[Bug middle-end/111505] [14 Regression] Asan (address-sanitizer) bootstrap fails since r14-4003-geaa8e8541349df

[slyfox at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111505

Sergei Trofimovich  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
   Assignee|unassigned at gcc dot gnu.org  |slyfox at gcc dot 
gnu.org
 Resolution|--- |FIXED

--- Comment #7 from Sergei Trofimovich  ---
I can confirm --with-build-config=bootstrap-asan fails the same way before the
fix and passes successfully after the fix.

Let's declare it FIXED.

[Bug middle-end/111505] [14 Regression] Asan (address-sanitizer) bootstrap fails since r14-4003-geaa8e8541349df

[cvs-commit at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111505

--- Comment #6 from CVS Commits  ---
The master branch has been updated by Sergei Trofimovich :

https://gcc.gnu.org/g:7525707c5f3edb46958c4fdfbe30de5ddfa8923a

commit r14-4327-g7525707c5f3edb46958c4fdfbe30de5ddfa8923a
Author: Sergei Trofimovich 
Date:   Thu Sep 28 20:20:31 2023 +0100

ggc: do not wipe out unrelated data via gt_ggc_rtab [PR111505]

There are 3 GC root tables:

   gt_ggc_rtab
   gt_ggc_deletable_rtab
   gt_pch_scalar_rtab

`deletable` and `scalar` tables are both simple: each element always
contains a pointer to the beginning of the object and it's size is the
full object.

`rtab` is different: it's `base` is a pointer in the middle of the
struct and `stride` points to the next GC pointer in the array.

Before the change there were 2 problems:

1. We memset()ed not just pointers but data around them.
2. We wen out of bounds of the last object described by gt_ggc_rtab
   and triggered bootstrap failures in profile and asan bootstraps.

After the change we handle only pointers themselves like the rest of
ggc-common.cc code.

gcc/
PR middle-end/111505
* ggc-common.cc (ggc_zero_out_root_pointers, ggc_common_finalize):
Add new helper. Use helper instead of memset() to wipe out
pointers.

[Bug middle-end/111505] [14 Regression] Asan (address-sanitizer) bootstrap fails since r14-4003-geaa8e8541349df

[slyfox at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111505

--- Comment #5 from Sergei Trofimovich  ---
(In reply to Sergei Trofimovich from comment #4)
> Is it a ggc_common_finalize() bug in assuming that `base` does not point to
> the bbeginning of a struct?
> Or a `gt_ggc_r_gt_cp_tree_h` bug that it does not point to the beginning of
> the struct?
> 
> Also while at it: what should `ggc_common_finalize ()` ideally do to
> `ovl_op_info`? memset() all of it? Or only pointers? I think it has
> information only to do latter but it does it in a very strange way.

Proposed fix as
https://gcc.gnu.org/pipermail/gcc-patches/2023-September/631634.html . That
fixes `profiledbootstrap` for me.

Having stared a bit more at gcc/ggc-common.cc the answer is: it's complicated.

There are 3 roots:

   gt_ggc_rtab
   gt_ggc_deletable_rtab
   gt_pch_scalar_rtab

Last two are simple: these are single-element complete values without
complexities. But gt_ggc_rtab is different: it encodes pointer locations within
structs (of non-pointers). GCH code carefully extracts and restores those
pointers. An example:

  for (rt = gt_ggc_rtab; *rt; rt++)
for (rti = *rt; rti->base != NULL; rti++)
  for (i = 0; i < rti->nelt; i++)
(*rti->pchw)(*(void **)((char *)rti->base + rti->stride * i));

finalize() should do the same.

[Bug middle-end/111505] [14 Regression] Asan (address-sanitizer) bootstrap fails since r14-4003-geaa8e8541349df

[slyfox at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111505

--- Comment #4 from Sergei Trofimovich  ---
In https://gcc.gnu.org/PR111629#c0 profiled bootstrap fales for a similar
reason.

There ggc_common_finalize() memset()s unexpected memory location

#1  0x01933651 in ggc_common_finalize () at
/home/slyfox/dev/git/gcc/gcc/ggc-common.cc:1312
1312  memset (rti->base, 0, rti->stride * rti->nelt);
(gdb) list
1307for (rti = *rt; rti->base != NULL; rti++)
1308  memset (rti->base, 0, rti->stride * rti->nelt);
1309
1310  for (rt = gt_ggc_rtab; *rt; rt++)
1311for (rti = *rt; rti->base != NULL; rti++)
1312  memset (rti->base, 0, rti->stride * rti->nelt);


for this global:

struct GTY(()) ovl_op_info_t {
  /* The IDENTIFIER_NODE for the operator.  */
  tree identifier;
  /* The name of the operator.  */
  const char *name;
  /* The mangled name of the operator.  */
  const char *mangled_name;
  /* The (regular) tree code.  */
  enum tree_code tree_code : 16;
  /* The (compressed) operator code.  */
  enum ovl_op_code ovl_op_code : 8;
  /* The ovl_op_flags of the operator */
  unsigned flags : 8;
};

/* Overloaded operator info indexed by ass_op_p & ovl_op_code.  */
extern GTY(()) ovl_op_info_t ovl_op_info[2][OVL_OP_MAX];

Generated tables:

/* Structures for the easy way to mark roots.
   In an array, terminated by having base == NULL.  */
struct ggc_root_tab {
  void *base;
  size_t nelt;
  size_t stride;
  gt_pointer_walker cb;
  gt_pointer_walker pchw;
};

EXPORTED_CONST struct ggc_root_tab gt_ggc_r_gt_cp_tree_h[] = {
...
  { // 4
_op_info[0][0].identifier,
1 * (2) * (OVL_OP_MAX),
sizeof (ovl_op_info[0][0]),
_ggc_mx_tree_node,
_pch_nx_tree_node
  },
  { // 5
_op_info[0][0].name,
1 * (2) * (OVL_OP_MAX),
sizeof (ovl_op_info[0][0]),
(gt_pointer_walker) _ggc_m_S,
(gt_pointer_walker) _pch_n_S
  },
  { //6
_op_info[0][0].mangled_name,
1 * (2) * (OVL_OP_MAX),
sizeof (ovl_op_info[0][0]),
(gt_pointer_walker) _ggc_m_S,
(gt_pointer_walker) _pch_n_S
  },

Is it a ggc_common_finalize() bug in assuming that `base` does not point to the
bbeginning of a struct?
Or a `gt_ggc_r_gt_cp_tree_h` bug that it does not point to the beginning of the
struct?

Also while at it: what should `ggc_common_finalize ()` ideally do to
`ovl_op_info`? memset() all of it? Or only pointers? I think it has information
only to do latter but it does it in a very strange way.

[Bug middle-end/111505] [14 Regression] Asan (address-sanitizer) bootstrap fails since r14-4003-geaa8e8541349df

[pinskia at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111505

Andrew Pinski  changed:

   What|Removed |Added

 CC||slyfox at gcc dot gnu.org

--- Comment #3 from Andrew Pinski  ---
*** Bug 111629 has been marked as a duplicate of this bug. ***

[Bug middle-end/111505] [14 Regression] Asan (address-sanitizer) bootstrap fails since r14-4003-geaa8e8541349df

[rguenth at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111505

Richard Biener  changed:

   What|Removed |Added

   Priority|P3  |P1
Summary|Asan (address-sanitizer)|[14 Regression] Asan
   |bootstrap fails since   |(address-sanitizer)
   |r14-4003-geaa8e8541349df|bootstrap fails since
   ||r14-4003-geaa8e8541349df

--- Comment #2 from Richard Biener  ---
Quite odd indeed.