From patchwork Thu Oct 20 10:14:08 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jan Kratochvil <jan.kratochvil@redhat.com>
X-Patchwork-Id: 120782
Return-Path: 
 <gcc-patches-return-305057-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	by ozlabs.org (Postfix) with SMTP id 7D1B2B708F
	for <incoming@patchwork.ozlabs.org>;
	Thu, 20 Oct 2011 21:14:35 +1100 (EST)
Received: (qmail 20149 invoked by alias); 20 Oct 2011 10:14:32 -0000
Received: (qmail 20131 invoked by uid 22791); 20 Oct 2011 10:14:30 -0000
X-SWARE-Spam-Status: No, hits=-6.8 required=5.0	tests=AWL, BAYES_00,
	RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, SPF_HELO_PASS
X-Spam-Check-By: sourceware.org
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by
	sourceware.org (qpsmtpd/0.43rc1) with ESMTP;
	Thu, 20 Oct 2011 10:14:11 +0000
Received: from int-mx12.intmail.prod.int.phx2.redhat.com
	(int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25])	by
	mx1.redhat.com (8.14.4/8.14.4) with ESMTP id
	p9KAEBWL015836	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA
	bits=256 verify=OK)	for <gcc-patches@gcc.gnu.org>;
	Thu, 20 Oct 2011 06:14:11 -0400
Received: from host1.jankratochvil.net (ovpn-116-16.ams2.redhat.com
	[10.36.116.16])	by int-mx12.intmail.prod.int.phx2.redhat.com
	(8.14.4/8.14.4) with ESMTP id
	p9KAE9A3009355	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA
	bits=256 verify=NO)	for <gcc-patches@gcc.gnu.org>;
	Thu, 20 Oct 2011 06:14:10 -0400
Received: from host1.jankratochvil.net (localhost [127.0.0.1])	by
	host1.jankratochvil.net (8.14.4/8.14.4) with ESMTP id
	p9KAE8Og005834	for <gcc-patches@gcc.gnu.org>;
	Thu, 20 Oct 2011 12:14:08 +0200
Received: (from jkratoch@localhost)	by host1.jankratochvil.net
	(8.14.4/8.14.4/Submit) id p9KAE83k005829	for
	gcc-patches@gcc.gnu.org; Thu, 20 Oct 2011 12:14:08 +0200
Date: Thu, 20 Oct 2011 12:14:08 +0200
From: Jan Kratochvil <jan.kratochvil@redhat.com>
To: gcc-patches@gcc.gnu.org
Subject: [patch] dwarf2out crash: missing GTY? (PR 50806)
Message-ID: <20111020101408.GA5751@host1.jankratochvil.net>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
X-IsSubscribed: yes
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org

Hi,

with custom patched dwarf2out.c I got a crash on memory mangled by the garbage
collector.  With patched GTY there the crash no longer happened - but I do not
have a reproducer anymore, sorry if it is a bogus patch.

The memory corrupted later was initially allocated and stored into
mem_loc_result->dw_loc_oprnd1.v.val_loc.  I do not think there is any other
reference to it than that field with no GTY.

GIT 33e7b55c2549d655d88ec64c06c51912d0d07527
gcc (GCC) 4.7.0 20111002 (experimental)

11900         mem_loc_result->dw_loc_oprnd1.v.val_loc = op0;
(gdb) bt
#0  mem_loc_descriptor (rtl=, mode=SImode, mem_mode=VOIDmode, initialized=VAR_INIT_STATUS_INITIALIZED) at gcc/dwarf2out.c:11900
#1  in loc_descriptor (rtl=, mode=SImode, initialized=VAR_INIT_STATUS_INITIALIZED) at gcc/dwarf2out.c:12790
#2  in loc_descriptor (rtl=, mode=SImode, initialized=VAR_INIT_STATUS_INITIALIZED) at gcc/dwarf2out.c:12614
#3  in dw_loc_list_1 (loc=, varloc=, want_address=2, initialized=VAR_INIT_STATUS_INITIALIZED) at gcc/dwarf2out.c:12889
#4  in dw_loc_list (loc_list=, decl=, want_address=2) at gcc/dwarf2out.c:13145
#5  in loc_list_from_tree (loc=, want_address=2) at gcc/dwarf2out.c:13538
#6  in add_location_or_const_value_attribute (die=, decl=, cache_p=0 '\000', attr=DW_AT_location) at gcc/dwarf2out.c:15048
#7  in gen_formal_parameter_die (node=, origin=0x0, emit_name_p=1 '\001', context_die=) at gcc/dwarf2out.c:16804
#8  in gen_decl_die (decl=, origin=0x0, context_die=) at gcc/dwarf2out.c:19632
#9  in gen_subprogram_die (decl=, context_die=) at gcc/dwarf2out.c:17560
#10 in gen_decl_die (decl=, origin=0x0, context_die=) at gcc/dwarf2out.c:19545
#11 in dwarf2out_decl (decl=) at gcc/dwarf2out.c:19919
#12 in dwarf2out_function_decl (decl=) at gcc/dwarf2out.c:19927
#13 in rest_of_handle_final () at gcc/final.c:4252
#14 in execute_one_pass (pass=0x4dbe120) at gcc/passes.c:2064
#15 in execute_pass_list (pass=0x4dbe120) at gcc/passes.c:2119
#16 in execute_pass_list (pass=0x4dbef00) at gcc/passes.c:2120
#17 in execute_pass_list (pass=0x4dbeea0) at gcc/passes.c:2120
#18 in tree_rest_of_compilation (fndecl=) at gcc/tree-optimize.c:420
#19 in cgraph_expand_function (node=) at gcc/cgraphunit.c:1803
#20 in cgraph_expand_all_functions () at gcc/cgraphunit.c:1862
#21 in cgraph_optimize () at gcc/cgraphunit.c:2133
#22 in cgraph_finalize_compilation_unit () at gcc/cgraphunit.c:1310
#23 in c_write_global_declarations () at gcc/c-decl.c:9936
#24 in compile_file () at gcc/toplev.c:581
#25 in do_compile () at gcc/toplev.c:1925
#26 in toplev_main (argc=101, argv=) at gcc/toplev.c:2001
#27 in main (argc=101, argv=) at gcc/main.c:36

It was later freed (watchpoint hit) by:

(gdb) bt
#0  __memset_sse2 () at ../sysdeps/x86_64/memset.S:333
#1  in poison_pages () at gcc/ggc-page.c:1845
#2  in ggc_collect () at gcc/ggc-page.c:1938
#3  in execute_todo (flags=2) at gcc/passes.c:1763
#4  in execute_one_pass (pass=0x4dbce80) at gcc/passes.c:2087
#5  in execute_pass_list (pass=0x4dbce80) at gcc/passes.c:2119
#6  in tree_rest_of_compilation (fndecl=) at gcc/tree-optimize.c:420
#7  in cgraph_expand_function (node=) at gcc/cgraphunit.c:1803
#8  in cgraph_expand_all_functions () at gcc/cgraphunit.c:1862
#9  in cgraph_optimize () at gcc/cgraphunit.c:2133
#10 in cgraph_finalize_compilation_unit () at gcc/cgraphunit.c:1310
#11 in c_write_global_declarations () at gcc/c-decl.c:9936
#12 in compile_file () at gcc/toplev.c:581
#13 in do_compile () at gcc/toplev.c:1925
#14 in toplev_main (argc=101, argv=) at gcc/toplev.c:2001
#15 in main (argc=101, argv=) at gcc/main.c:36

And later it crashed on the mangled memory.


OK to check it in?  No regression testing done.


Thanks,
Jan


gcc/
2011-10-20  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* dwarf2out.c (struct dw_loc_list_struct): Add GTY for expr;

--- a/gcc/dwarf2out.c
+++ b/gcc/dwarf2out.c
@@ -1211,7 +1210,7 @@ typedef struct GTY(()) dw_loc_list_struct {
   char *ll_symbol; /* Label for beginning of location list.
 		      Only on head of list */
   const char *section; /* Section this loclist is relative to */
-  dw_loc_descr_ref expr;
+  dw_loc_descr_ref GTY(()) expr;
   hashval_t hash;
   /* True if all addresses in this and subsequent lists are known to be
      resolved.  */