public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "slyfox at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug gcov-profile/97461] New: allocate_gcov_kvp() deadlocks in firefox LTO+PGO build (overridden malloc() recursion) Date: Fri, 16 Oct 2020 15:03:23 +0000 [thread overview] Message-ID: <bug-97461-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97461 Bug ID: 97461 Summary: allocate_gcov_kvp() deadlocks in firefox LTO+PGO build (overridden malloc() recursion) Product: gcc Version: 11.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: gcov-profile Assignee: unassigned at gcc dot gnu.org Reporter: slyfox at gcc dot gnu.org CC: marxin at gcc dot gnu.org Target Milestone: --- Single-file example is extracted from firefox-81 build hangup (LTO+PGO flavour). Here is the single-file reproducer that converts hangup to a crash: // gcc-11.0.0 a.c -o a -fprofile-generate -ggdb3 && ./a #include <stdio.h> #include <stdlib.h> #include <string.h> static int malloc_depth = 0; static char memory[128* 1024]; static size_t memory_p = 0; void f1(void) {} void f2(void) {} typedef void (*fun_t)(void); static const fun_t funs[2] = { f1, f2, }; static void * malloc_impl(size_t size) { void * r = &memory[memory_p]; memory_p += size; // force TOPN profile funs[size % 2](); return r; } // Override default malloc, check it it get s called recursively void * malloc(size_t size) { // Must not be called recursively. Malloc implementation does not support it. if (malloc_depth != 0) __builtin_trap(); ++malloc_depth; void * r = malloc_impl(size); --malloc_depth; return r; } // Called from gcov void *calloc(size_t nmemb, size_t size) { // Must not be called recursively. Malloc implementation does not support it. if (malloc_depth != 0) __builtin_trap(); ++malloc_depth; void * r = malloc_impl(size * nmemb); memset(r, 0, size * nmemb); --malloc_depth; return r; } void free(void *ptr){} int main() { void * p = malloc(8); return p != 0; } How to crash: $ gcc-11.0.0 a.c -o a -ggdb3 && ./a $ gcc-11.0.0 a.c -o a -fprofile-generate -ggdb3 && ./a Illegal instruction (core dumped) Here we have a malloc recursion of malloc()->malloc_internals()->gcov->calloc()->malloc_internals(). malloc() is re-entered twice: Program received signal SIGILL, Illegal instruction. 0x00005555555565e7 in calloc (nmemb=1, size=24) at a.c:103 103 if (malloc_depth != 0) __builtin_trap(); (gdb) bt #0 0x00005555555565e7 in calloc (nmemb=1, size=24) at a.c:103 #1 0x0000555555556cf3 in allocate_gcov_kvp () at /var/tmp/portage/sys-devel/gcc-11.0.0_pre9999/work/gcc-11.0.0_pre9999/libgcc/libgcov.h:441 #2 gcov_topn_add_value (count=1, increment_total=1, use_atomic=0, value=721827547, counters=0x55555557b660 <__gcov4.malloc_impl>) at /var/tmp/portage/sys-devel/gcc-11.0.0_pre9999/work/gcc-11.0.0_pre9999/libgcc/libgcov.h:489 #3 __gcov_topn_values_profiler_body (use_atomic=0, value=721827547, counters=0x55555557b660 <__gcov4.malloc_impl>) at /var/tmp/portage/sys-devel/gcc-11.0.0_pre9999/work/gcc-11.0.0_pre9999/libgcc/libgcov-profiler.c:103 #4 __gcov_indirect_call_profiler_body (use_atomic=0, cur_func=<optimized out>, value=721827547) at /var/tmp/portage/sys-devel/gcc-11.0.0_pre9999/work/gcc-11.0.0_pre9999/libgcc/libgcov-profiler.c:163 #5 __gcov_indirect_call_profiler_v4 (value=721827547, cur_func=<optimized out>) at /var/tmp/portage/sys-devel/gcc-11.0.0_pre9999/work/gcc-11.0.0_pre9999/libgcc/libgcov-profiler.c:172 #6 0x000055555555631e in f1 () at a.c:74 #7 0x0000555555556482 in malloc_impl (size=8) at a.c:85 #8 0x0000555555556537 in malloc (size=8) at a.c:95 #9 0x0000555555556760 in main () at a.c:115
next reply other threads:[~2020-10-16 15:03 UTC|newest] Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-10-16 15:03 slyfox at gcc dot gnu.org [this message] 2020-10-16 15:05 ` [Bug gcov-profile/97461] " slyfox at gcc dot gnu.org 2020-10-16 15:09 ` slyfox at gcc dot gnu.org 2020-10-16 15:16 ` slyfox at gcc dot gnu.org 2020-10-19 7:12 ` [Bug gcov-profile/97461] [11 Regression] " marxin at gcc dot gnu.org 2020-10-19 7:15 ` rguenth at gcc dot gnu.org 2020-10-19 13:42 ` marxin at gcc dot gnu.org 2020-10-19 13:46 ` Jan Hubicka 2020-10-19 13:46 ` hubicka at ucw dot cz 2020-10-19 14:15 ` marxin at gcc dot gnu.org 2020-10-19 14:51 ` Jan Hubicka 2020-10-19 14:52 ` hubicka at ucw dot cz 2020-10-19 14:58 ` marxin at gcc dot gnu.org 2020-10-27 10:50 ` cvs-commit at gcc dot gnu.org 2020-10-27 10:50 ` marxin at gcc dot gnu.org 2020-10-27 22:18 ` slyfox at gcc dot gnu.org 2020-10-29 10:19 ` marxin at gcc dot gnu.org 2020-10-29 14:53 ` slyfox at gcc dot gnu.org 2020-10-29 15:00 ` marxin at gcc dot gnu.org 2020-10-29 15:05 ` marxin at gcc dot gnu.org 2020-10-29 18:54 ` marxin at gcc dot gnu.org 2020-10-29 19:11 ` jakub at gcc dot gnu.org 2020-10-30 8:45 ` slyfox at gcc dot gnu.org 2020-10-30 23:37 ` slyfox at gcc dot gnu.org 2020-11-06 13:47 ` cvs-commit at gcc dot gnu.org 2020-11-06 13:49 ` marxin at gcc dot gnu.org 2020-11-09 9:57 ` marxin at gcc dot gnu.org 2020-12-04 7:01 ` marxin at gcc dot gnu.org 2021-01-21 9:26 ` rguenth at gcc dot gnu.org 2021-01-26 11:51 ` marxin at gcc dot gnu.org 2021-03-03 13:22 ` cvs-commit at gcc dot gnu.org 2021-03-03 13:27 ` marxin at gcc dot gnu.org 2021-03-03 13:31 ` jakub at gcc dot gnu.org 2021-03-03 14:49 ` marxin at gcc dot gnu.org 2021-03-03 15:14 ` lh_mouse at 126 dot com 2021-03-05 18:11 ` slyfox at gcc dot gnu.org 2021-03-06 8:19 ` marxin at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-97461-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).