https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112968
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |aoliva at gcc dot gnu.org,
| |jason at gcc dot gnu.org,
| |ppalka at gcc dot gnu.org
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
I believe the bug is in
https://gcc.gnu.org/legacy-ml/gcc-patches/2018-04/msg00709.html
aka r8-7885-ga56e2f69fede451499cfcbb58bab7687e4b1643a
When tinst_level::to_list is called, if it allocates new TREE_LIST, all is
fine, but
otherwise it goes through:
tree ret = tree_list_freelist ().alloc ();
TREE_PURPOSE (ret) = tldcl;
TREE_VALUE (ret) = targs;
where alloc does
T *obj = head;
head = next (head);
reinit (obj);
return obj;
and
template <>
inline void
freelist<tree_node>::reinit (tree obj ATTRIBUTE_UNUSED)
{
tree_base *b ATTRIBUTE_UNUSED = &obj->base;
#ifdef ENABLE_GC_CHECKING
gcc_checking_assert (TREE_CODE (obj) == TREE_LIST);
VALGRIND_DISCARD (VALGRIND_MAKE_MEM_UNDEFINED (obj, sizeof (tree_list)));
memset (obj, 0, sizeof (tree_list));
#endif
/* Let valgrind know the entire object is available, but
uninitialized. */
VALGRIND_DISCARD (VALGRIND_MAKE_MEM_UNDEFINED (obj, sizeof (tree_list)));
#ifdef ENABLE_GC_CHECKING
TREE_SET_CODE (obj, TREE_LIST);
#else
VALGRIND_DISCARD (VALGRIND_MAKE_MEM_DEFINED (b, sizeof (*b)));
#endif
}
Now, tree_list is:
struct GTY(()) tree_list {
struct tree_common common;
tree purpose;
tree value;
};
struct GTY(()) tree_common {
struct tree_typed typed;
tree chain;
};
struct GTY(()) tree_typed {
struct tree_base base;
tree type;
};
and the 2 stores to TREE_PURPOSE/TREE_VALUE afterwards initialize those 2, so I
believe
this leaves from valgrind annotation POV TREE_TYPE and TREE_CHAIN of the
TREE_LIST allocated from the freelist uninitialized (even when it actually is
in reality initialized from the initial build_tree_list call before it got put
into the cache).
I must say it is unclear what should be TREE_CHAIN value after
tinst_level::to_list
and what should be TREE_TYPE. Right now it is sometimes well defined NULL and
NULL (if we allocated it freshly), sometimes NULL and NULL with valgrind think
it is uninitialized (if ENABLE_GC_CHECKING where reinit clears the whole object
and sets TREE_CODE again) and sometimes garbage with valgrind thinking it is
undefined (otherwise).
After pending_template_freelist ().alloc (); we already clear pt->next = NULL;
and
similarly after tinst_level_freelist ().alloc (); we clear new_level->next =
NULL;
so I think it is just the tree_list case.
So, wonder about
--- gcc/cp/pt.cc.jj 2023-12-11 23:52:03.592513063 +0100
+++ gcc/cp/pt.cc 2023-12-12 16:40:09.259903877 +0100
@@ -9525,7 +9525,7 @@ template <>
inline void
freelist<tree_node>::reinit (tree obj ATTRIBUTE_UNUSED)
{
- tree_base *b ATTRIBUTE_UNUSED = &obj->base;
+ tree_common *c ATTRIBUTE_UNUSED = &obj->common;
#ifdef ENABLE_GC_CHECKING
gcc_checking_assert (TREE_CODE (obj) == TREE_LIST);
@@ -9540,8 +9540,9 @@ freelist<tree_node>::reinit (tree obj AT
#ifdef ENABLE_GC_CHECKING
TREE_SET_CODE (obj, TREE_LIST);
#else
- VALGRIND_DISCARD (VALGRIND_MAKE_MEM_DEFINED (b, sizeof (*b)));
+ TREE_CHAIN (obj) = NULL_TREE;
#endif
+ VALGRIND_DISCARD (VALGRIND_MAKE_MEM_DEFINED (c, sizeof (*c)));
}
/* Point to the first object in the TREE_LIST freelist. */
where this (IMHO) ought to ensure that both TREE_TYPE and TREE_CHAIN is
accessible and NULL after tinst_level::to_list regardless of whether it was
freshly allocated or not
and regardless of ENABLE_GC_CHECKING or not.
