[PATCH] Clean up dangling pointers in cgraph_edge (PR ipa/89330).

[PATCH] Clean up dangling pointers in cgraph_edge (PR ipa/89330).

[Martin Liška]

[-- Attachment #1: Type: text/plain, Size: 494 bytes --]

Hi.

We have to clean up dangling pointers before we call ggc_free for a cgraph_edge.

Patch can bootstrap on x86_64-linux-gnu and survives regression tests.
And it survives --enable-checking=release bootstrap on x86_64-linux-gnu.

Ready to be installed?
Thanks,
Martin

gcc/ChangeLog:

2019-07-30  Martin Liska  <mliska@suse.cz>

	PR ipa/89330
	* cgraph.c (symbol_table::free_edge): Memset 0 to cgraph_edge
	before we call ggc_free.
---
 gcc/cgraph.c | 2 ++
 1 file changed, 2 insertions(+)



[-- Attachment #2: 0001-Clean-up-dangling-pointers-in-cgraph_edge-PR-ipa-893.patch --]
[-- Type: text/x-patch, Size: 439 bytes --]

diff --git a/gcc/cgraph.c b/gcc/cgraph.c
index 81250acb70c..372974f12df 100644
--- a/gcc/cgraph.c
+++ b/gcc/cgraph.c
@@ -1008,6 +1008,8 @@ symbol_table::free_edge (cgraph_edge *e)
   if (e->m_summary_id != -1)
     edge_released_summary_ids.safe_push (e->m_summary_id);
 
+  /* Clear out the edge so we do not dangle pointers.  */
+  memset (e, 0, sizeof (*e));
   if (e->indirect_info)
     ggc_free (e->indirect_info);
   ggc_free (e);

Re: [PATCH] Clean up dangling pointers in cgraph_edge (PR ipa/89330).

[Richard Biener]

On Tue, Jul 30, 2019 at 9:27 AM Martin Liška <mliska@suse.cz> wrote:
>
> Hi.
>
> We have to clean up dangling pointers before we call ggc_free for a cgraph_edge.
>
> Patch can bootstrap on x86_64-linux-gnu and survives regression tests.
> And it survives --enable-checking=release bootstrap on x86_64-linux-gnu.
>
> Ready to be installed?

Eh?  The only "real" effect I see is that e->indirect_info test is now
never true.

I think it rather means the edge we ggc_free is still referenced to
from somewhere
and _that_ needs to be fixed or we ggc_free the edge wrongly.

Richard.

> Thanks,
> Martin
>
> gcc/ChangeLog:
>
> 2019-07-30  Martin Liska  <mliska@suse.cz>
>
>         PR ipa/89330
>         * cgraph.c (symbol_table::free_edge): Memset 0 to cgraph_edge
>         before we call ggc_free.
> ---
>  gcc/cgraph.c | 2 ++
>  1 file changed, 2 insertions(+)
>
>

Re: [PATCH] Clean up dangling pointers in cgraph_edge (PR ipa/89330).

[Martin Liška]

On 7/30/19 10:36 AM, Richard Biener wrote:
> On Tue, Jul 30, 2019 at 9:27 AM Martin Liška <mliska@suse.cz> wrote:
>>
>> Hi.
>>
>> We have to clean up dangling pointers before we call ggc_free for a cgraph_edge.
>>
>> Patch can bootstrap on x86_64-linux-gnu and survives regression tests.
>> And it survives --enable-checking=release bootstrap on x86_64-linux-gnu.
>>
>> Ready to be installed?
> 
> Eh?  The only "real" effect I see is that e->indirect_info test is now
> never true.

Yep, you are right.

> 
> I think it rather means the edge we ggc_free is still referenced to
> from somewhere
> and _that_ needs to be fixed or we ggc_free the edge wrongly.

Yes, that's one another situation IPA CP is touching a dead cgraph_edge.
Martin will help me latter.
I'm reducing a test-case now..

Martin

> 
> Richard.
> 
>> Thanks,
>> Martin
>>
>> gcc/ChangeLog:
>>
>> 2019-07-30  Martin Liska  <mliska@suse.cz>
>>
>>         PR ipa/89330
>>         * cgraph.c (symbol_table::free_edge): Memset 0 to cgraph_edge
>>         before we call ggc_free.
>> ---
>>  gcc/cgraph.c | 2 ++
>>  1 file changed, 2 insertions(+)
>>
>>

[PATCH v2] Use edge->indirect_unknown_callee in cgraph_edge::make_direct (PR ipa/89330).

[Martin Liška]

[-- Attachment #1: Type: text/plain, Size: 437 bytes --]

Hi.

Thanks to Martin I was able to prepare a proper fix. The issue is that
cgraph_edge::resolve_speculation can delete this pointer (yes, it's
super nasty) and so that the caller can't use this->something
right after the function returns.

For the long term, I'll rework the ::resolve_speculation function.

The patch survives --enable-checking bootstrap on x86_64-linux-gnu.

Ready to be installed after proper testing?
Thanks,
Martin

[-- Attachment #2: 0001-Use-edge-indirect_unknown_callee-in-cgraph_edge-make.patch --]
[-- Type: text/x-patch, Size: 986 bytes --]

From 15873b0ebfca4cf4ce06b49f6ebb798a14414eb2 Mon Sep 17 00:00:00 2001
From: Martin Liska <mliska@suse.cz>
Date: Tue, 30 Jul 2019 15:12:52 +0200
Subject: [PATCH] Use edge->indirect_unknown_callee in cgraph_edge::make_direct
 (PR ipa/89330).

gcc/ChangeLog:

2019-07-30  Martin Liska  <mliska@suse.cz>

	PR ipa/89330
	* cgraph.c (cgraph_edge::make_direct): Use
	edge->indirect_unknown_callee as edge->resolve_speculation can
	deallocate edge which is this pointer.
---
 gcc/cgraph.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gcc/cgraph.c b/gcc/cgraph.c
index 81250acb70c..8dbe705af68 100644
--- a/gcc/cgraph.c
+++ b/gcc/cgraph.c
@@ -1215,7 +1215,7 @@ cgraph_edge::make_direct (cgraph_node *callee)
       edge = edge->resolve_speculation (callee->decl);
 
       /* On successful speculation just return the pre existing direct edge.  */
-      if (!indirect_unknown_callee)
+      if (!edge->indirect_unknown_callee)
         return edge;
     }
 
-- 
2.22.0

Re: [PATCH v2] Use edge->indirect_unknown_callee in cgraph_edge::make_direct (PR ipa/89330).

[Martin Liška]

On 7/30/19 3:37 PM, Martin Liška wrote:
> Hi.
> 
> Thanks to Martin I was able to prepare a proper fix. The issue is that
> cgraph_edge::resolve_speculation can delete this pointer (yes, it's
> super nasty) and so that the caller can't use this->something
> right after the function returns.
> 
> For the long term, I'll rework the ::resolve_speculation function.
> 
> The patch survives --enable-checking bootstrap on x86_64-linux-gnu.
> 
> Ready to be installed after proper testing?
> Thanks,
> Martin
> 

Honza approved me the patch offline.

Martin

Re: [PATCH v2] Use edge->indirect_unknown_callee in cgraph_edge::make_direct (PR ipa/89330).

[Jeff Law]

On 7/30/19 7:37 AM, Martin Liška wrote:
> Hi.
> 
> Thanks to Martin I was able to prepare a proper fix. The issue is that
> cgraph_edge::resolve_speculation can delete this pointer (yes, it's
> super nasty) and so that the caller can't use this->something
> right after the function returns.
> 
> For the long term, I'll rework the ::resolve_speculation function.
> 
> The patch survives --enable-checking bootstrap on x86_64-linux-gnu.
> 
> Ready to be installed after proper testing?
> Thanks,
> Martin
> 
Would this possibly be the cause of this error building the kernel:


> /opt/notnfs/law/jenkins/workspace/x86_64-linux-gnu/linux/lib/iov_iter.c: In function 'memcpy_to_page':
> /opt/notnfs/law/jenkins/workspace/x86_64-linux-gnu/linux/lib/iov_iter.c:1718:1: internal compiler error: in gt_ggc_mx_symtab_node, at gtype-desc.c:1382
>  1718 | EXPORT_SYMBOL(iov_iter_for_each_range);
>       | ^~~~~~~~~~~~~
> 0x66537c gt_ggc_mx_symtab_node(void*)
> 	/opt/notnfs/law/jenkins/workspace/x86_64-linux-gnu/obj/gcc/gcc/gtype-desc.c:1382
>   CC      fs/super.o
> 0xcafbcd gt_ggc_ma_order
> 	./gt-passes.h:31
> 0xcafbcd gt_ggc_ma_order
> 	./gt-passes.h:26
> 0xac0555 ggc_mark_root_tab
> 	../../../gcc/gcc/ggc-common.c:77
> 0xac075c ggc_mark_roots()
> 	../../../gcc/gcc/ggc-common.c:94
> 0x8ee485 ggc_collect()
> 	../../../gcc/gcc/ggc-page.c:2201
> Please submit a full bug report,

Jeff

Re: [PATCH v2] Use edge->indirect_unknown_callee in cgraph_edge::make_direct (PR ipa/89330).

[Martin Liška]

On 8/8/19 12:08 AM, Jeff Law wrote:
> Would this possibly be the cause of this error building the kernel:

Probably yes. You see the same as H.J.:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91334

Can you please create a pre-processed source with and command line options?
And please tell me how you configure your compiler?

Thanks,
Martin

Re: [PATCH v2] Use edge->indirect_unknown_callee in cgraph_edge::make_direct (PR ipa/89330).

[Jeff Law]

On 8/8/19 1:41 AM, Martin Liška wrote:
> On 8/8/19 12:08 AM, Jeff Law wrote:
>> Would this possibly be the cause of this error building the kernel:
> 
> Probably yes. You see the same as H.J.:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91334
> 
> Can you please create a pre-processed source with and command line options?
> And please tell me how you configure your compiler?
Ugh.  I was going to do a litle bisection and investigation and, of
course, it's not triggering.   I'm moving a bit between multiple tasks
as a dig out from vacation, but will try to get you something useful as
soon as I can.

jeff