diff options
author | David Malcolm <dmalcolm@redhat.com> | 2023-09-14 16:28:44 -0400 |
---|---|---|
committer | David Malcolm <dmalcolm@redhat.com> | 2023-09-14 16:28:44 -0400 |
commit | eaa8e8541349df5ea326afa861c97b70ebc47f6b (patch) | |
tree | e09c5a9fdd2544a49079acaa0222f457d2579c90 /config-ml.in | |
parent | d8b4d6c9de8324dfa56933c2bc95694254cb736d (diff) | |
download | gcc-eaa8e8541349df5ea326afa861c97b70ebc47f6b.zip gcc-eaa8e8541349df5ea326afa861c97b70ebc47f6b.tar.gz gcc-eaa8e8541349df5ea326afa861c97b70ebc47f6b.tar.bz2 |
ggc, jit: forcibly clear GTY roots in jit
As part of Antoyo's work on supporting LTO in rustc_codegen_gcc, he
noticed an ICE inside libgccjit when compiling certain rust files.
Debugging libgccjit showed that outdated information from a previous
in-memory compile was referring to ad-hoc locations in the previous
compile's line_table.
The issue turned out to be the function decls in internal_fn_fnspec_array
from the previous compile keeping alive the symtab nodes for these
functions, and from this finding other functions in the previous
compile, walking their CFGs, and finding ad-hoc data pointers in an edge
with a location_t using ad-hoc data from the previous line_table
instance, and thus a use-after-free ICE attempting to use this ad-hoc
data.
Previously in toplev::finalize we've fixed global state "piecemeal" by
calling out to individual source_name_cc_finalize functions. However,
it occurred to me that we have run-time information on where the
GTY-marked pointers are.
Hence this patch takes something of a "big hammer" approach by adding a
new ggc_common_finalize that walks the GC roots, zeroing all of the
pointers. I stepped through this in the debugger and observed that, in
particular, this correctly zeroes the internal_fn_fnspec_array at the end
of a libgccjit compile. Antoyo reports that this fixes the ICE for him.
Doing so uncovered an ICE with libgccjit in dwarf2cfi.cc due to reuse of
global variables from the previous compile, which this patch also fixes.
I noticed that in ggc_mark_roots when clearing deletable roots we only
clear the initial element in each gcc_root_tab_t. This looks like a
latent bug to me, which the patch fixes. That said, there don't seem to
be any deletable roots where the number of elements != 1.
gcc/ChangeLog:
* dwarf2cfi.cc (dwarf2cfi_cc_finalize): New.
* dwarf2out.h (dwarf2cfi_cc_finalize): New decl.
* ggc-common.cc (ggc_mark_roots): Multiply by rti->nelt when
clearing the deletable gcc_root_tab_t.
(ggc_common_finalize): New.
* ggc.h (ggc_common_finalize): New decl.
* toplev.cc (toplev::finalize): Call dwarf2cfi_cc_finalize and
ggc_common_finalize.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diffstat (limited to 'config-ml.in')
0 files changed, 0 insertions, 0 deletions