From patchwork Wed Jul 28 22:06:52 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mikael Morin <mikael.morin@sfr.fr>
X-Patchwork-Id: 60179
Return-Path: 
 <gcc-patches-return-269229-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	by ozlabs.org (Postfix) with SMTP id 0341EB6EF7
	for <incoming@patchwork.ozlabs.org>;
	Thu, 29 Jul 2010 08:07:56 +1000 (EST)
Received: (qmail 12385 invoked by alias); 28 Jul 2010 22:07:54 -0000
Received: (qmail 12369 invoked by uid 22791); 28 Jul 2010 22:07:52 -0000
X-SWARE-Spam-Status: No, hits=-0.5 required=5.0	tests=AWL, BAYES_00,
	RCVD_IN_DNSWL_NONE, SPF_NEUTRAL, T_RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Received: from smtp21.services.sfr.fr (HELO smtp21.services.sfr.fr)
	(93.17.128.2) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP;
	Wed, 28 Jul 2010 22:07:14 +0000
Received: from filter.sfr.fr (localhost [127.0.0.1])	by msfrf2122.sfr.fr
	(SMTP Server) with ESMTP id 9478D7000087;
	Thu, 29 Jul 2010 00:07:12 +0200 (CEST)
Received: from gimli.local (199.15.72-86.rev.gaoland.net [86.72.15.199])	by
	msfrf2122.sfr.fr (SMTP Server) with ESMTP id 04F027000085;
	Thu, 29 Jul 2010 00:07:10 +0200 (CEST)
X-SFR-UUID: 20100728220711203.04F027000085@msfrf2122.sfr.fr
Message-ID: <4C50A9FC.7040002@sfr.fr>
Date: Thu, 29 Jul 2010 00:06:52 +0200
From: Mikael Morin <mikael.morin@sfr.fr>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; fr-FR;
	rv:1.9.1.11) Gecko/20100725 Thunderbird/3.0.6
MIME-Version: 1.0
To: "fortran@gcc.gnu.org" <fortran@gcc.gnu.org>,
	gcc-patches <gcc-patches@gcc.gnu.org>
Subject: [Patch, fortran] PR 42051 : Access to freed symbols.
X-IsSubscribed: yes
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org

Hello,

This patch fixes the PRs 42051 & 44064, where symbols were freed to soon.
As explained in http://gcc.gnu.org/bugzilla/show_bug.cgi?id=42051#c13,
gfc_find_derived_vtab was creating new symbols but was not committing 
them, so that they were removed at the next gfc_undo_symbols call.
The fix is obvious: commit the symbols.

The testcase provided was needing valgrind to show the error (no 
segfault) with me, but I add it anyway, just in case.

Regression testing in progress. OK for trunk when done ?
Mikael
2010-07-28  Mikael Morin  <mikael@gcc.gnu.org>

	PR fortran/42051
	PR fortran/44064
	* class.c (gfc_find_derived_vtab): Accept or discard newly created
	symbols before returning.

! { dg-do compile }
! { dg-options "-fno-whole-file" }
!
! PR fortran/42051
! PR fortran/44064
! Access to freed symbols
!
! Testcase provided by Damian Rouson <damian@rouson.net>,
! reduced by Janus Weil <janus@gcc.gnu.org>.

module grid_module
  implicit none 
  type grid
  end type
  type field
    type(grid) :: mesh
  end type
contains
  real function return_x(this)
    class(grid) :: this
  end function
end module 

module field_module
  use grid_module, only: field,return_x
  implicit none 
contains
  subroutine output(this)
    class(field) :: this
    print *,return_x(this%mesh)
  end subroutine
end module

end

! { dg-final { cleanup-modules "grid_module field_module" } }

Index: class.c
===================================================================
--- class.c	(revision 162648)
+++ class.c	(working copy)
@@ -321,7 +321,7 @@ gfc_symbol *
 gfc_find_derived_vtab (gfc_symbol *derived)
 {
   gfc_namespace *ns;
-  gfc_symbol *vtab = NULL, *vtype = NULL;
+  gfc_symbol *vtab = NULL, *vtype = NULL, *found_sym = NULL;
   char name[2 * GFC_MAX_SYMBOL_LEN + 8];
 
   ns = gfc_current_ns;
@@ -356,13 +356,13 @@ gfc_find_derived_vtab (gfc_symbol *derived)
 	      gfc_get_symbol (name, ns, &vtype);
 	      if (gfc_add_flavor (&vtype->attr, FL_DERIVED,
 				  NULL, &gfc_current_locus) == FAILURE)
-		return NULL;
+		goto cleanup;
 	      vtype->refs++;
 	      gfc_set_sym_referenced (vtype);
 
 	      /* Add component '$hash'.  */
 	      if (gfc_add_component (vtype, "$hash", &c) == FAILURE)
-		return NULL;
+		goto cleanup;
 	      c->ts.type = BT_INTEGER;
 	      c->ts.kind = 4;
 	      c->attr.access = ACCESS_PRIVATE;
@@ -371,7 +371,7 @@ gfc_find_derived_vtab (gfc_symbol *derived)
 
 	      /* Add component '$size'.  */
 	      if (gfc_add_component (vtype, "$size", &c) == FAILURE)
-		return NULL;
+		goto cleanup;
 	      c->ts.type = BT_INTEGER;
 	      c->ts.kind = 4;
 	      c->attr.access = ACCESS_PRIVATE;
@@ -384,7 +384,7 @@ gfc_find_derived_vtab (gfc_symbol *derived)
 
 	      /* Add component $extends.  */
 	      if (gfc_add_component (vtype, "$extends", &c) == FAILURE)
-		return NULL;
+		goto cleanup;
 	      c->attr.pointer = 1;
 	      c->attr.access = ACCESS_PRIVATE;
 	      parent = gfc_get_derived_super_type (derived);
@@ -414,7 +414,17 @@ gfc_find_derived_vtab (gfc_symbol *derived)
 	}
     }
 
-  return vtab;
+  found_sym = vtab;
+
+cleanup:
+  /* It is unexpected to have some symbols added at resolution or code
+     generation time. We commit the changes in order to keep a clean state.  */
+  if (found_sym)
+    gfc_commit_symbols ();
+  else
+    gfc_undo_symbols ();
+
+  return found_sym;
 }