The was_finalized tracking mechanism was introduced in commit 1af22e4 to
prevent duplicate finalization of the same expression+component combination
within a namespace. However, this mechanism had a flaw: it
stored gfc_expr* pointers that could become stale, leading to use-after-free
bugs and compiled code memory leaks as reported in PR120637.
Upon analysis, this tracking mechanism is redundant because the finalization
logic already handles proper scoping and lifetime management.
The original problem that commit 1af22e4 was trying to solve is better
handled by the existing finalization logic without needing to cache
expression pointers.
This change removes the problematic caching mechanism while maintaining
correct finalization behavior. The test case from the original commit
(finalize_36.f90) continues to pass, confirming that the memory leak
originally fixed is still resolved without the redundant tracking.
PR fortran/120637
gcc/fortran/ChangeLog:
* class.cc (finalize_component): Remove redundant was_finalized
check and tracking code.
* gfortran.h (gfc_was_finalized): Remove structure definition.
(gfc_namespace): Remove was_finalized field.
* symbol.cc (gfc_free_namespace): Remove was_finalized cleanup code.
---
gcc/fortran/class.cc | 16 ----------------
gcc/fortran/gfortran.h | 11 -----------
gcc/fortran/symbol.cc | 10 ----------
3 files changed, 37 deletions(-)
diff --git a/gcc/fortran/class.cc b/gcc/fortran/class.cc
index df18601e45b..af6ac3c1e99 100644
--- a/gcc/fortran/class.cc
+++ b/gcc/fortran/class.cc
@@ -1041,19 +1041,10 @@ finalize_component (gfc_expr *expr, gfc_symbol
*derived, gfc_component *comp,
{
gfc_expr *e;
gfc_ref *ref;
- gfc_was_finalized *f;
if (!comp_is_finalizable (comp))
return;
- /* If this expression with this component has been finalized
- already in this namespace, there is nothing to do. */
- for (f = sub_ns->was_finalized; f; f = f->next)
- {
- if (f->e == expr && f->c == comp)
- return;
- }
-
e = gfc_copy_expr (expr);
if (!e->ref)
e->ref = ref = gfc_get_ref ();
@@ -1227,13 +1218,6 @@ finalize_component (gfc_expr *expr, gfc_symbol *derived,
gfc_component *comp,
sub_ns);
gfc_free_expr (e);
}
-
- /* Record that this was finalized already in this namespace. */
- f = sub_ns->was_finalized;
- sub_ns->was_finalized = XCNEW (gfc_was_finalized);
- sub_ns->was_finalized->e = expr;
- sub_ns->was_finalized->c = comp;
- sub_ns->was_finalized->next = f;
}
diff --git a/gcc/fortran/gfortran.h b/gcc/fortran/gfortran.h
index f73b5f9c23f..97cbac4f5d9 100644
--- a/gcc/fortran/gfortran.h
+++ b/gcc/fortran/gfortran.h
@@ -2205,15 +2205,7 @@ gfc_oacc_routine_name;
#define gfc_get_oacc_routine_name() XCNEW (gfc_oacc_routine_name)
-/* Node in linked list to see what has already been finalized
- earlier. */
-typedef struct gfc_was_finalized {
- gfc_expr *e;
- gfc_component *c;
- struct gfc_was_finalized *next;
-}
-gfc_was_finalized;
/* A namespace describes the contents of procedure, module, interface block
or BLOCK construct. */
@@ -2317,10 +2309,7 @@ typedef struct gfc_namespace
struct gfc_omp_assumptions *omp_assumes;
struct gfc_omp_namelist *omp_allocate;
- /* A hash set for the gfc expressions that have already
- been finalized in this namespace. */
- gfc_was_finalized *was_finalized;
/* Set to 1 if namespace is a BLOCK DATA program unit. */
unsigned is_block_data:1;
diff --git a/gcc/fortran/symbol.cc b/gcc/fortran/symbol.cc
index 81aa81df2ee..29c5deeb6d2 100644
--- a/gcc/fortran/symbol.cc
+++ b/gcc/fortran/symbol.cc
@@ -4198,7 +4198,6 @@ gfc_free_namespace (gfc_namespace *&ns)
{
gfc_namespace *p, *q;
int i;
- gfc_was_finalized *f;
if (ns == NULL)
return;
@@ -4233,15 +4232,6 @@ gfc_free_namespace (gfc_namespace *&ns)
gfc_free_data (ns->data);
- /* Free all the expr + component combinations that have been
- finalized. */
- f = ns->was_finalized;
- while (f)
- {
- gfc_was_finalized* current = f;
- f = f->next;
- free (current);
- }
if (ns->omp_assumes)
{
free (ns->omp_assumes->absent);
--
2.49.0
