From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14451 invoked by alias); 28 Nov 2013 07:08:20 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 14403 invoked by uid 48); 28 Nov 2013 07:08:14 -0000 From: "jakub at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/58627] [4.9 Regression] crash during compilation of boost testsuite Date: Thu, 28 Nov 2013 07:08:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: 4.9.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: jakub at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Priority: P1 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 4.9.0 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status cf_reconfirmed_on cc everconfirmed Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2013-11/txt/msg02864.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58627 Jakub Jelinek changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Last reconfirmed| |2013-11-28 CC| |jakub at gcc dot gnu.org Ever confirmed|0 |1 --- Comment #4 from Jakub Jelinek --- Seems the crash is because we ggc_free (targs); but it is still reachable. While pop_tinst_level has been called and thus it isn't reachable from current_tinst_level, it is reachable from pending_templates (in particular last_pending_template->tinst->next->next->decl is a TREE_LIST with TREE_VALUE set to the TREE_VEC targs we ggc_free). fn_type_unification has: struct pending_template *old_last_pend = last_pending_template; struct tinst_level *old_error_tinst = last_error_tinst_level; ... /* We can't free this if a pending_template entry or last_error_tinst_level is pointing at it. */ if (last_pending_template == old_last_pend && last_error_tinst_level == old_error_tinst) ggc_free (tinst); so it avoids ggc_free on tinst (the TREE_LIST with TREE_VALUE set to targs), but unfortunately this technique isn't usable in the resolve_address_of_overloaded_function caller, because last_pending_template and current_tinst_level are static vars in pt.c and this is in class.c. So perhaps add some bool * argument to fn_type_unification through which it could optionally tell the caller whether it is safe to ggc_free targs (set to last_pending_template == old_last_pend && last_error_tinst_level == old_error_tinst if non-NULL)? Jason?