From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nathanmsidwell@gmail.com>
Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731])
	by sourceware.org (Postfix) with ESMTPS id C107E3857830
	for <gcc-patches@gcc.gnu.org>; Thu, 27 Oct 2022 10:21:31 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C107E3857830
Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=acm.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-qk1-x731.google.com with SMTP id b25so491483qkk.7
        for <gcc-patches@gcc.gnu.org>; Thu, 27 Oct 2022 03:21:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to
         :content-language:subject:user-agent:mime-version:date:message-id
         :sender:from:to:cc:subject:date:message-id:reply-to;
        bh=xS4JW3c0qRXyhOG52J6Ye0W/1OkMMGPm+85qK2UXyA4=;
        b=oR4nWx7pVSRdAgg21gBhHYZKv40GDE/Wmvb8Hy5vX8fSVu4cHcNxOQMOMOrZgolnQh
         qaOKqeJsoaK0GjGZxzcLnEmQtRIZRSXpnpw2ChXKiY3531vRrlOthMvux4P0Vgm2Hdrx
         Jt89HBVuqL+paZbnFHifUJJYLr8bjjDD7L/6edA7iNKrbMXZ7nXwkwD99SyT+lNyBwUr
         deUWYQZdDRuYJGj9Jpzcg7Uhv2Nm5ICgzXNDZv7cv+2t27pUd3PpjQU+5Lrad+BT1qXW
         nHIORFWnqbLt3dKv/kKWZimL54MRuu9i2vIw5tFPphmPoR518BjboBcrtzZbftLTukcF
         pYiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to
         :content-language:subject:user-agent:mime-version:date:message-id
         :sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=xS4JW3c0qRXyhOG52J6Ye0W/1OkMMGPm+85qK2UXyA4=;
        b=SeRMSL/YblvUk57zA2H4cTYrFMcIyDWE0eymtQxAHO7eSSJANRUBxJJP+Pge5yZuUJ
         JKv945VLwuP0yv4dhYLM5/is8Y4k3rzbAzhLYxwxYr+Z3F9m+OTvQBgt9WXZds61FR4Z
         UjqP+x5/LdxbsjXeZvXM0nrusPIBcsaQUUeYOHPh9UJ+Xy1elnvN0rvUB4Qarmu+Jogf
         ZzHHT7Sdb8cfQEZ4xsZkBsXdo8lCnVqCvBVMErdYLGWwU9SRcA/uwQ0KaUVecEkSl0uj
         2XBh82ms4tdmanVtcZS3t14MQI/VDLVa0uMDGZLE/odZQ5l19PgFNLkTOIDepyAGgSTq
         Rbzg==
X-Gm-Message-State: ACrzQf1M6IOWtZTPTQC9qVd0lal7ZsReRA+5gg3PusoPZsZVb9Sb3feJ
	xBZefrmKPcJDNi5fAGq9/vU=
X-Google-Smtp-Source: AMsMyM7K5jVCPbz/cc1hCdERTUPhVLxdELdU9fB/UU1c2J/95sazG3Z28ycMWCEfKbx0e9/K3ziOdw==
X-Received: by 2002:a05:620a:2b86:b0:6f9:9e9e:caa4 with SMTP id dz6-20020a05620a2b8600b006f99e9ecaa4mr3953293qkb.559.1666866090993;
        Thu, 27 Oct 2022 03:21:30 -0700 (PDT)
Received: from ?IPV6:2601:19c:527f:bfd0::5? ([2601:19c:527f:bfd0::5])
        by smtp.googlemail.com with ESMTPSA id r6-20020ac85c86000000b003431446588fsm707442qta.5.2022.10.27.03.21.30
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 27 Oct 2022 03:21:30 -0700 (PDT)
Sender: Nathan Sidwell <nathanmsidwell@gmail.com>
Message-ID: <b888c3f0-06b0-79c1-61e9-5dd95037662d@acm.org>
Date: Thu, 27 Oct 2022 06:21:29 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.4.0
Subject: Re: [PATCH] c++: Fix ICE on g++.dg/modules/adl-3_c.C [PR107379]
Content-Language: en-US
To: Jakub Jelinek <jakub@redhat.com>, Jason Merrill <jason@redhat.com>
Cc: gcc-patches@gcc.gnu.org
References: <Y1o+hfO6L6AGXcE4@tucnak>
From: Nathan Sidwell <nathan@acm.org>
In-Reply-To: <Y1o+hfO6L6AGXcE4@tucnak>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-3032.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc-patches.gcc.gnu.org>

On 10/27/22 04:17, Jakub Jelinek wrote:
> Hi!
> 
> As mentioned in the PR, apparently my r13-2887 P1467R9 changes
> regressed these tests on powerpc64le-linux with IEEE quad by default.
> 
> I believe my changes just uncovered a latent bug.
> The problem is that push_namespace calls find_namespace_slot,
> which does:
>    tree *slot = DECL_NAMESPACE_BINDINGS (ns)
>      ->find_slot_with_hash (name, name ? IDENTIFIER_HASH_VALUE (name) : 0,
>                             create_p ? INSERT : NO_INSERT);
> In the <identifier_node 0x7fffe9f55ac0 details> ns case, slot is non-NULL
> above with a binding_vector in it.
> Then pushdecl is called and this does:
> 		  slot = find_namespace_slot (ns, name, ns == current_namespace);
> where ns == current_namespace (ns is :: and name is details) is true.
> So this again calls
> 	  tree *slot = DECL_NAMESPACE_BINDINGS (ns)
> 	    ->find_slot_with_hash (name, name ? IDENTIFIER_HASH_VALUE (name) : 0,
> 				   create_p ? INSERT : NO_INSERT);
> but this time with create_p and so INSERT.
> At this point we reach
> 	  if (insert == INSERT && m_size * 3 <= m_n_elements * 4)
> 	    expand ();
> and when we are unlucky and the occupancy of the hash table just reached 3/4,
> expand () is called and the hash table is reallocated.  But when that happens,
> it means the slot pointer in the pushdecl caller (push_namespace) points to
> freed memory and so any accesses to it in make_namespace_finish will be UB.

that's unfortunate, oh well.

> The following patch fixes it by calling find_namespace_slot again even if it
> was non-NULL, just doesn't assert it is *slot == ns in that case (because
> it often is not).
> 
> Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

ok. thanks

nathan
-- 
Nathan Sidwell