46M8QpJvnirrsI9ps48fIkZaiG+T4e4aCXj7/JinAwIIjT
         0bBoQJi+Q5n06V3UJh5NsosCVQ/tt1+ZwvBwEvWeF+BrEM7zajV8ZePg/GrDHdfPSrm6
         CbshSHgYmSiDbUZiZgxNEosc4T0sllpYDxs6h7tyBXeemKCPsj+hhEkerzh17F1NPTj9
         /s95Nx67+cNRrBptZNHnA+XP2OlghWvmOgwFIz+41n6pSp/ojIhYtJJLGeC0dvDLzDuv
         KWjSpg4mjWX4MtQq1ETMMDVJqcmhJr2yQb/auQHkBuw5aJJ/9wZjq8U9p9wFnCUWKUqM
         QBng==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gcc.gnu.org header.s=default header.b=nekecXpg;
       spf=pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org
Received: from server2.sourceware.org (ip-8-43-85-97.sourceware.org.
 [8.43.85.97])
        by mx.google.com with ESMTPS id
 f12-20020a170906824c00b009a0955a7acesi8838300ejx.278.2023.09.06.06.41.10
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 06 Sep 2023 06:41:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as
 permitted sender) client-ip=8.43.85.97;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gcc.gnu.org header.s=default header.b=nekecXpg;
       spf=pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 547EC3857C45
	for <ouuuleilei@gmail.com>; Wed,  6 Sep 2023 13:41:09 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 547EC3857C45
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1694007669;
	bh=U0qn11nT+sZb03AcBS7pKl7Y9V0vIKrq0zqQ0S/hg4M=;
	h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:Cc:From;
	b=nekecXpg+bp/OydcWPD1LYVc0La/6g3WRDL+yYSbxqBNJOj2FnOcCy9L88PxgFqq7
	 lDkhO0JD3TtChHVecLNR4a2piAhAE/9psyHgJk37eDflkiwpxqWD8e1zAitnpqoDHy
	 B69AqCooYFidoBCw309gtDDGM1YF11evx83tn9Hk=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by sourceware.org (Postfix) with ESMTPS id 5F9BA3858433
 for <gcc-patches@gcc.gnu.org>; Wed,  6 Sep 2023 13:40:23 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5F9BA3858433
Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73])
 by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-41-JiPwX0krMTGjzzMlgMgFVg-1; Wed, 06 Sep 2023 09:40:20 -0400
X-MC-Unique: JiPwX0krMTGjzzMlgMgFVg-1
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4CC062999B34;
 Wed,  6 Sep 2023 13:40:20 +0000 (UTC)
Received: from t14s.localdomain.com (unknown [10.22.34.57])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 0ED69C15BB8;
 Wed,  6 Sep 2023 13:40:20 +0000 (UTC)
To: gcc-patches@gcc.gnu.org,
	jit@gcc.gnu.org
Subject: [PATCH] ggc, jit: forcibly clear GTY roots in jit
Date: Wed,  6 Sep 2023 09:40:01 -0400
Message-Id: <20230906134001.681629-1-dmalcolm@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
 SPF_NONE, THIS_AD, TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: David Malcolm via Gcc-patches
 <gcc-patches@gcc.gnu.org>
From: David Malcolm <dmalcolm@redhat.com>
Reply-To: David Malcolm <dmalcolm@redhat.com>
Cc: antoyo@gcc.gnu.org
Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org
Sender: "Gcc-patches" <gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org>
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1776295786998225295
X-GMAIL-MSGID: 1776295786998225295

As part of Antoyo's work on supporting LTO in rustc_codegen_gcc, he
noticed an ICE inside libgccjit when compiling certain rust files.

Debugging libgccjit showed that outdated information from a previous
in-memory compile was referring to ad-hoc locations in the previous
compile's line_table.

The issue turned out to be the function decls in internal_fn_fnspec_array
from the previous compile keeping alive the symtab nodes for these
functions, and from this finding other functions in the previous
compile, walking their CFGs, and finding ad-hoc data pointers in an edge
with a location_t using ad-hoc data from the previous line_table
instance, and thus a use-after-free ICE attempting to use this ad-hoc
data.

Previously in toplev::finalize we've fixed global state "piecemeal" by
calling out to individual source_name_cc_finalize functions.  However,
it occurred to me that we have run-time information on where the
GTY-marked pointers are.

Hence this patch takes something of a "big hammer" approach by adding a
new ggc_common_finalize that walks the GC roots, zeroing all of the
pointers.  I stepped through this in the debugger and observed that, in
particular, this correctly zeroes the internal_fn_fnspec_array at the end
of a libgccjit compile.  Antoyo reports that this fixes the ICE for him.
Doing so uncovered an ICE with libgccjit in dwarf2cfi.cc due to reuse of
global variables from the previous compile, which this patch also fixes.

I noticed that in ggc_mark_roots when clearing deletable roots we only
clear the initial element in each gcc_root_tab_t.  This looks like a
latent bug to me, which the patch fixes.  That said, there don't seem to
be any deletable roots where the number of elements != 1.

Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.

OK for trunk?

Thanks
Dave

gcc/ChangeLog:
	* dwarf2cfi.cc (dwarf2cfi_cc_finalize): New.
	* dwarf2out.h (dwarf2cfi_cc_finalize): New decl.
	* ggc-common.cc (ggc_mark_roots): Multiply by rti->nelt when
	clearing the deletable gcc_root_tab_t.
	(ggc_common_finalize): New.
	* ggc.h (ggc_common_finalize): New decl.
	* toplev.cc (toplev::finalize): Call dwarf2cfi_cc_finalize and
        ggc_common_finalize.
---
 gcc/dwarf2cfi.cc  |  9 +++++++++
 gcc/dwarf2out.h   |  1 +
 gcc/ggc-common.cc | 23 ++++++++++++++++++++++-
 gcc/ggc.h         |  2 ++
 gcc/toplev.cc     |  3 +++
 5 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/gcc/dwarf2cfi.cc b/gcc/dwarf2cfi.cc
index ddc728f4ad00..f1777c0a4cf1 100644
--- a/gcc/dwarf2cfi.cc
+++ b/gcc/dwarf2cfi.cc
@@ -3822,4 +3822,13 @@ make_pass_dwarf2_frame (gcc::context *ctxt)
   return new pass_dwarf2_frame (ctxt);
 }
 
+void dwarf2cfi_cc_finalize ()
+{
+  add_cfi_insn = NULL;
+  add_cfi_vec = NULL;
+  cur_trace = NULL;
+  cur_row = NULL;
+  cur_cfa = NULL;
+}
+
 #include "gt-dwarf2cfi.h"
diff --git a/gcc/dwarf2out.h b/gcc/dwarf2out.h
index 870b56a6a372..61a996050ff9 100644
--- a/gcc/dwarf2out.h
+++ b/gcc/dwarf2out.h
@@ -419,6 +419,7 @@ struct fixed_point_type_info
     } scale_factor;
 };
 
+void dwarf2cfi_cc_finalize (void);
 void dwarf2out_cc_finalize (void);
 
 /* Some DWARF internals are exposed for the needs of DWARF-based debug
diff --git a/gcc/ggc-common.cc b/gcc/ggc-common.cc
index bed7a9d4d021..95803fa95a17 100644
--- a/gcc/ggc-common.cc
+++ b/gcc/ggc-common.cc
@@ -86,7 +86,7 @@ ggc_mark_roots (void)
 
   for (rt = gt_ggc_deletable_rtab; *rt; rt++)
     for (rti = *rt; rti->base != NULL; rti++)
-      memset (rti->base, 0, rti->stride);
+      memset (rti->base, 0, rti->stride * rti->nelt);
 
   for (rt = gt_ggc_rtab; *rt; rt++)
     ggc_mark_root_tab (*rt);
@@ -1293,3 +1293,24 @@ report_heap_memory_use ()
 	     SIZE_AMOUNT (MALLINFO_FN ().arena));
 #endif
 }
+
+/* Forcibly clear all GTY roots.  */
+
+void
+ggc_common_finalize ()
+{
+  const struct ggc_root_tab *const *rt;
+  const_ggc_root_tab_t rti;
+
+  for (rt = gt_ggc_deletable_rtab; *rt; rt++)
+    for (rti = *rt; rti->base != NULL; rti++)
+      memset (rti->base, 0, rti->stride * rti->nelt);
+
+  for (rt = gt_ggc_rtab; *rt; rt++)
+    for (rti = *rt; rti->base != NULL; rti++)
+      memset (rti->base, 0, rti->stride * rti->nelt);
+
+  for (rt = gt_pch_scalar_rtab; *rt; rt++)
+    for (rti = *rt; rti->base != NULL; rti++)
+      memset (rti->base, 0, rti->stride * rti->nelt);
+}
diff --git a/gcc/ggc.h b/gcc/ggc.h
index 34108e2f0061..3280314f8481 100644
--- a/gcc/ggc.h
+++ b/gcc/ggc.h
@@ -368,4 +368,6 @@ inline void gt_ggc_mx (unsigned long int) { }
 inline void gt_ggc_mx (long long int) { }
 inline void gt_ggc_mx (unsigned long long int) { }
 
+extern void ggc_common_finalize ();
+
 #endif
diff --git a/gcc/toplev.cc b/gcc/toplev.cc
index 6c1a6f443c16..db62e3e995ec 100644
--- a/gcc/toplev.cc
+++ b/gcc/toplev.cc
@@ -2336,6 +2336,7 @@ toplev::finalize (void)
   cgraph_cc_finalize ();
   cgraphunit_cc_finalize ();
   symtab_thunks_cc_finalize ();
+  dwarf2cfi_cc_finalize ();
   dwarf2out_cc_finalize ();
   gcse_cc_finalize ();
   ipa_cp_cc_finalize ();
@@ -2350,6 +2351,8 @@ toplev::finalize (void)
   save_decoded_options = NULL;
   save_decoded_options_count = 0;
 
+  ggc_common_finalize ();
+
   /* Clean up the context (and pass_manager etc). */
   delete g;
   g = NULL;