From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 49400 invoked by alias); 2 Jun 2017 17:13:08 -0000 Mailing-List: contact jit-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: Sender: jit-owner@gcc.gnu.org Received: (qmail 47817 invoked by uid 89); 2 Jun 2017 17:13:06 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LAZY_DOMAIN_SECURITY,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=H*Ad:U*jit X-Spam-Status: No, score=-25.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LAZY_DOMAIN_SECURITY,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-Spam-User: qpsmtpd, 2 recipients X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 02 Jun 2017 17:13:05 +0000 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A67C1C057FA6; Fri, 2 Jun 2017 17:13:07 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com A67C1C057FA6 Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=dmalcolm@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com A67C1C057FA6 Received: from c64.redhat.com (ovpn-112-15.phx2.redhat.com [10.3.112.15]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5E88977C05; Fri, 2 Jun 2017 17:13:06 +0000 (UTC) From: David Malcolm To: gcc-patches@gcc.gnu.org Cc: Jan Hubicka , jit@gcc.gnu.org, David Malcolm Subject: [committed] Fix segfault in free_growth_caches (PR jit/80954) Date: Sun, 01 Jan 2017 00:00:00 -0000 Message-Id: <1496425523-7546-1-git-send-email-dmalcolm@redhat.com> In-Reply-To: <20170522153754.GE21448@kam.mff.cuni.cz> References: <20170522153754.GE21448@kam.mff.cuni.cz> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Fri, 02 Jun 2017 17:13:08 +0000 (UTC) X-IsSubscribed: yes X-SW-Source: 2017-q2/txt/msg00001.txt.bz2 r248336 added these lines to free_growth_caches if (edge_removal_hook_holder) symtab->remove_edge_removal_hook (edge_removal_hook_holder); which broke the JIT; attempts to compile more than one time within a single process segfault here: 305 symbol_table::remove_edge_removal_hook (cgraph_edge_hook_list *entry) 306 { 307 cgraph_edge_hook_list **ptr = &m_first_edge_removal_hook; 308 309 while (*ptr != entry) >>310 ptr = &(*ptr)->next; 311 *ptr = entry->next; 312 free (entry); 313 } (gdb) p ptr $3 = (cgraph_edge_hook_list **) 0x10 (gdb) bt #0 symbol_table::remove_edge_removal_hook (this=0x7fffeef83200, entry=0x664c90) at ../../src/gcc/cgraph.c:310 #1 0x00007ffff6a03e2c in free_growth_caches () at ../../src/gcc/ipa-inline-analysis.c:113 #2 0x00007ffff73e7bd9 in inline_small_functions () at ../../src/gcc/ipa-inline.c:2059 #3 ipa_inline () at ../../src/gcc/ipa-inline.c:2417 [...] The root cause is that initialize_growth_caches lazily adds edge_removal_hook_holder to the symtab: 99 if (!edge_removal_hook_holder) 100 edge_removal_hook_holder = 101 symtab->add_edge_removal_hook (&inline_edge_removal_hook, NULL); but free_growth_caches removes it without NULL-ing it: 112 if (edge_removal_hook_holder) 113 symtab->remove_edge_removal_hook (edge_removal_hook_holder); Hence on the second call to free_growth_caches, it attempts to remove the edge_removal_hook_holder from the 1st iteration's initialize_growth_caches, which isn't present in the 2nd iteration's symtab. Hence the edge_removal_hook_holder isn't present, and symtab::remove_edge_removal_hook, relying on it as a sentinel value, reads through ((cgraph_edge_hook_list *)NULL)->next. This patch fixes the segfault by resetting it to NULL when removing it. Successfully bootstrapped®rtested on x86_64-pc-linux-gnu. Restores jit.sum from: # of expected passes 2892 # of unexpected failures 61 # of unresolved testcases 1 to: # of expected passes 3202 Committed to trunk as r248841, under the "obvious" rule. gcc/ChangeLog: PR jit/80954 * ipa-inline-analysis.c (free_growth_caches): Set edge_removal_hook_holder to NULL after removing it. --- gcc/ipa-inline-analysis.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gcc/ipa-inline-analysis.c b/gcc/ipa-inline-analysis.c index f562ca5..9f7b2a1 100644 --- a/gcc/ipa-inline-analysis.c +++ b/gcc/ipa-inline-analysis.c @@ -110,7 +110,10 @@ void free_growth_caches (void) { if (edge_removal_hook_holder) - symtab->remove_edge_removal_hook (edge_removal_hook_holder); + { + symtab->remove_edge_removal_hook (edge_removal_hook_holder); + edge_removal_hook_holder = NULL; + } edge_growth_cache.release (); } -- 1.8.5.3