lra: set insn_code_data to NULL when freeing

libgccjit's test-threads.c repeatedly compiles and runs numerous tests, each in a separate thread. Attempting to add an empty test that generates no code leads to a double-free ICE within that thread, within lra.c's finish_insn_code_data_once. The root cause is that the insn_code_data array is cleared in init_insn_code_data_once, but this is only called the first time a cgraph_node is expanded [1], whereas the "loop-over-all-elements and free them" is unconditionally called in finalize [2]. Hence if there are no functions: * the array is not re-initialized for the empty context * when finish_insn_code_data_once is called for the empty context it still contains the freed pointers from the previous context that held the jit mutex, and hence the free is a double-free. This patch sets the pointers to NULL after freeing them, fixing the ICE. [1] init_insn_code_data_once is called via lra_init_once called by ira_init_once called by initialize_rtl, via: if (!rtl_initialized) ira_init_once (); called by init_function_start called by cgraph_node::expand [2]: finish_insn_code_data_once is called by: lra_finish_once called by finalize gcc/ChangeLog: * lra.c (finish_insn_code_data_once): Set the array elements to NULL after freeing them. gcc/testsuite/ChangeLog: * jit.dg/all-non-failing-tests.h: Add test-empty.c
2025-03-21 08:30:35 +08:00 · 2020-03-30 11:13:59 -04:00 · 2020-03-30 11:13:59 -04:00 · 3809bcd6c0
commit 3809bcd6c0
parent 13a29fc573
4 changed files with 23 additions and 1 deletions
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@ -1,3 +1,8 @@
+2020-03-30  David Malcolm  <dmalcolm@redhat.com>
+
+	* lra.c (finish_insn_code_data_once): Set the array elements
+	to NULL after freeing them.
+
 2020-03-30  Andreas Schwab  <schwab@suse.de>

 	* config/host-linux.c (TRY_EMPTY_VM_SPACE) [__riscv && __LP64__]:
--- a/gcc/lra.c
+++ b/gcc/lra.c
@ -653,7 +653,10 @@ finish_insn_code_data_once (void)
  for (unsigned int i = 0; i < NUM_INSN_CODES; i++)
    {
      if (insn_code_data[i] != NULL)
-	free (insn_code_data[i]);
+	{
+	  free (insn_code_data[i]);
+	  insn_code_data[i] = NULL;
+	}
    }
 }

--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@ -1,3 +1,7 @@
+2020-03-30  David Malcolm  <dmalcolm@redhat.com>
+
+	* jit.dg/all-non-failing-tests.h: Add test-empty.c
+
 2020-03-30  Jakub Jelinek  <jakub@redhat.com>

 	PR c++/94385
--- a/gcc/testsuite/jit.dg/all-non-failing-tests.h
+++ b/gcc/testsuite/jit.dg/all-non-failing-tests.h
@ -116,6 +116,13 @@
 #undef create_code
 #undef verify_code

+/* test-empty.c */
+#define create_code create_code_empty
+#define verify_code verify_code_empty
+#include "test-empty.c"
+#undef create_code
+#undef verify_code
+
 /* test-error-*.c: We don't use these test cases, since they deliberately
   introduce errors, which we don't want here.  */

@ -328,6 +335,9 @@ const struct testcase testcases[] = {
  {"expressions",
   create_code_expressions,
   verify_code_expressions},
+  {"empty",
+   create_code_empty,
+   verify_code_empty},
  {"factorial",
   create_code_factorial,
   verify_code_factorial},