Fix memory corruption in operands
Jan Hubicka
hubicka@ucw.cz
Mon Jan 22 21:20:00 GMT 2007
> On Mon, 2007-01-22 at 19:21 +0100, Jan Hubicka wrote:
> > > On Mon, 2007-01-22 at 17:36 +0100, Jan Hubicka wrote:
>
> > >
> > > you will of course lose that if you go to a global list because the
> > > cache will never be freed up until the last function is processed. It
> > > boils down to how well we manage the annotations. As far as I know, they
> > > should be handled reasonably well. If we don't, They certainly should
> > > be anyway :-)
> >
> > Well, the only place we call free_ssa_operands is from delete_ssa, so
> > all stmt annotations for statments elliminated by DCE and others are
> > left dead for a moment I blieve.
>
> Hmm. There is code in here that is no longer working the way I
> originally intended. I shall have to make a few changes :-)
> free_ssa_operands() isnt serving a lot of purpose where it is. its
> simply clearing out the annotation before ssa is destroyed, which
> doesn't do much when it comes to the cache since it gets completely
> destroyed anyway. The pointers to the operands are irrelevant.
Yep :)
>
> It looks like we dont actually have a way of catching removed stmts
> earlier. Part for the reason for that is because bsi_remove() is
> responsible for removing a stmt from from the stmt list, not actually
> destroying the stmt. A removed stmt could immediately be linked back
> into the stmt list, and then you would of course still want the
> operands.
Yes, we have weakly defined what bsi_remove should do. At the moment it
just removes the stmt from list and few tables, while it keeps
annotations/SSA names and others.
Zdenek hit the problem with his (unfinished) work on removing unused SSA
names from the list
http://www.mail-archive.com/gcc@gcc.gnu.org/msg22722.html
I think he is right making bsi_remove destructive (ie remove/free as
much from statement as we manage explicitely expecting it to not be used
again).
Perhaps the not too obvious BOOL argument can be eliminated by forking
bsi_remove into bsi_remove (doing all the removal) and bsi_unlink
(expecting the statement to be linked back again).
>
> Do the stmt annotations for these deleted stmts ever get freed either? I
> cant seem to find a routine that does that, so they are just garbage
> collected when the stmt is collected?
Yes, they are garbage collected. Sadly we reference to dead statements
in many places, so I think it would be profitable to actually clear the
link to annotation so it actually can be ggc_collected.
See the other thread on ggc_unreferenced_object - I would like to
progress on eliminating those dangling pointers to statements, but it is
harder that one would think.
>
> Perhaps we need in addition to bsi_remove() a bsi_destroy() which also
bsi_remove/bsi_destroy or bsi_remove/bsi_unlink :) But yes, we are on
the same track.
> frees up anything associated with it. It could then call
> free_ssa_operands() which could then be fixed to us the free lists.
>
> I'll take a look at that. I thought we had actually done the
> bsi_destroy() before, but perhaps it was just the remove_eh flag which
> has been added.. is there ever a case where we ask to remove the eh
> info, and we AREN'T destroying the stmt? Anyhoo, I'll take a look.
Well, we can make the statement untrapping and then remove EH, but we
probably won't do that via remove_stmt.
>
> > Just to get some hard data, at the end of compilation we have for
> > combine.c:
> >
> > tree-ssanames.c:143 (make_ssa_name) 1367136: 4.1% 0: 0.0% 0: 0.0% 0: 0.0% 28482
> > tree-inline.c:2754 (copy_tree_r) 1372400: 4.2% 0: 0.0% 0: 0.0% 17356: 0.5% 37765
> > tree-dfa.c:189 (create_stmt_ann) 1433432: 4.3% 866376: 6.3% 0: 0.0% 0: 0.0% 41068
> > genrtl.c:17 (gen_rtx_fmt_ee) 1885404: 5.7% 0: 0.0% 1956: 0.1% 0: 0.0% 157280
> > Total 32996633 13710922 3145510 3307173 1365803
> > source location Garbage Freed Leak Overhead Times
> >
> > (this show that stmt annotations are one of major memory consumers, but
> > also that amount of them allocated by left unfreeded to them freeded is
> > something like 4:6. This seems like pretty big leak for freelists. It
> > is of course bigger when amount of dead code increase, ie for example in
> > tramp3d).
>
> We dont actually have a free list for stmt annotations right? they are
> just garbaged collected. If we destroyed a stmt as mentioned above by
> also clearing out the annotation field, would that help at all? probably
> not. they would get collected at the same time as the stmt that was
> delinked by bsi_remove() anyway.
We call gcc_free on stmt annotations just before releasing going to RTL.
I used this logic as base for the numbers above (freed/leaking), since
we clear SSA operands shortly before on the very same set of statements.
Otherwise they are just left to be collected.
Exlicit allocation on thsese (via freelists or ggc_free) would make
sense. During early optimization on C++ we tend to produce tons of
statements to just remove them shortly.
>
> what exactly does that "leak" number mean? The operand cache is all
> pointed to via a linked list of large segments which operands are
> sub-allocated from and all freed at once as segments, so it should never
> show up as a "leak". And annotations are all GC'd, so I wouldnt think
> they would ever show up as a leak. Or am I misinterpreting what a leak
> is?
Garbage is memory that has been garbage collected out, Freed is memory
explicitely freed via ggc_free, Leak is memory still referenced.
They are not leaking in the numbers above.
The other set of numbers was run just after IPA, so at this time all the
annotations/operands for all the live functions was included.
>
> how do I get this memory report?
You need to compile with --enable-gather-detailed-mem-stats and then
you can use -fmem-report to get numbers after whole compilation,
-fpre-ipa-mem-report -fpost-ipa-mem-report to get allocations before and
after.
>
> > Which is one of few places where we get the freelists right, sadly.
>
> well, it will certainly help if I add a bsi_destroy() and add the caches
> to the free list, and make the free list global to the compilation unit.
> I'll have a look and see if I can help.
Thanks a lot!
Honza
>
> Andrew
More information about the Gcc-patches
mailing list