[Bug c++/112968] Valgrind error on libstdc++-v3/testsuite/18_support/comparisons/object/93479.cc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112968 Jakub Jelinek changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED --- Comment #5 from Jakub Jelinek --- Fixed.
[Bug c++/112968] Valgrind error on libstdc++-v3/testsuite/18_support/comparisons/object/93479.cc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112968 --- Comment #4 from GCC Commits --- The master branch has been updated by Jakub Jelinek : https://gcc.gnu.org/g:7ff33c609a64319583223d6d39a89e971f993ecf commit r14-6529-g7ff33c609a64319583223d6d39a89e971f993ecf Author: Jakub Jelinek Date: Thu Dec 14 07:57:34 2023 +0100 c++: Fix tinst_level::to_list [PR112968] With valgrind checking, there are various errors reported on some C++26 libstdc++ tests, like: ==2009913== Conditional jump or move depends on uninitialised value(s) ==2009913==at 0x914C59: gt_ggc_mx_lang_tree_node(void*) (gt-cp-tree.h:107) ==2009913==by 0x8AB7A5: gt_ggc_mx_tinst_level(void*) (gt-cp-pt.h:32) ==2009913==by 0xB89B25: ggc_mark_root_tab(ggc_root_tab const*) (ggc-common.cc:75) ==2009913==by 0xB89DF4: ggc_mark_roots() (ggc-common.cc:104) ==2009913==by 0x9D6311: ggc_collect(ggc_collect) (ggc-page.cc:2227) ==2009913==by 0xDB70F6: execute_one_pass(opt_pass*) (passes.cc:2738) ==2009913==by 0xDB721F: execute_pass_list_1(opt_pass*) (passes.cc:2755) ==2009913==by 0xDB7258: execute_pass_list(function*, opt_pass*) (passes.cc:2766) ==2009913==by 0xA55525: cgraph_node::analyze() (cgraphunit.cc:695) ==2009913==by 0xA57CC7: analyze_functions(bool) (cgraphunit.cc:1248) ==2009913==by 0xA5890D: symbol_table::finalize_compilation_unit() (cgraphunit.cc:2555) ==2009913==by 0xEB02A1: compile_file() (toplev.cc:473) I think the problem is in the tinst_level::to_list optimization from 2018. That function returns a TREE_LIST with TREE_PURPOSE/TREE_VALUE filled in. Either it freshly allocates using build_tree_list (NULL, NULL); + stores TREE_PURPOSE/TREE_VALUE, that case is fine (the whole tree_list object is zeros, except for TREE_CODE set to TREE_LIST and TREE_PURPOSE/TREE_VALUE modified later; the above also means in particular TREE_TYPE of it is NULL and TREE_CHAIN is NULL and both are accessible/initialized even in valgrind annotations. Or it grabs a TREE_LIST node from a freelist. If defined(ENABLE_GC_CHECKING), the object is still all zeros except for TREE_CODE/TREE_PURPOSE/TREE_VALUE like in the fresh allocation case (but unlike the build_tree_list case in the valgrind annotations TREE_TYPE and TREE_CHAIN are marked as uninitialized). If !defined(ENABLE_GC_CHECKING), I believe the actual memory content is that everything but TREE_CODE/TREE_PURPOSE/TREE_VALUE/TREE_CHAIN is zeros and TREE_CHAIN is something random (whatever next entry is in the freelist, nothing overwrote it) and from valgrind POV again, TREE_TYPE and TREE_CHAIN are marked as uninitialized. When using the other freelist instantiations (pending_template and tinst_level) I believe everything is correct, from valgrind POV it marks the whole pending_template or tinst_level as uninitialized, but the caller initializes it all). One way to fix this would be let tinst_level::to_list not store just TREE_PURPOSE (ret) = tldcl; TREE_VALUE (ret) = targs; but also TREE_TYPE (ret) = NULL_TREE; TREE_CHAIN (ret) = NULL_TREE; Though, that seems like wasted effort in the build_tree_list case to me. So, the following patch instead does that TREE_CHAIN = NULL_TREE store only in the case where it isn't already done (and likewise for TREE_TYPE just to be sure) and marks both TREE_CHAIN and TREE_TYPE as initialized (the latter is at that spot, the former is because we never really touch TREE_TYPE of a TREE_LIST anywhere and so the NULL gets stored into the freelist and restored from there (except for ENABLE_GC_CHECKING where it is poisoned and then cleared again). 2023-12-14 Jakub Jelinek PR c++/112968 * pt.cc (freelist::reinit): Make whole obj->common defined for valgrind annotations rather than just obj->base, and do it even for ENABLE_GC_CHECKING. If not ENABLE_GC_CHECKING, clear TREE_CHAIN (obj) and TREE_TYPE (obj).
[Bug c++/112968] Valgrind error on libstdc++-v3/testsuite/18_support/comparisons/object/93479.cc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112968 Jakub Jelinek changed: What|Removed |Added CC||aoliva at gcc dot gnu.org, ||jason at gcc dot gnu.org, ||ppalka at gcc dot gnu.org --- Comment #3 from Jakub Jelinek --- I believe the bug is in https://gcc.gnu.org/legacy-ml/gcc-patches/2018-04/msg00709.html aka r8-7885-ga56e2f69fede451499cfcbb58bab7687e4b1643a When tinst_level::to_list is called, if it allocates new TREE_LIST, all is fine, but otherwise it goes through: tree ret = tree_list_freelist ().alloc (); TREE_PURPOSE (ret) = tldcl; TREE_VALUE (ret) = targs; where alloc does T *obj = head; head = next (head); reinit (obj); return obj; and template <> inline void freelist::reinit (tree obj ATTRIBUTE_UNUSED) { tree_base *b ATTRIBUTE_UNUSED = >base; #ifdef ENABLE_GC_CHECKING gcc_checking_assert (TREE_CODE (obj) == TREE_LIST); VALGRIND_DISCARD (VALGRIND_MAKE_MEM_UNDEFINED (obj, sizeof (tree_list))); memset (obj, 0, sizeof (tree_list)); #endif /* Let valgrind know the entire object is available, but uninitialized. */ VALGRIND_DISCARD (VALGRIND_MAKE_MEM_UNDEFINED (obj, sizeof (tree_list))); #ifdef ENABLE_GC_CHECKING TREE_SET_CODE (obj, TREE_LIST); #else VALGRIND_DISCARD (VALGRIND_MAKE_MEM_DEFINED (b, sizeof (*b))); #endif } Now, tree_list is: struct GTY(()) tree_list { struct tree_common common; tree purpose; tree value; }; struct GTY(()) tree_common { struct tree_typed typed; tree chain; }; struct GTY(()) tree_typed { struct tree_base base; tree type; }; and the 2 stores to TREE_PURPOSE/TREE_VALUE afterwards initialize those 2, so I believe this leaves from valgrind annotation POV TREE_TYPE and TREE_CHAIN of the TREE_LIST allocated from the freelist uninitialized (even when it actually is in reality initialized from the initial build_tree_list call before it got put into the cache). I must say it is unclear what should be TREE_CHAIN value after tinst_level::to_list and what should be TREE_TYPE. Right now it is sometimes well defined NULL and NULL (if we allocated it freshly), sometimes NULL and NULL with valgrind think it is uninitialized (if ENABLE_GC_CHECKING where reinit clears the whole object and sets TREE_CODE again) and sometimes garbage with valgrind thinking it is undefined (otherwise). After pending_template_freelist ().alloc (); we already clear pt->next = NULL; and similarly after tinst_level_freelist ().alloc (); we clear new_level->next = NULL; so I think it is just the tree_list case. So, wonder about --- gcc/cp/pt.cc.jj 2023-12-11 23:52:03.592513063 +0100 +++ gcc/cp/pt.cc2023-12-12 16:40:09.259903877 +0100 @@ -9525,7 +9525,7 @@ template <> inline void freelist::reinit (tree obj ATTRIBUTE_UNUSED) { - tree_base *b ATTRIBUTE_UNUSED = >base; + tree_common *c ATTRIBUTE_UNUSED = >common; #ifdef ENABLE_GC_CHECKING gcc_checking_assert (TREE_CODE (obj) == TREE_LIST); @@ -9540,8 +9540,9 @@ freelist::reinit (tree obj AT #ifdef ENABLE_GC_CHECKING TREE_SET_CODE (obj, TREE_LIST); #else - VALGRIND_DISCARD (VALGRIND_MAKE_MEM_DEFINED (b, sizeof (*b))); + TREE_CHAIN (obj) = NULL_TREE; #endif + VALGRIND_DISCARD (VALGRIND_MAKE_MEM_DEFINED (c, sizeof (*c))); } /* Point to the first object in the TREE_LIST freelist. */ where this (IMHO) ought to ensure that both TREE_TYPE and TREE_CHAIN is accessible and NULL after tinst_level::to_list regardless of whether it was freshly allocated or not and regardless of ENABLE_GC_CHECKING or not.
[Bug c++/112968] Valgrind error on libstdc++-v3/testsuite/18_support/comparisons/object/93479.cc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112968 --- Comment #2 from Jakub Jelinek --- The above listed failures are all FAILs in libstdc++, except for a couple of compilation timed out ones (caused by valgrind being too slow and the box being busy). So yes, it is just -std=c++26.
[Bug c++/112968] Valgrind error on libstdc++-v3/testsuite/18_support/comparisons/object/93479.cc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112968 --- Comment #1 from Andrew Pinski --- Is the failure only with -std=gnu++26 ?