[Bug middle-end/111505] [14 Regression] Asan (address-sanitizer) bootstrap fails since r14-4003-geaa8e8541349df

slyfox at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Thu Sep 28 15:07:14 GMT 2023 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111505

--- Comment #4 from Sergei Trofimovich <slyfox at gcc dot gnu.org> ---
In https://gcc.gnu.org/PR111629#c0 profiled bootstrap fales for a similar
reason.

There ggc_common_finalize() memset()s unexpected memory location

#1  0x0000000001933651 in ggc_common_finalize () at
/home/slyfox/dev/git/gcc/gcc/ggc-common.cc:1312
1312          memset (rti->base, 0, rti->stride * rti->nelt);
(gdb) list
1307        for (rti = *rt; rti->base != NULL; rti++)
1308          memset (rti->base, 0, rti->stride * rti->nelt);
1309
1310      for (rt = gt_ggc_rtab; *rt; rt++)
1311        for (rti = *rt; rti->base != NULL; rti++)
1312          memset (rti->base, 0, rti->stride * rti->nelt);


for this global:

struct GTY(()) ovl_op_info_t {
  /* The IDENTIFIER_NODE for the operator.  */
  tree identifier;
  /* The name of the operator.  */
  const char *name;
  /* The mangled name of the operator.  */
  const char *mangled_name;
  /* The (regular) tree code.  */
  enum tree_code tree_code : 16;
  /* The (compressed) operator code.  */
  enum ovl_op_code ovl_op_code : 8;
  /* The ovl_op_flags of the operator */
  unsigned flags : 8;
};

/* Overloaded operator info indexed by ass_op_p & ovl_op_code.  */
extern GTY(()) ovl_op_info_t ovl_op_info[2][OVL_OP_MAX];

Generated tables:

/* Structures for the easy way to mark roots.
   In an array, terminated by having base == NULL.  */
struct ggc_root_tab {
  void *base;
  size_t nelt;
  size_t stride;
  gt_pointer_walker cb;
  gt_pointer_walker pchw;
};

EXPORTED_CONST struct ggc_root_tab gt_ggc_r_gt_cp_tree_h[] = {
...
  { // 4
    &ovl_op_info[0][0].identifier,
    1 * (2) * (OVL_OP_MAX),
    sizeof (ovl_op_info[0][0]),
    &gt_ggc_mx_tree_node,
    &gt_pch_nx_tree_node
  },
  { // 5
    &ovl_op_info[0][0].name,
    1 * (2) * (OVL_OP_MAX),
    sizeof (ovl_op_info[0][0]),
    (gt_pointer_walker) &gt_ggc_m_S,
    (gt_pointer_walker) &gt_pch_n_S
  },
  { //6
    &ovl_op_info[0][0].mangled_name,
    1 * (2) * (OVL_OP_MAX),
    sizeof (ovl_op_info[0][0]),
    (gt_pointer_walker) &gt_ggc_m_S,
    (gt_pointer_walker) &gt_pch_n_S
  },

Is it a ggc_common_finalize() bug in assuming that `base` does not point to the
bbeginning of a struct?
Or a `gt_ggc_r_gt_cp_tree_h` bug that it does not point to the beginning of the
struct?

Also while at it: what should `ggc_common_finalize ()` ideally do to
`ovl_op_info`? memset() all of it? Or only pointers? I think it has information
only to do latter but it does it in a very strange way.

More information about the Gcc-bugs mailing list