[Bug c++/112968] Valgrind error on libstdc++-v3/testsuite/18_support/comparisons/object/93479.cc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112968 Jakub Jelinek changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED --- Comment #5 from Jakub Jelinek --- Fixed.
[Bug c++/112968] Valgrind error on libstdc++-v3/testsuite/18_support/comparisons/object/93479.cc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112968 --- Comment #4 from GCC Commits --- The master branch has been updated by Jakub Jelinek : https://gcc.gnu.org/g:7ff33c609a64319583223d6d39a89e971f993ecf commit r14-6529-g7ff33c609a64319583223d6d39a89e971f993ecf Author: Jakub Jelinek Date: Thu Dec 14 07:57:34 2023 +0100 c++: Fix tinst_level::to_list [PR112968] With valgrind checking, there are various errors reported on some C++26 libstdc++ tests, like: ==2009913== Conditional jump or move depends on uninitialised value(s) ==2009913==at 0x914C59: gt_ggc_mx_lang_tree_node(void*) (gt-cp-tree.h:107) ==2009913==by 0x8AB7A5: gt_ggc_mx_tinst_level(void*) (gt-cp-pt.h:32) ==2009913==by 0xB89B25: ggc_mark_root_tab(ggc_root_tab const*) (ggc-common.cc:75) ==2009913==by 0xB89DF4: ggc_mark_roots() (ggc-common.cc:104) ==2009913==by 0x9D6311: ggc_collect(ggc_collect) (ggc-page.cc:2227) ==2009913==by 0xDB70F6: execute_one_pass(opt_pass*) (passes.cc:2738) ==2009913==by 0xDB721F: execute_pass_list_1(opt_pass*) (passes.cc:2755) ==2009913==by 0xDB7258: execute_pass_list(function*, opt_pass*) (passes.cc:2766) ==2009913==by 0xA55525: cgraph_node::analyze() (cgraphunit.cc:695) ==2009913==by 0xA57CC7: analyze_functions(bool) (cgraphunit.cc:1248) ==2009913==by 0xA5890D: symbol_table::finalize_compilation_unit() (cgraphunit.cc:2555) ==2009913==by 0xEB02A1: compile_file() (toplev.cc:473) I think the problem is in the tinst_level::to_list optimization from 2018. That function returns a TREE_LIST with TREE_PURPOSE/TREE_VALUE filled in. Either it freshly allocates using build_tree_list (NULL, NULL); + stores TREE_PURPOSE/TREE_VALUE, that case is fine (the whole tree_list object is zeros, except for TREE_CODE set to TREE_LIST and TREE_PURPOSE/TREE_VALUE modified later; the above also means in particular TREE_TYPE of it is NULL and TREE_CHAIN is NULL and both are accessible/initialized even in valgrind annotations. Or it grabs a TREE_LIST node from a freelist. If defined(ENABLE_GC_CHECKING), the object is still all zeros except for TREE_CODE/TREE_PURPOSE/TREE_VALUE like in the fresh allocation case (but unlike the build_tree_list case in the valgrind annotations TREE_TYPE and TREE_CHAIN are marked as uninitialized). If !defined(ENABLE_GC_CHECKING), I believe the actual memory content is that everything but TREE_CODE/TREE_PURPOSE/TREE_VALUE/TREE_CHAIN is zeros and TREE_CHAIN is something random (whatever next entry is in the freelist, nothing overwrote it) and from valgrind POV again, TREE_TYPE and TREE_CHAIN are marked as uninitialized. When using the other freelist instantiations (pending_template and tinst_level) I believe everything is correct, from valgrind POV it marks the whole pending_template or tinst_level as uninitialized, but the caller initializes it all). One way to fix this would be let tinst_level::to_list not store just TREE_PURPOSE (ret) = tldcl; TREE_VALUE (ret) = targs; but also TREE_TYPE (ret) = NULL_TREE; TREE_CHAIN (ret) = NULL_TREE; Though, that seems like wasted effort in the build_tree_list case to me. So, the following patch instead does that TREE_CHAIN = NULL_TREE store only in the case where it isn't already done (and likewise for TREE_TYPE just to be sure) and marks both TREE_CHAIN and TREE_TYPE as initialized (the latter is at that spot, the former is because we never really touch TREE_TYPE of a TREE_LIST anywhere and so the NULL gets stored into the freelist and restored from there (except for ENABLE_GC_CHECKING where it is poisoned and then cleared again). 2023-12-14 Jakub Jelinek PR c++/112968 * pt.cc (freelist::reinit): Make whole obj->common defined for valgrind annotations rather than just obj->base, and do it even for ENABLE_GC_CHECKING. If not ENABLE_GC_CHECKING, clear TREE_CHAIN (obj) and TREE_TYPE (obj).
[Bug c++/112968] Valgrind error on libstdc++-v3/testsuite/18_support/comparisons/object/93479.cc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112968
Jakub Jelinek changed:
What|Removed |Added
CC||aoliva at gcc dot gnu.org,
||jason at gcc dot gnu.org,
||ppalka at gcc dot gnu.org
--- Comment #3 from Jakub Jelinek ---
I believe the bug is in
https://gcc.gnu.org/legacy-ml/gcc-patches/2018-04/msg00709.html
aka r8-7885-ga56e2f69fede451499cfcbb58bab7687e4b1643a
When tinst_level::to_list is called, if it allocates new TREE_LIST, all is
fine, but
otherwise it goes through:
tree ret = tree_list_freelist ().alloc ();
TREE_PURPOSE (ret) = tldcl;
TREE_VALUE (ret) = targs;
where alloc does
T *obj = head;
head = next (head);
reinit (obj);
return obj;
and
template <>
inline void
freelist::reinit (tree obj ATTRIBUTE_UNUSED)
{
tree_base *b ATTRIBUTE_UNUSED = >base;
#ifdef ENABLE_GC_CHECKING
gcc_checking_assert (TREE_CODE (obj) == TREE_LIST);
VALGRIND_DISCARD (VALGRIND_MAKE_MEM_UNDEFINED (obj, sizeof (tree_list)));
memset (obj, 0, sizeof (tree_list));
#endif
/* Let valgrind know the entire object is available, but
uninitialized. */
VALGRIND_DISCARD (VALGRIND_MAKE_MEM_UNDEFINED (obj, sizeof (tree_list)));
#ifdef ENABLE_GC_CHECKING
TREE_SET_CODE (obj, TREE_LIST);
#else
VALGRIND_DISCARD (VALGRIND_MAKE_MEM_DEFINED (b, sizeof (*b)));
#endif
}
Now, tree_list is:
struct GTY(()) tree_list {
struct tree_common common;
tree purpose;
tree value;
};
struct GTY(()) tree_common {
struct tree_typed typed;
tree chain;
};
struct GTY(()) tree_typed {
struct tree_base base;
tree type;
};
and the 2 stores to TREE_PURPOSE/TREE_VALUE afterwards initialize those 2, so I
believe
this leaves from valgrind annotation POV TREE_TYPE and TREE_CHAIN of the
TREE_LIST allocated from the freelist uninitialized (even when it actually is
in reality initialized from the initial build_tree_list call before it got put
into the cache).
I must say it is unclear what should be TREE_CHAIN value after
tinst_level::to_list
and what should be TREE_TYPE. Right now it is sometimes well defined NULL and
NULL (if we allocated it freshly), sometimes NULL and NULL with valgrind think
it is uninitialized (if ENABLE_GC_CHECKING where reinit clears the whole object
and sets TREE_CODE again) and sometimes garbage with valgrind thinking it is
undefined (otherwise).
After pending_template_freelist ().alloc (); we already clear pt->next = NULL;
and
similarly after tinst_level_freelist ().alloc (); we clear new_level->next =
NULL;
so I think it is just the tree_list case.
So, wonder about
--- gcc/cp/pt.cc.jj 2023-12-11 23:52:03.592513063 +0100
+++ gcc/cp/pt.cc2023-12-12 16:40:09.259903877 +0100
@@ -9525,7 +9525,7 @@ template <>
inline void
freelist::reinit (tree obj ATTRIBUTE_UNUSED)
{
- tree_base *b ATTRIBUTE_UNUSED = >base;
+ tree_common *c ATTRIBUTE_UNUSED = >common;
#ifdef ENABLE_GC_CHECKING
gcc_checking_assert (TREE_CODE (obj) == TREE_LIST);
@@ -9540,8 +9540,9 @@ freelist::reinit (tree obj AT
#ifdef ENABLE_GC_CHECKING
TREE_SET_CODE (obj, TREE_LIST);
#else
- VALGRIND_DISCARD (VALGRIND_MAKE_MEM_DEFINED (b, sizeof (*b)));
+ TREE_CHAIN (obj) = NULL_TREE;
#endif
+ VALGRIND_DISCARD (VALGRIND_MAKE_MEM_DEFINED (c, sizeof (*c)));
}
/* Point to the first object in the TREE_LIST freelist. */
where this (IMHO) ought to ensure that both TREE_TYPE and TREE_CHAIN is
accessible and NULL after tinst_level::to_list regardless of whether it was
freshly allocated or not
and regardless of ENABLE_GC_CHECKING or not.
[Bug c++/112968] Valgrind error on libstdc++-v3/testsuite/18_support/comparisons/object/93479.cc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112968 --- Comment #2 from Jakub Jelinek --- The above listed failures are all FAILs in libstdc++, except for a couple of compilation timed out ones (caused by valgrind being too slow and the box being busy). So yes, it is just -std=c++26.
[Bug c++/112968] Valgrind error on libstdc++-v3/testsuite/18_support/comparisons/object/93479.cc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112968 --- Comment #1 from Andrew Pinski --- Is the failure only with -std=gnu++26 ?
