[Bug jit/98615] New: libgccjit crash while freeing 'clone_info' in 'cgraph_c

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug jit/98615] New: libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
@ 2021-01-10 11:14 akrl at gcc dot gnu.org
  2021-01-11  8:10 ` [Bug jit/98615] " marxin at gcc dot gnu.org
                   ` (10 more replies)
  0 siblings, 11 replies; 15+ messages in thread
From: akrl at gcc dot gnu.org @ 2021-01-10 11:14 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615

            Bug ID: 98615
           Summary: libgccjit crash while freeing 'clone_info' in
                    'cgraph_c_finalize'
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: jit
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: akrl at gcc dot gnu.org
  Target Milestone: ---

Created attachment 49928
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=49928&action=edit
reproducer

====
$ gcc libgccjit_repro.c -lgccjit
$ ./a.out
munmap_chunk(): invalid pointer
Aborted (core dumped)
====

What is going on is that a static function (CAR) is inlined via virtual clone
and its symbol released.

Eventually 'cgraph_c_finalize' calls 'clone_info::release' and this is where
(not sure why) we crash.

I believe this bug was introduced by: 

ae7a23a3fab Move clone_info to summary

The first revision where is possible to reproduce on was unbroken few commits
later with:

895fdc1f4c9 ipa: Fix segmentation fault in
function_summary<clone_info*>::get(cgraph_node*)

I found this because it breaks Emacs bootstrap on libgccjit.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [Bug jit/98615] libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
  2021-01-10 11:14 [Bug jit/98615] New: libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize' akrl at gcc dot gnu.org
@ 2021-01-11  8:10 ` marxin at gcc dot gnu.org
  2021-01-11 12:49 ` marxin at gcc dot gnu.org
                   ` (9 subsequent siblings)
  10 siblings, 0 replies; 15+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-01-11  8:10 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|dmalcolm at gcc dot gnu.org        |marxin at gcc dot gnu.org
                 CC|                            |marxin at gcc dot gnu.org
   Last reconfirmed|                            |2021-01-11
             Status|UNCONFIRMED                 |ASSIGNED
     Ever confirmed|0                           |1

--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
I can try to take a look.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [Bug jit/98615] libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
  2021-01-10 11:14 [Bug jit/98615] New: libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize' akrl at gcc dot gnu.org
  2021-01-11  8:10 ` [Bug jit/98615] " marxin at gcc dot gnu.org
@ 2021-01-11 12:49 ` marxin at gcc dot gnu.org
  2021-01-11 12:58 ` marxin at gcc dot gnu.org
                   ` (8 subsequent siblings)
  10 siblings, 0 replies; 15+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-01-11 12:49 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615

--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
g:895fdc1f4c9

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [Bug jit/98615] libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
  2021-01-10 11:14 [Bug jit/98615] New: libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize' akrl at gcc dot gnu.org
  2021-01-11  8:10 ` [Bug jit/98615] " marxin at gcc dot gnu.org
  2021-01-11 12:49 ` marxin at gcc dot gnu.org
@ 2021-01-11 12:58 ` marxin at gcc dot gnu.org
  2021-01-11 13:30   ` Andrea Corallo
  2021-01-11 13:30 ` andrea.corallo at arm dot com
                   ` (7 subsequent siblings)
  10 siblings, 1 reply; 15+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-01-11 12:58 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |11.0

--- Comment #3 from Martin Liška <marxin at gcc dot gnu.org> ---
I've got a patch candidate.
Thanks for the report!

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [Bug jit/98615] libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
  2021-01-11 12:58 ` marxin at gcc dot gnu.org
@ 2021-01-11 13:30   ` Andrea Corallo
  0 siblings, 0 replies; 15+ messages in thread
From: Andrea Corallo @ 2021-01-11 13:30 UTC (permalink / raw)
  To: marxin at gcc dot gnu.org via Gcc-bugs; +Cc: marxin at gcc dot gnu.org, nd

Thank you for looking into it!  I tried my self but with no success


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [Bug jit/98615] libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
  2021-01-10 11:14 [Bug jit/98615] New: libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize' akrl at gcc dot gnu.org
                   ` (2 preceding siblings ...)
  2021-01-11 12:58 ` marxin at gcc dot gnu.org
@ 2021-01-11 13:30 ` andrea.corallo at arm dot com
  2021-01-11 17:15 ` cvs-commit at gcc dot gnu.org
                   ` (6 subsequent siblings)
  10 siblings, 0 replies; 15+ messages in thread
From: andrea.corallo at arm dot com @ 2021-01-11 13:30 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615

--- Comment #4 from Andrea Corallo <andrea.corallo at arm dot com> ---
Thank you for looking into it!  I tried my self but with no success

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [Bug jit/98615] libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
  2021-01-10 11:14 [Bug jit/98615] New: libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize' akrl at gcc dot gnu.org
                   ` (3 preceding siblings ...)
  2021-01-11 13:30 ` andrea.corallo at arm dot com
@ 2021-01-11 17:15 ` cvs-commit at gcc dot gnu.org
  2021-01-11 17:15 ` marxin at gcc dot gnu.org
                   ` (5 subsequent siblings)
  10 siblings, 0 replies; 15+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-01-11 17:15 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615

--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Liska <marxin@gcc.gnu.org>:

https://gcc.gnu.org/g:cbe9758ff494d55d558a2a0c5e8702c50fcebdf0

commit r11-6593-gcbe9758ff494d55d558a2a0c5e8702c50fcebdf0
Author: Martin Liska <mliska@suse.cz>
Date:   Mon Jan 11 14:01:07 2021 +0100

    Properly release symtab::m_clones.

    gcc/ChangeLog:

            PR jit/98615
            * symtab-clones.h (clone_info::release): Release
            symtab::m_clones with ggc_delete as it's a GGC memory.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [Bug jit/98615] libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
  2021-01-10 11:14 [Bug jit/98615] New: libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize' akrl at gcc dot gnu.org
                   ` (4 preceding siblings ...)
  2021-01-11 17:15 ` cvs-commit at gcc dot gnu.org
@ 2021-01-11 17:15 ` marxin at gcc dot gnu.org
  2021-01-11 19:36   ` Andrea Corallo
  2021-01-11 19:37 ` andrea.corallo at arm dot com
                   ` (4 subsequent siblings)
  10 siblings, 1 reply; 15+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-01-11 17:15 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #6 from Martin Liška <marxin at gcc dot gnu.org> ---
Fixed.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [Bug jit/98615] libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
  2021-01-11 17:15 ` marxin at gcc dot gnu.org
@ 2021-01-11 19:36   ` Andrea Corallo
  0 siblings, 0 replies; 15+ messages in thread
From: Andrea Corallo @ 2021-01-11 19:36 UTC (permalink / raw)
  To: marxin at gcc dot gnu.org via Gcc-bugs; +Cc: marxin at gcc dot gnu.org

Thanks Martin, I can confirm that also the bootstrap is back okay.


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [Bug jit/98615] libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
  2021-01-10 11:14 [Bug jit/98615] New: libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize' akrl at gcc dot gnu.org
                   ` (5 preceding siblings ...)
  2021-01-11 17:15 ` marxin at gcc dot gnu.org
@ 2021-01-11 19:37 ` andrea.corallo at arm dot com
  2021-01-12  8:17 ` marxin at gcc dot gnu.org
                   ` (3 subsequent siblings)
  10 siblings, 0 replies; 15+ messages in thread
From: andrea.corallo at arm dot com @ 2021-01-11 19:37 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615

--- Comment #7 from Andrea Corallo <andrea.corallo at arm dot com> ---
Thanks Martin, I can confirm that also the bootstrap is back okay.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [Bug jit/98615] libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
  2021-01-10 11:14 [Bug jit/98615] New: libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize' akrl at gcc dot gnu.org
                   ` (6 preceding siblings ...)
  2021-01-11 19:37 ` andrea.corallo at arm dot com
@ 2021-01-12  8:17 ` marxin at gcc dot gnu.org
  2021-01-12  9:15   ` Andrea Corallo
  2021-01-12  9:15 ` andrea.corallo at arm dot com
                   ` (2 subsequent siblings)
  10 siblings, 1 reply; 15+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-01-12  8:17 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615

--- Comment #8 from Martin Liška <marxin at gcc dot gnu.org> ---
(In reply to Andrea Corallo from comment #7)
> Thanks Martin, I can confirm that also the bootstrap is back okay.

You're welcome.
Can you please point me to Emacs JIt usage? I'm curious what for is libgccjit
used in the project?

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [Bug jit/98615] libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
  2021-01-12  8:17 ` marxin at gcc dot gnu.org
@ 2021-01-12  9:15   ` Andrea Corallo
  0 siblings, 0 replies; 15+ messages in thread
From: Andrea Corallo @ 2021-01-12  9:15 UTC (permalink / raw)
  To: marxin at gcc dot gnu.org via Gcc-bugs; +Cc: marxin at gcc dot gnu.org

"marxin at gcc dot gnu.org via Gcc-bugs" <gcc-bugs@gcc.gnu.org> writes:

> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615
>
> --- Comment #8 from Martin Liška <marxin at gcc dot gnu.org> ---
> (In reply to Andrea Corallo from comment #7)
>> Thanks Martin, I can confirm that also the bootstrap is back okay.
>
> You're welcome.
> Can you please point me to Emacs JIt usage? I'm curious what for is libgccjit
> used in the project?

That's a feature branch that being integrated as is planed to have it in
for 28.

Essentially we use it to compile .el files into shared libraries we then
load to have Elisp executed as native code.

Here is the recording for my presentation at LPC2020/Cauldron:
<https://toobnix.org/videos/watch/b985c5ca-fdcf-46ff-92d5-e68922fe4821>

and this is my development blog:
<http://akrl.sdf.org/gccemacs.html>.

  Andrea


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [Bug jit/98615] libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
  2021-01-10 11:14 [Bug jit/98615] New: libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize' akrl at gcc dot gnu.org
                   ` (7 preceding siblings ...)
  2021-01-12  8:17 ` marxin at gcc dot gnu.org
@ 2021-01-12  9:15 ` andrea.corallo at arm dot com
  2021-01-12 10:49 ` marxin at gcc dot gnu.org
  2021-04-21 18:09 ` cvs-commit at gcc dot gnu.org
  10 siblings, 0 replies; 15+ messages in thread
From: andrea.corallo at arm dot com @ 2021-01-12  9:15 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615

--- Comment #9 from Andrea Corallo <andrea.corallo at arm dot com> ---
"marxin at gcc dot gnu.org via Gcc-bugs" <gcc-bugs@gcc.gnu.org> writes:

> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615
>
> --- Comment #8 from Martin Liška <marxin at gcc dot gnu.org> ---
> (In reply to Andrea Corallo from comment #7)
>> Thanks Martin, I can confirm that also the bootstrap is back okay.
>
> You're welcome.
> Can you please point me to Emacs JIt usage? I'm curious what for is libgccjit
> used in the project?

That's a feature branch that being integrated as is planed to have it in
for 28.

Essentially we use it to compile .el files into shared libraries we then
load to have Elisp executed as native code.

Here is the recording for my presentation at LPC2020/Cauldron:
<https://toobnix.org/videos/watch/b985c5ca-fdcf-46ff-92d5-e68922fe4821>

and this is my development blog:
<http://akrl.sdf.org/gccemacs.html>.

  Andrea

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [Bug jit/98615] libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
  2021-01-10 11:14 [Bug jit/98615] New: libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize' akrl at gcc dot gnu.org
                   ` (8 preceding siblings ...)
  2021-01-12  9:15 ` andrea.corallo at arm dot com
@ 2021-01-12 10:49 ` marxin at gcc dot gnu.org
  2021-04-21 18:09 ` cvs-commit at gcc dot gnu.org
  10 siblings, 0 replies; 15+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-01-12 10:49 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615

--- Comment #10 from Martin Liška <marxin at gcc dot gnu.org> ---
> That's a feature branch that being integrated as is planed to have it in
> for 28.
> 
> Essentially we use it to compile .el files into shared libraries we then
> load to have Elisp executed as native code.

Great! Good we have a consumer of the infrastructure.

> 
> Here is the recording for my presentation at LPC2020/Cauldron:
> <https://toobnix.org/videos/watch/b985c5ca-fdcf-46ff-92d5-e68922fe4821>

I'm going to watch, thanks!

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [Bug jit/98615] libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize'
  2021-01-10 11:14 [Bug jit/98615] New: libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize' akrl at gcc dot gnu.org
                   ` (9 preceding siblings ...)
  2021-01-12 10:49 ` marxin at gcc dot gnu.org
@ 2021-04-21 18:09 ` cvs-commit at gcc dot gnu.org
  10 siblings, 0 replies; 15+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-04-21 18:09 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615

--- Comment #11 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Liska <marxin@gcc.gnu.org>:

https://gcc.gnu.org/g:a63035ae262078cd70927b06a2bd3ee94cc6e56e

commit r12-48-ga63035ae262078cd70927b06a2bd3ee94cc6e56e
Author: Martin Liska <mliska@suse.cz>
Date:   Mon Jan 11 18:12:54 2021 +0100

    Call toplev::finalize in CHECKING_P mode.

    gcc/ChangeLog:

            PR jit/98615
            * main.c (main): Call toplev::finalize in CHECKING_P mode.
            * ipa-modref.c (ipa_modref_c_finalize): summaries are NULL
            when incremental LTO linking happens.

^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2021-04-21 18:09 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-10 11:14 [Bug jit/98615] New: libgccjit crash while freeing 'clone_info' in 'cgraph_c_finalize' akrl at gcc dot gnu.org
2021-01-11  8:10 ` [Bug jit/98615] " marxin at gcc dot gnu.org
2021-01-11 12:49 ` marxin at gcc dot gnu.org
2021-01-11 12:58 ` marxin at gcc dot gnu.org
2021-01-11 13:30   ` Andrea Corallo
2021-01-11 13:30 ` andrea.corallo at arm dot com
2021-01-11 17:15 ` cvs-commit at gcc dot gnu.org
2021-01-11 17:15 ` marxin at gcc dot gnu.org
2021-01-11 19:36   ` Andrea Corallo
2021-01-11 19:37 ` andrea.corallo at arm dot com
2021-01-12  8:17 ` marxin at gcc dot gnu.org
2021-01-12  9:15   ` Andrea Corallo
2021-01-12  9:15 ` andrea.corallo at arm dot com
2021-01-12 10:49 ` marxin at gcc dot gnu.org
2021-04-21 18:09 ` cvs-commit at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).