This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: PR 34472: Fix use-after-free() and VEC iteration bugs in ipa-struct-reorg


Richard Sandiford <rsandifo@nildram.co.uk> wrote on 10/01/2008 15:25:55:

> This patch is a fix for PR34472 (but was actually posted to the
> related PR34483).  ipa-struct-reorg.c is freeing a htab from inside a
> htab_traverse of it.  Also, a couple of "remove this structure?" loops
> were skipping the structure that replaces a removed one.
>
> There is an alternative fix attached to PR34472 itself, but I prefer
> this one, because it doesn't involve allocating extra memory for a
> pending free list.
>
> The PR is about existing testsuite FAILs that only show up on some
> host/target combinations.
>
> Bootstrapped & regression-tested on x86_64-linux-gnu.
> Also regression-tested on mips64-linux-gnu.  OK to install?

Richard,

Your patch (suggested for PR 34483), also as mine patch (suggested for PR
34472),
is not actually final solution for the problem. While closing the ICE, it
produced execution failures reported in the PR 34483 that is not solved
yet.
Also with your patch there are 2 failures reported by Dave.

I did not submitted my patch (attached below), because I prefer the whole
problem to be solved first,and then submitting patches.

Sorry, the things really goes slow because I cannot reproduce
this problem on any one of my machines (although among them there are
x86_64 linux).

Regards,
Olga


Index: ipa-struct-reorg.c
===================================================================
--- ipa-struct-reorg.c  (revision 130906)
+++ ipa-struct-reorg.c  (working copy)
@@ -3068,6 +3068,17 @@
   dump_access_sites (str->accs);
 }

+/* Auxiliary data structure for safe_cond_expr_check callback function.
*/
+struct cond_check_data
+{
+  /* Structure declaration.  */
+  tree type;
+
+  /* Vector of unsuitable types. If the type participates in unsafe
+     conditional expression, it will be added to this vector.  */
+  VEC (tree, heap) **unsuitable_types;
+};
+};
 /* This function checks whether an access statement, pointed by SLOT,
    is a condition we are capable to transform. If not, it removes
    the structure with index, represented by DATA, from the vector
@@ -3077,6 +3088,7 @@
 safe_cond_expr_check (void **slot, void *data)
 {
   struct access_site *acc = *(struct access_site **) slot;
+  struct cond_check_data dt = *(struct cond_check_data *) data;

   if (TREE_CODE (acc->stmt) == COND_EXPR)
     {
@@ -3087,7 +3099,7 @@
            fprintf (dump_file, "\nUnsafe conditional statement ");;
            print_generic_stmt (dump_file, acc->stmt, 0);
          }
-       remove_structure (*(unsigned *) data);
+       add_unsuitable_type (dt.unsuitable_types, dt.type);
      }
     }
   return 1;
@@ -3541,10 +3553,23 @@
 {
   d_str str;
   unsigned i;
+  VEC (tree, heap) *unsuitable_types = VEC_alloc (tree, heap,
+                                     VEC_length (structure,
+                                               structures));
+  struct cond_check_data data;

+  data.type = NULL_TREE;
+  data.unsuitable_types = &unsuitable_types;
+
   for (i = 0; VEC_iterate (structure, structures, i, str); i++)
     if (str->accs)
-      htab_traverse (str->accs, safe_cond_expr_check, &i);
+      {
+     data.type = str->decl;
+     htab_traverse (str->accs, safe_cond_expr_check, &data););
+      }
+
+  remove_unsuitable_types (unsuitable_types);
+  VEC_free (tree, heap, unsuitable_types);
 }

 /* We exclude from non-field accesses of the structure
@@ -3848,6 +3873,9 @@
   gcov_type hotest = 0;
   unsigned i;
   d_str str;;
+  VEC (tree, heap) *unsuitable_types = VEC_alloc (tree, heap,
+                                     VEC_length (structure,
+                                               structures));

   /* We summarize counts of fields of a structure into the structure
count.  */
   for (i = 0; VEC_iterate (structure, structures, i, str); i++)
@@ -3863,8 +3891,11 @@
          print_generic_expr (dump_file, str->decl, 0);
          fprintf (dump_file, " is cold.");
        }
-     remove_structure (i);
+     add_unsuitable_type (&unsuitable_types, str->decl);
       }
+
+  remove_unsuitable_types (unsuitable_types);>
+  VEC_free (tree, heap, unsuitable_types);
 }

 /* This function decomposes original structure into substructures,


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]