After a recent merge of trunk to the jit branch that brought in ipa-icf,
the new pass was segfaulting on the second iteration of an in-process
compile; e.g. with:
test-factorial.exe: internal compiler error: Segmentation fault
0x7f3f20c2301a crash_signal
../../src/gcc/toplev.c:349
0x7f3f207e963e bitmap_initialize_stat
../../src/gcc/bitmap.h:277
0x7f3f207e963e bitmap_obstack_alloc_stat(bitmap_obstack*)
../../src/gcc/bitmap.c:377
0x7f3f21360acb ipa_icf::sem_item::setup(bitmap_obstack*)
../../src/gcc/ipa-icf.c:142
0x7f3f2136099d ipa_icf::sem_item::sem_item(ipa_icf::sem_item_type,
symtab_node*, unsigned int, bitmap_obstack*)
../../src/gcc/ipa-icf.c:116
0x7f3f21360e41 ipa_icf::sem_function::sem_function(cgraph_node*, unsigned int,
bitmap_obstack*)
../../src/gcc/ipa-icf.c:192
0x7f3f21363012 ipa_icf::sem_function::parse(cgraph_node*, bitmap_obstack*)
../../src/gcc/ipa-icf.c:803
0x7f3f21365911 ipa_icf::sem_item_optimizer::parse_funcs_and_vars()
../../src/gcc/ipa-icf.c:1619
0x7f3f21367cb5 ipa_icf_generate_summary
../../src/gcc/ipa-icf.c:2287
0x7f3f20b5eaa4 execute_ipa_summary_passes(ipa_opt_pass_d*)
../../src/gcc/passes.c:1952
0x7f3f20826ce8 ipa_passes
../../src/gcc/cgraphunit.c:2043
0x7f3f2082706a symbol_table::compile()
../../src/gcc/cgraphunit.c:2137
0x7f3f20827400 symbol_table::finalize_compilation_unit()
../../src/gcc/cgraphunit.c:2290
0x7f3f207bf73c jit_langhook_write_globals
../../src/gcc/jit/dummy-frontend.c:212
This turns out to be a use-after-delete: the "optimizer" singleton was
not being reset to NULL after being deleted, so on subsequent in-process
invocations of toplev::main the new instance of the pass_ipa_icf was
using the deleted memory from the previous compile.
The one-liner solution I applied to the jit branch was to simply reset
the ptr to NULL after deleting it to ensure that a fresh
sem_item_optimizer gets built on each in-process compile.
Attached is a version of that jit patch, that I've now committed to
trunk.
Bootstrapped on x86_64-unknown-linux-gnu (Fedora 20).
Committed to trunk as r216561, since this seems obvious.
A more involved solution might be to eliminate this singleton in favor
of making it instance data of the class pass_ipa_icf, but that would
involved making the IPA hooks be vfuncs, so not doing that for now.
The other new piece of global state in ipa-icf.c is:
unsigned int sem_item_optimizer::class_id = 0;
Honza, Martin: is there any reason that class_id is static, rather that
being instance data of the sem_item_optimizer instance? As far as I can
see, it's only ever accessed from sem_item_optimizer methods. Though
the jit branch's testsuite seems to work OK if I don't bother resetting
it back to 0...
Thanks
Dave
Index: gcc/ChangeLog
===================================================================
--- gcc/ChangeLog (revision 216560)
+++ gcc/ChangeLog (revision 216561)
@@ -1,3 +1,7 @@
+2014-10-22 David Malcolm <dmalc...@redhat.com>
+
+ * ipa-icf.c (ipa_icf_driver): Set optimizer to NULL when done.
+
2014-10-22 Andrew MacLeod <amacl...@redhat.com>
* cfgbuild.h: New. Add prototypes for cfgbuild.c.
Index: gcc/ipa-icf.c
===================================================================
--- gcc/ipa-icf.c (revision 216560)
+++ gcc/ipa-icf.c (revision 216561)
@@ -2320,6 +2320,7 @@
optimizer->unregister_hooks ();
delete optimizer;
+ optimizer = NULL;
return 0;
}
