From patchwork Tue Jan 31 08:19:15 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Jelinek X-Patchwork-Id: 138713 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) by ozlabs.org (Postfix) with SMTP id 58170B6EEE for ; Tue, 31 Jan 2012 19:20:12 +1100 (EST) Comment: DKIM? See http://www.dkim.org DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=gcc.gnu.org; s=default; x=1328602813; h=Comment: DomainKey-Signature:Received:Received:Received:Received:Received: Received:Received:Date:From:To:Cc:Subject:Message-ID:Reply-To: MIME-Version:Content-Type:Content-Disposition:User-Agent: Mailing-List:Precedence:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:Sender:Delivered-To; bh=EgsUiC2tvsPdTrXawuXP AwfXWJY=; b=Ti9+vkXbh0/DcHkMkHt/fq0boCVrBkKAODfTJn8gRbKJLS8JVu5Q j3qbvuk3xC88w+4ABNIFLKS7u5ZBwX1druhKLDd8pUltulyhbhcleP4KVXqhG+uk pfrCRhdMgAzuUHp4A16Vy1MpLvqjO3IAzw56kKKX+3WooQSYcSQTn8g= Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gcc.gnu.org; h=Received:Received:X-SWARE-Spam-Status:X-Spam-Check-By:Received:Received:Received:Received:Received:Date:From:To:Cc:Subject:Message-ID:Reply-To:MIME-Version:Content-Type:Content-Disposition:User-Agent:X-IsSubscribed:Mailing-List:Precedence:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:Sender:Delivered-To; b=KX7/tMbX+KKIaWOLXBDITwkRTmLZYlDcvyUeuRvQuaQcuoaToMU3BVBUsuCqgF vvcP9qap9zwTeuU3Hy8ZROK2FP76q0yIu1u8W1Q8Enog8fFsTaWsCVWwnnKmHa4J ts8g8Lt+KnJKDpJFxKWw8ltiNrW62W6BvOJrz7/xdjYRA=; Received: (qmail 13285 invoked by alias); 31 Jan 2012 08:20:04 -0000 Received: (qmail 13147 invoked by uid 22791); 31 Jan 2012 08:20:00 -0000 X-SWARE-Spam-Status: No, hits=-6.7 required=5.0 tests=AWL, BAYES_00, RCVD_IN_DNSWL_HI, SPF_HELO_PASS, T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 31 Jan 2012 08:19:42 +0000 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q0V8JJFd015493 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 31 Jan 2012 03:19:19 -0500 Received: from tyan-ft48-01.lab.bos.redhat.com (tyan-ft48-01.lab.bos.redhat.com [10.16.42.4]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id q0V8JIhm015458 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 31 Jan 2012 03:19:18 -0500 Received: from tyan-ft48-01.lab.bos.redhat.com (tyan-ft48-01.lab.bos.redhat.com [127.0.0.1]) by tyan-ft48-01.lab.bos.redhat.com (8.14.4/8.14.4) with ESMTP id q0V8JGu3024896; Tue, 31 Jan 2012 09:19:17 +0100 Received: (from jakub@localhost) by tyan-ft48-01.lab.bos.redhat.com (8.14.4/8.14.4/Submit) id q0V8JFDh024894; Tue, 31 Jan 2012 09:19:15 +0100 Date: Tue, 31 Jan 2012 09:19:15 +0100 From: Jakub Jelinek To: Eric Botcazou , Richard Guenther Cc: gcc-patches@gcc.gnu.org Subject: [PATCH] Fix REE from using freed memory (PR bootstrap/52041) Message-ID: <20120131081915.GL18768@tyan-ft48-01.lab.bos.redhat.com> Reply-To: Jakub Jelinek MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-IsSubscribed: yes Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Hi! find_removable_extensions/add_removable_extensions was storing pointers into the *insn_list vector in def_map array. Unfortunately when the vector is reallocated, this may result in all the pointers pointing into freed memory. Detected by valgrind, fixed by instead just storing the vector indexes (+ 1, so that 0 means former NULL), bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk? For 4.8 I think the def_map array could be dropped altogether, now that we keep the UD/DU links, but this change looks smaller and safer. 2012-01-31 Jakub Jelinek PR bootstrap/52041 PR bootstrap/52039 PR target/51974 * ree.c (add_removable_extension): Change def_map argument to unsigned *, store in def_map 1 + offset into *insn_list vector instead of pointers into the vector. (find_removable_extensions): Adjust caller. Jakub --- gcc/ree.c.jj 2012-01-30 00:10:01.205444366 +0100 +++ gcc/ree.c 2012-01-30 22:54:00.864425203 +0100 @@ -747,10 +747,11 @@ combine_reaching_defs (ext_cand *cand, c static void add_removable_extension (const_rtx expr, rtx insn, VEC (ext_cand, heap) **insn_list, - ext_cand **def_map) + unsigned *def_map) { enum rtx_code code; enum machine_mode mode; + unsigned int idx; rtx src, dest; /* We are looking for SET (REG N) (ANY_EXTEND (REG N)). */ @@ -786,7 +787,8 @@ add_removable_extension (const_rtx expr, /* Second, make sure the reaching definitions don't feed another and different extension. FIXME: this obviously can be improved. */ for (def = defs; def; def = def->next) - if ((cand = def_map[INSN_UID(DF_REF_INSN (def->ref))]) + if ((idx = def_map[INSN_UID(DF_REF_INSN (def->ref))]) + && (cand = VEC_index (ext_cand, *insn_list, idx - 1)) && (cand->code != code || cand->mode != mode)) { if (dump_file) @@ -805,9 +807,10 @@ add_removable_extension (const_rtx expr, cand->code = code; cand->mode = mode; cand->insn = insn; + idx = VEC_length (ext_cand, *insn_list); for (def = defs; def; def = def->next) - def_map[INSN_UID(DF_REF_INSN (def->ref))] = cand; + def_map[INSN_UID(DF_REF_INSN (def->ref))] = idx; } } @@ -820,7 +823,7 @@ find_removable_extensions (void) VEC (ext_cand, heap) *insn_list = NULL; basic_block bb; rtx insn, set; - ext_cand **def_map = XCNEWVEC (ext_cand *, max_insn_uid); + unsigned *def_map = XCNEWVEC (unsigned, max_insn_uid); FOR_EACH_BB (bb) FOR_BB_INSNS (bb, insn)