https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112968
--- Comment #4 from GCC Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Jakub Jelinek <ja...@gcc.gnu.org>: https://gcc.gnu.org/g:7ff33c609a64319583223d6d39a89e971f993ecf commit r14-6529-g7ff33c609a64319583223d6d39a89e971f993ecf Author: Jakub Jelinek <ja...@redhat.com> Date: Thu Dec 14 07:57:34 2023 +0100 c++: Fix tinst_level::to_list [PR112968] With valgrind checking, there are various errors reported on some C++26 libstdc++ tests, like: ==2009913== Conditional jump or move depends on uninitialised value(s) ==2009913== at 0x914C59: gt_ggc_mx_lang_tree_node(void*) (gt-cp-tree.h:107) ==2009913== by 0x8AB7A5: gt_ggc_mx_tinst_level(void*) (gt-cp-pt.h:32) ==2009913== by 0xB89B25: ggc_mark_root_tab(ggc_root_tab const*) (ggc-common.cc:75) ==2009913== by 0xB89DF4: ggc_mark_roots() (ggc-common.cc:104) ==2009913== by 0x9D6311: ggc_collect(ggc_collect) (ggc-page.cc:2227) ==2009913== by 0xDB70F6: execute_one_pass(opt_pass*) (passes.cc:2738) ==2009913== by 0xDB721F: execute_pass_list_1(opt_pass*) (passes.cc:2755) ==2009913== by 0xDB7258: execute_pass_list(function*, opt_pass*) (passes.cc:2766) ==2009913== by 0xA55525: cgraph_node::analyze() (cgraphunit.cc:695) ==2009913== by 0xA57CC7: analyze_functions(bool) (cgraphunit.cc:1248) ==2009913== by 0xA5890D: symbol_table::finalize_compilation_unit() (cgraphunit.cc:2555) ==2009913== by 0xEB02A1: compile_file() (toplev.cc:473) I think the problem is in the tinst_level::to_list optimization from 2018. That function returns a TREE_LIST with TREE_PURPOSE/TREE_VALUE filled in. Either it freshly allocates using build_tree_list (NULL, NULL); + stores TREE_PURPOSE/TREE_VALUE, that case is fine (the whole tree_list object is zeros, except for TREE_CODE set to TREE_LIST and TREE_PURPOSE/TREE_VALUE modified later; the above also means in particular TREE_TYPE of it is NULL and TREE_CHAIN is NULL and both are accessible/initialized even in valgrind annotations. Or it grabs a TREE_LIST node from a freelist. If defined(ENABLE_GC_CHECKING), the object is still all zeros except for TREE_CODE/TREE_PURPOSE/TREE_VALUE like in the fresh allocation case (but unlike the build_tree_list case in the valgrind annotations TREE_TYPE and TREE_CHAIN are marked as uninitialized). If !defined(ENABLE_GC_CHECKING), I believe the actual memory content is that everything but TREE_CODE/TREE_PURPOSE/TREE_VALUE/TREE_CHAIN is zeros and TREE_CHAIN is something random (whatever next entry is in the freelist, nothing overwrote it) and from valgrind POV again, TREE_TYPE and TREE_CHAIN are marked as uninitialized. When using the other freelist instantiations (pending_template and tinst_level) I believe everything is correct, from valgrind POV it marks the whole pending_template or tinst_level as uninitialized, but the caller initializes it all). One way to fix this would be let tinst_level::to_list not store just TREE_PURPOSE (ret) = tldcl; TREE_VALUE (ret) = targs; but also TREE_TYPE (ret) = NULL_TREE; TREE_CHAIN (ret) = NULL_TREE; Though, that seems like wasted effort in the build_tree_list case to me. So, the following patch instead does that TREE_CHAIN = NULL_TREE store only in the case where it isn't already done (and likewise for TREE_TYPE just to be sure) and marks both TREE_CHAIN and TREE_TYPE as initialized (the latter is at that spot, the former is because we never really touch TREE_TYPE of a TREE_LIST anywhere and so the NULL gets stored into the freelist and restored from there (except for ENABLE_GC_CHECKING where it is poisoned and then cleared again). 2023-12-14 Jakub Jelinek <ja...@redhat.com> PR c++/112968 * pt.cc (freelist<tree_node>::reinit): Make whole obj->common defined for valgrind annotations rather than just obj->base, and do it even for ENABLE_GC_CHECKING. If not ENABLE_GC_CHECKING, clear TREE_CHAIN (obj) and TREE_TYPE (obj).
