[PATCH, committed] Reset ipa-icf.c:optimizer to NULL when done

[PATCH, committed] Reset ipa-icf.c:optimizer to NULL when done

[David Malcolm]

[-- Attachment #1: Type: text/plain, Size: 2722 bytes --]

After a recent merge of trunk to the jit branch that brought in ipa-icf,
the new pass was segfaulting on the second iteration of an in-process
compile; e.g. with:

test-factorial.exe: internal compiler error: Segmentation fault
0x7f3f20c2301a crash_signal
	../../src/gcc/toplev.c:349
0x7f3f207e963e bitmap_initialize_stat
	../../src/gcc/bitmap.h:277
0x7f3f207e963e bitmap_obstack_alloc_stat(bitmap_obstack*)
	../../src/gcc/bitmap.c:377
0x7f3f21360acb ipa_icf::sem_item::setup(bitmap_obstack*)
	../../src/gcc/ipa-icf.c:142
0x7f3f2136099d ipa_icf::sem_item::sem_item(ipa_icf::sem_item_type, symtab_node*, unsigned int, bitmap_obstack*)
	../../src/gcc/ipa-icf.c:116
0x7f3f21360e41 ipa_icf::sem_function::sem_function(cgraph_node*, unsigned int, bitmap_obstack*)
	../../src/gcc/ipa-icf.c:192
0x7f3f21363012 ipa_icf::sem_function::parse(cgraph_node*, bitmap_obstack*)
	../../src/gcc/ipa-icf.c:803
0x7f3f21365911 ipa_icf::sem_item_optimizer::parse_funcs_and_vars()
	../../src/gcc/ipa-icf.c:1619
0x7f3f21367cb5 ipa_icf_generate_summary
	../../src/gcc/ipa-icf.c:2287
0x7f3f20b5eaa4 execute_ipa_summary_passes(ipa_opt_pass_d*)
	../../src/gcc/passes.c:1952
0x7f3f20826ce8 ipa_passes
	../../src/gcc/cgraphunit.c:2043
0x7f3f2082706a symbol_table::compile()
	../../src/gcc/cgraphunit.c:2137
0x7f3f20827400 symbol_table::finalize_compilation_unit()
	../../src/gcc/cgraphunit.c:2290
0x7f3f207bf73c jit_langhook_write_globals
	../../src/gcc/jit/dummy-frontend.c:212

This turns out to be a use-after-delete: the "optimizer" singleton was
not being reset to NULL after being deleted, so on subsequent in-process
invocations of toplev::main the new instance of the pass_ipa_icf was
using the deleted memory from the previous compile.

The one-liner solution I applied to the jit branch was to simply reset
the ptr to NULL after deleting it to ensure that a fresh
sem_item_optimizer gets built on each in-process compile.

Attached is a version of that jit patch, that I've now committed to
trunk.

Bootstrapped on x86_64-unknown-linux-gnu (Fedora 20).

Committed to trunk as r216561, since this seems obvious.

A more involved solution might be to eliminate this singleton in favor
of making it instance data of the class pass_ipa_icf, but that would
involved making the IPA hooks be vfuncs, so not doing that for now.

The other new piece of global state in ipa-icf.c is:

  unsigned int sem_item_optimizer::class_id = 0;

Honza, Martin: is there any reason that class_id is static, rather that
being instance data of the sem_item_optimizer instance?  As far as I can
see, it's only ever accessed from sem_item_optimizer methods.  Though
the jit branch's testsuite seems to work OK if I don't bother resetting
it back to 0...

Thanks
Dave

[-- Attachment #2: r216561.patch --]
[-- Type: text/x-patch, Size: 682 bytes --]

Index: gcc/ChangeLog
===================================================================
--- gcc/ChangeLog	(revision 216560)
+++ gcc/ChangeLog	(revision 216561)
@@ -1,3 +1,7 @@
+2014-10-22  David Malcolm  <dmalcolm@redhat.com>
+
+	* ipa-icf.c (ipa_icf_driver): Set optimizer to NULL when done.
+
 2014-10-22  Andrew MacLeod  <amacleod@redhat.com>
 
 	* cfgbuild.h: New.  Add prototypes for cfgbuild.c.
Index: gcc/ipa-icf.c
===================================================================
--- gcc/ipa-icf.c	(revision 216560)
+++ gcc/ipa-icf.c	(revision 216561)
@@ -2320,6 +2320,7 @@
   optimizer->unregister_hooks ();
 
   delete optimizer;
+  optimizer = NULL;
 
   return 0;
 }