From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 4548F3858416; Fri, 27 Jan 2023 13:17:48 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4548F3858416 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1674825468; bh=VJmznQ/1HDjgdA3FDTDqKhiQ0034e7WHXONWYs5RUTs=; h=From:To:Subject:Date:In-Reply-To:References:From; b=RkbJpkpb1sIxaVs5Rsl3en8fUZhljJHW9Q/de97q4Sco20YEuPWh93UKDN17c10nf 1eQ67T9hEHuReKBK04qQwb3XS2nj2v9KLdxThY6oSGYXR0QbnfIqMYIFbo+Llk4KnN F/8wkNeTGe4pKgNvoKoUnZ8OW9GmWMtY6N5KVnb0= From: "jakub at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/108552] Linux i386 kernel 5.14 memory corruption for pre_compound_page() when gcov is enabled Date: Fri, 27 Jan 2023 13:17:47 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 11.3.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: jakub at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D108552 Jakub Jelinek changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hubicka at gcc dot gnu.org, | |jakub at gcc dot gnu.org --- Comment #21 from Jakub Jelinek --- I'd say using the (default unless -pthread is used) -fprofile-update=3Dsing= le is wrong for the kernel, it can't work correctly in multi-threaded case which = is the case of kernel. In the -fprofile-update=3Dsingle (as opposed to -fprofile-update=3Datomic) = the updates to the counters aren't atomic and the arrays aren't marked volatile= or something similar, it is really meant for single threaded coverage. Anyway, before ivopts we have: pretmp_93 =3D __gcov0.prep_compound_page[7]; [local count: 955630225]: # i_66 =3D PHI # prephitmp_92 =3D PHI i.144_1 =3D (unsigned int) i_66; _2 =3D i.144_1 * 40; p_15 =3D page_12(D) + _2; p_15->D.13727.D.13672.mapping =3D 1024B; MEM[(volatile long unsigned int *)p_15 + 4B] =3D{v} _159; i_17 =3D i_66 + 1; PROF_edge_counter_46 =3D prephitmp_92 + 1; __gcov0.prep_compound_page[7] =3D PROF_edge_counter_46; if (nr_pages_11 > i_17) goto ; [89.00%] else goto ; [11.00%] [local count: 850510901]: goto ; [100.00%] which given the non-volatile non-atomically updated arrays is to be expecte= d, instead of re-reading __gcov0.prep_compound_page[7] in every iteration it j= ust reads it once and stores in each iteration, which is possible because anoth= er thread changing it concurrently would mean a data race anyway.=