https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78047
Bug ID: 78047
Summary: [7 Regression] Chromium apparently gets miscompiled
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: trippels at gcc dot gnu.org
Target Milestone: ---
Chromium gets miscompiled with gcc trunk.
Bizarrely, it crashes when one tries to view Stroustrup's CppCon2016 keynote
on github:
https://github.com/CppCon/CppCon2016/blob/master/Keynotes/The%20Evolution%20of%20C++%20-%20Past,%20Present,%20and%20Future/The%20Evolution%20of%20C++%20-%20Past,%20Present,%20and%20Future%20-%20Bjarne%20Stroustrup%20-%20CppCon%202016.pdf
../../third_party/tcmalloc/chromium/src/tcmalloc.cc:289] Attempt to free
invalid pointer 0x55555f0c76f0
Thread 1 "chrome" received signal SIGSEGV, Segmentation fault.
0x0000555556028d00 in tcmalloc::Abort() ()
(gdb) bt
#0 0x0000555556028d00 in tcmalloc::Abort() ()
#1 0x000055555602d1d5 in tcmalloc::Log(tcmalloc::LogMode, char const*, int,
tcmalloc::LogItem, tcmalloc::LogItem, tcmalloc::LogItem, tcmalloc::LogItem) ()
#2 0x000055555d00ee6f in tc_free ()
#3 0x0000555557eb9b4c in GrResourceProvider::GrResourceProvider(GrGpu*,
GrResourceCache*, GrSingleOwner*) ()
#4 0x0000555557e88345 in GrContext::initCommon(GrContextOptions const&) ()
#5 0x0000555557e88734 in GrContext::Create(GrBackend, long) ()
...
I narrowed it down to a single function:
23 __attribute__((optimize("-O1")))
24 GrResourceProvider::GrResourceProvider(GrGpu* gpu, GrResourceCache* cache,
GrSingleOwner* owner)
25 : INHERITED(gpu, cache, owner) {
26 GR_DEFINE_STATIC_UNIQUE_KEY(gQuadIndexBufferKey);
27 fQuadIndexBufferKey = gQuadIndexBufferKey;
28 }
__attribute__((optimize("-O1"))) "fixes" the issue.
33929 class SkOnce {
33930 public:
33931 constexpr SkOnce() = default;
33932
33933 template <typename Fn, typename... Args>
33934 void operator()(Fn&& fn, Args&&... args) {
33935 auto state = fState.load(std::memory_order_acquire);
33936
33937 if (state == Done) {
33938 return;
33939 }
33940
33941
33942 if (state == NotStarted && fState.compare_exchange_strong(state,
Claimed,
33943
std::memory_order_relaxed)) {
33944
33945 fn(std::forward<Args>(args)...);
33946 return fState.store(Done, std::memory_order_release);
33947 }
33948
33949
33950
33951 while (fState.load(std::memory_order_acquire) != Done) { }
33952 }
33953
33954 private:
33955 enum State : uint8_t { NotStarted, Claimed, Done};
33956 std::atomic<uint8_t> fState{NotStarted};
33957 };
34201 static inline void
gr_init_static_unique_key_once(SkAlignedSTStorage<1,GrUniqueKey>* keyStorage) {
34202 GrUniqueKey* key = new (keyStorage->get()) GrUniqueKey;
34203 GrUniqueKey::Builder builder(key, GrUniqueKey::GenerateDomain(), 0);
34204 }
109423 static SkOnce gQuadIndexBufferKey_once;
109424
109425 GrResourceProvider::GrResourceProvider(GrGpu* gpu, GrResourceCache*
cache, GrSingleOwner* owner)
109426 : INHERITED(gpu, cache, owner) {
109427 static SkAlignedSTStorage<1, GrUniqueKey>
gQuadIndexBufferKey_storage;
109428
gQuadIndexBufferKey_once(gr_init_static_unique_key_once,
&gQuadIndexBufferKey_storage);
109429 static const GrUniqueKey&
gQuadIndexBufferKey =
*reinterpret_cast<GrUniqueKey*>(gQuadIndexBufferKey_storage.get());;
109430 fQuadIndexBufferKey = gQuadIndexBufferKey;
109431 }
good:
35 .type
_ZN18GrResourceProviderC2EP5GrGpuP15GrResourceCacheP13GrSingleOwner, @function
36 _ZN18GrResourceProviderC2EP5GrGpuP15GrResourceCacheP13GrSingleOwner:
37 .LFB10679:
38 .cfi_startproc
39 pushq %r14
40 .cfi_def_cfa_offset 16
41 .cfi_offset 14, -16
42 pushq %r13
43 .cfi_def_cfa_offset 24
44 .cfi_offset 13, -24
45 pushq %r12
46 .cfi_def_cfa_offset 32
47 .cfi_offset 12, -32
48 pushq %rbp
49 .cfi_def_cfa_offset 40
50 .cfi_offset 6, -40
51 pushq %rbx
52 .cfi_def_cfa_offset 48
53 .cfi_offset 3, -48
54 movq %rdi, %rbx
55 leaq 24(%rbx), %r13
56 leaq 16(%rbx), %r12
57 subq $16, %rsp
58 .cfi_def_cfa_offset 64
59 call
_ZN17GrTextureProviderC2EP5GrGpuP15GrResourceCacheP13GrSingleOwner@PLT
60 cmpb $0,
_ZGVZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip)
61 movq %r13, 16(%rbx)
62 movl $0, 24(%rbx)
63 movl $0, 28(%rbx)
64 movq $0, 56(%rbx)
65 jne .L4
66 movb $1,
_ZGVZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip)
67 .L4:
68 movzbl _ZL24gQuadIndexBufferKey_once(%rip), %eax
69 cmpb $2, %al
70 je .L8
71 testb %al, %al
72 jne .L9
73 movl $1, %edx
74 lock cmpxchgb %dl, _ZL24gQuadIndexBufferKey_once(%rip)
75 jne .L9
76 leaq
16+_ZZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip),
%rbp
77 movl $0,
16+_ZZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip)
78 movl $0,
20+_ZZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip)
79 movq %rbp,
8+_ZZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip)
80 movq $0,
48+_ZZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip)
81 call _ZN11GrUniqueKey14GenerateDomainEv@PLT
82 movq
8+_ZZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip),
%rdi
83 cmpq %rbp, %rdi
84 je .L7
85 movl %eax, 12(%rsp)
86 call _Z7sk_freePv@PLT
87 movl 12(%rsp), %eax
88 .L7:
89 orl $524288, %eax
======================================================================
bad:
35 .type
_ZN18GrResourceProviderC2EP5GrGpuP15GrResourceCacheP13GrSingleOwner, @function
36 _ZN18GrResourceProviderC2EP5GrGpuP15GrResourceCacheP13GrSingleOwner:
37 .LFB10679:
38 .cfi_startproc
39 pushq %r14
40 .cfi_def_cfa_offset 16
41 .cfi_offset 14, -16
42 pushq %r13
43 .cfi_def_cfa_offset 24
44 .cfi_offset 13, -24
45 pushq %r12
46 .cfi_def_cfa_offset 32
47 .cfi_offset 12, -32
48 pushq %rbp
49 .cfi_def_cfa_offset 40
50 .cfi_offset 6, -40
51 pushq %rbx
52 .cfi_def_cfa_offset 48
53 .cfi_offset 3, -48
54 movq %rdi, %rbx
55 leaq 24(%rbx), %r12
56 leaq 16(%rbx), %r13
57 call
_ZN17GrTextureProviderC2EP5GrGpuP15GrResourceCacheP13GrSingleOwner@PLT
58 cmpb $0,
_ZGVZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip)
59 movq %r12, 16(%rbx)
60 movl $0, 24(%rbx)
61 movl $0, 28(%rbx)
62 movq $0, 56(%rbx)
63 jne .L4
64 movb $1,
_ZGVZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip)
65 .L4:
66 movzbl _ZL24gQuadIndexBufferKey_once(%rip), %eax
67 cmpb $2, %al
68 je .L7
69 testb %al, %al
70 jne .L8
71 movl $1, %edx
72 lock cmpxchgb %dl, _ZL24gQuadIndexBufferKey_once(%rip)
73 jne .L8
74 leaq
16+_ZZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip),
%r14
75 movl $0,
16+_ZZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip)
76 movl $0,
20+_ZZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip)
77 movq %r14,
8+_ZZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip)
78 movq $0,
48+_ZZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip)
79 call _ZN11GrUniqueKey14GenerateDomainEv@PLT
80 movq
8+_ZZN18GrResourceProviderC4EP5GrGpuP15GrResourceCacheP13GrSingleOwnerE27gQuadIndexBufferKey_storage(%rip),
%rdi
81 movl %eax, %ebp
82 call _Z7sk_freePv@PLT
83 movl %ebp, %eax
84 orl $524288, %eax
Since this is using different std::memory_orders I'm not sure what is going on.
Will try to bisect it later today.
