[PATCH] libgccjit: Fix ira cost segfault

[PATCH] libgccjit: Fix ira cost segfault

[Antoni Boucher]

[-- Attachment #1: Type: text/plain, Size: 490 bytes --]

Hi.
This patch fixes a segfault that happens when compiling librsvg (more
specifically its dependency aho-corasick) with rustc_codegen_gcc (bug
112575).
I was not able to create a reproducer for this bug: I'm assuming I
might need to concat all the reproducers together in the same file in
order to be able to reproduce the issue.

I'm also not sure I put the cleanup in the correct location.
Is there any finalizer function for target specific code?

Thanks to fix this issue.

[-- Attachment #2: 0001-libgccjit-Fix-ira-cost-segfault.patch --]
[-- Type: text/x-patch, Size: 1173 bytes --]

From e0f4f51682266bc9f507afdb64908ed3695a2f5e Mon Sep 17 00:00:00 2001
From: Antoni Boucher <bouanto@zoho.com>
Date: Thu, 2 Nov 2023 17:18:35 -0400
Subject: [PATCH] libgccjit: Fix ira cost segfault

gcc/ChangeLog:
	PR jit/112575
	* config/i386/i386-options.cc (ix86_option_override_internal):
	Cleanup target_attribute_cache.
---
 gcc/config/i386/i386-options.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/gcc/config/i386/i386-options.cc b/gcc/config/i386/i386-options.cc
index df7d24352d1..f596c0fb53c 100644
--- a/gcc/config/i386/i386-options.cc
+++ b/gcc/config/i386/i386-options.cc
@@ -3070,6 +3070,12 @@ ix86_option_override_internal (bool main_args_p,
 	= opts->x_flag_unsafe_math_optimizations;
       target_option_default_node = target_option_current_node
         = build_target_option_node (opts, opts_set);
+      /* TODO: check if this is the correct location.  It should probably be in
+	 some finalizer function, but I don't
+	 know if there's one.  */
+      target_attribute_cache[0] = NULL;
+      target_attribute_cache[1] = NULL;
+      target_attribute_cache[2] = NULL;
     }
 
   if (opts->x_flag_cf_protection != CF_NONE)
-- 
2.42.1

Re: [PATCH] libgccjit: Fix ira cost segfault

[David Malcolm]

On Thu, 2023-11-16 at 17:28 -0500, Antoni Boucher wrote:
> Hi.
> This patch fixes a segfault that happens when compiling librsvg (more
> specifically its dependency aho-corasick) with rustc_codegen_gcc (bug
> 112575).
> I was not able to create a reproducer for this bug: I'm assuming I
> might need to concat all the reproducers together in the same file in
> order to be able to reproduce the issue.

Hi Antoni

Thanks for the patch; sorry for missing it before.

CCing the i386 maintainers; quoting the patch here to give them
context:

> From e0f4f51682266bc9f507afdb64908ed3695a2f5e Mon Sep 17 00:00:00 2001
> From: Antoni Boucher <bouanto@zoho.com>
> Date: Thu, 2 Nov 2023 17:18:35 -0400
> Subject: [PATCH] libgccjit: Fix ira cost segfault
> 
> gcc/ChangeLog:
> 	PR jit/112575
> 	* config/i386/i386-options.cc (ix86_option_override_internal):
> 	Cleanup target_attribute_cache.
> ---
>  gcc/config/i386/i386-options.cc | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/gcc/config/i386/i386-options.cc b/gcc/config/i386/i386-options.cc
> index df7d24352d1..f596c0fb53c 100644
> --- a/gcc/config/i386/i386-options.cc
> +++ b/gcc/config/i386/i386-options.cc
> @@ -3070,6 +3070,12 @@ ix86_option_override_internal (bool main_args_p,
>  	= opts->x_flag_unsafe_math_optimizations;
>        target_option_default_node = target_option_current_node
>          = build_target_option_node (opts, opts_set);
> +      /* TODO: check if this is the correct location.  It should probably be in
> +	 some finalizer function, but I don't
> +	 know if there's one.  */
> +      target_attribute_cache[0] = NULL;
> +      target_attribute_cache[1] = NULL;
> +      target_attribute_cache[2] = NULL;
>      }
>  
>    if (opts->x_flag_cf_protection != CF_NONE)
> -- 
> 2.42.1
> 

Presumably this happens when there's more than one in-process
invocation of the compiler code (via libgccjit).

> 
> I'm also not sure I put the cleanup in the correct location.
> Is there any finalizer function for target specific code?

As you know (but the i386 maintainers might not), to allow multiple in-
process invocations of the compiler code (for libgccjit) we've been
putting code to reset global state in various {filename_cc}_finalize
functions called from toplev::finalize (see the end of toplev.cc).

There doesn't seem to be any kind of hook at this time for calling
target-specific cleanups from toplev::finalize.

However, as of r14-4003-geaa8e8541349df ggc_common_finalize zeroes
everything marked with GTY.  The array target_attribute_cache does have
a GTY marking, so perhaps as of that commit this patch isn't necessary?

Otherwise, if special-casing this is required, sorry: I'm not familiar
enough with i386-options.cc to know if the patch is correct.

> 
> Thanks to fix this issue.

Dave

Re: [PATCH] libgccjit: Fix ira cost segfault

[David Malcolm]

On Wed, 2024-01-10 at 09:30 -0500, David Malcolm wrote:
> On Thu, 2023-11-16 at 17:28 -0500, Antoni Boucher wrote:
> > Hi.
> > This patch fixes a segfault that happens when compiling librsvg
> > (more
> > specifically its dependency aho-corasick) with rustc_codegen_gcc
> > (bug
> > 112575).
> > I was not able to create a reproducer for this bug: I'm assuming I
> > might need to concat all the reproducers together in the same file
> > in
> > order to be able to reproduce the issue.
> 
> Hi Antoni
> 
> Thanks for the patch; sorry for missing it before.
> 
> CCing the i386 maintainers; quoting the patch here to give them
> context:

Oops; actually adding them to the CC this time; sorry.

> 
> > From e0f4f51682266bc9f507afdb64908ed3695a2f5e Mon Sep 17 00:00:00
> > 2001
> > From: Antoni Boucher <bouanto@zoho.com>
> > Date: Thu, 2 Nov 2023 17:18:35 -0400
> > Subject: [PATCH] libgccjit: Fix ira cost segfault
> > 
> > gcc/ChangeLog:
> >         PR jit/112575
> >         * config/i386/i386-options.cc
> > (ix86_option_override_internal):
> >         Cleanup target_attribute_cache.
> > ---
> >  gcc/config/i386/i386-options.cc | 6 ++++++
> >  1 file changed, 6 insertions(+)
> > 
> > diff --git a/gcc/config/i386/i386-options.cc
> > b/gcc/config/i386/i386-options.cc
> > index df7d24352d1..f596c0fb53c 100644
> > --- a/gcc/config/i386/i386-options.cc
> > +++ b/gcc/config/i386/i386-options.cc
> > @@ -3070,6 +3070,12 @@ ix86_option_override_internal (bool
> > main_args_p,
> >         = opts->x_flag_unsafe_math_optimizations;
> >        target_option_default_node = target_option_current_node
> >          = build_target_option_node (opts, opts_set);
> > +      /* TODO: check if this is the correct location.  It should
> > probably be in
> > +        some finalizer function, but I don't
> > +        know if there's one.  */
> > +      target_attribute_cache[0] = NULL;
> > +      target_attribute_cache[1] = NULL;
> > +      target_attribute_cache[2] = NULL;
> >      }
> >  
> >    if (opts->x_flag_cf_protection != CF_NONE)
> > -- 
> > 2.42.1
> > 
> 
> Presumably this happens when there's more than one in-process
> invocation of the compiler code (via libgccjit).
> 
> > 
> > I'm also not sure I put the cleanup in the correct location.
> > Is there any finalizer function for target specific code?
> 
> As you know (but the i386 maintainers might not), to allow multiple
> in-
> process invocations of the compiler code (for libgccjit) we've been
> putting code to reset global state in various {filename_cc}_finalize
> functions called from toplev::finalize (see the end of toplev.cc).
> 
> There doesn't seem to be any kind of hook at this time for calling
> target-specific cleanups from toplev::finalize.
> 
> However, as of r14-4003-geaa8e8541349df ggc_common_finalize zeroes
> everything marked with GTY.  The array target_attribute_cache does
> have
> a GTY marking, so perhaps as of that commit this patch isn't
> necessary?
> 
> Otherwise, if special-casing this is required, sorry: I'm not
> familiar
> enough with i386-options.cc to know if the patch is correct.
> 
> > 
> > Thanks to fix this issue.
> 
> Dave

Re: [PATCH] libgccjit: Fix ira cost segfault

[Antoni Boucher]

This patch is indeed not necessary anymore.

On Wed, 2024-01-10 at 09:32 -0500, David Malcolm wrote:
> On Wed, 2024-01-10 at 09:30 -0500, David Malcolm wrote:
> > On Thu, 2023-11-16 at 17:28 -0500, Antoni Boucher wrote:
> > > Hi.
> > > This patch fixes a segfault that happens when compiling librsvg
> > > (more
> > > specifically its dependency aho-corasick) with rustc_codegen_gcc
> > > (bug
> > > 112575).
> > > I was not able to create a reproducer for this bug: I'm assuming
> > > I
> > > might need to concat all the reproducers together in the same
> > > file
> > > in
> > > order to be able to reproduce the issue.
> > 
> > Hi Antoni
> > 
> > Thanks for the patch; sorry for missing it before.
> > 
> > CCing the i386 maintainers; quoting the patch here to give them
> > context:
> 
> Oops; actually adding them to the CC this time; sorry.
> 
> > 
> > > From e0f4f51682266bc9f507afdb64908ed3695a2f5e Mon Sep 17 00:00:00
> > > 2001
> > > From: Antoni Boucher <bouanto@zoho.com>
> > > Date: Thu, 2 Nov 2023 17:18:35 -0400
> > > Subject: [PATCH] libgccjit: Fix ira cost segfault
> > > 
> > > gcc/ChangeLog:
> > >         PR jit/112575
> > >         * config/i386/i386-options.cc
> > > (ix86_option_override_internal):
> > >         Cleanup target_attribute_cache.
> > > ---
> > >  gcc/config/i386/i386-options.cc | 6 ++++++
> > >  1 file changed, 6 insertions(+)
> > > 
> > > diff --git a/gcc/config/i386/i386-options.cc
> > > b/gcc/config/i386/i386-options.cc
> > > index df7d24352d1..f596c0fb53c 100644
> > > --- a/gcc/config/i386/i386-options.cc
> > > +++ b/gcc/config/i386/i386-options.cc
> > > @@ -3070,6 +3070,12 @@ ix86_option_override_internal (bool
> > > main_args_p,
> > >         = opts->x_flag_unsafe_math_optimizations;
> > >        target_option_default_node = target_option_current_node
> > >          = build_target_option_node (opts, opts_set);
> > > +      /* TODO: check if this is the correct location.  It should
> > > probably be in
> > > +        some finalizer function, but I don't
> > > +        know if there's one.  */
> > > +      target_attribute_cache[0] = NULL;
> > > +      target_attribute_cache[1] = NULL;
> > > +      target_attribute_cache[2] = NULL;
> > >      }
> > >  
> > >    if (opts->x_flag_cf_protection != CF_NONE)
> > > -- 
> > > 2.42.1
> > > 
> > 
> > Presumably this happens when there's more than one in-process
> > invocation of the compiler code (via libgccjit).
> > 
> > > 
> > > I'm also not sure I put the cleanup in the correct location.
> > > Is there any finalizer function for target specific code?
> > 
> > As you know (but the i386 maintainers might not), to allow multiple
> > in-
> > process invocations of the compiler code (for libgccjit) we've been
> > putting code to reset global state in various
> > {filename_cc}_finalize
> > functions called from toplev::finalize (see the end of toplev.cc).
> > 
> > There doesn't seem to be any kind of hook at this time for calling
> > target-specific cleanups from toplev::finalize.
> > 
> > However, as of r14-4003-geaa8e8541349df ggc_common_finalize zeroes
> > everything marked with GTY.  The array target_attribute_cache does
> > have
> > a GTY marking, so perhaps as of that commit this patch isn't
> > necessary?
> > 
> > Otherwise, if special-casing this is required, sorry: I'm not
> > familiar
> > enough with i386-options.cc to know if the patch is correct.
> > 
> > > 
> > > Thanks to fix this issue.
> > 
> > Dave
>