From: Jakub Jelinek Date: Fri, 16 Feb 2018 09:26:27 +0000 (+0100) Subject: re PR target/84272 (AddressSanitizer: heap-use-after-free ../../gcc/config/aarch64... X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=1e6d3b10e3a4eb554f1275ac8a0d7ee30f31f476;p=gcc.git re PR target/84272 (AddressSanitizer: heap-use-after-free ../../gcc/config/aarch64/cortex-a57-fma-steering.c:519 in fma_node::get_parity()) PR target/84272 * config/aarch64/cortex-a57-fma-steering.c (fma_forest::merge_forest): Use ++iter rather than iter++ for std::list iterators. (func_fma_steering::dfs): Likewise. Don't delete nodes right away, defer deleting them until all nodes in the forest are processed. Do free even leaf nodes. Change to_process into auto_vec. * g++.dg/opt/pr84272.C: New test. From-SVN: r257727 --- diff --git a/gcc/ChangeLog b/gcc/ChangeLog index 85c7880e237..67e207385ee 100644 --- a/gcc/ChangeLog +++ b/gcc/ChangeLog @@ -1,5 +1,12 @@ 2018-02-16 Jakub Jelinek + PR target/84272 + * config/aarch64/cortex-a57-fma-steering.c (fma_forest::merge_forest): + Use ++iter rather than iter++ for std::list iterators. + (func_fma_steering::dfs): Likewise. Don't delete nodes right away, + defer deleting them until all nodes in the forest are processed. Do + free even leaf nodes. Change to_process into auto_vec. + PR bootstrap/84405 * system.h (BROKEN_VALUE_INITIALIZATION): Define for GCC < 4.3. * vec.h (vec_default_construct): Use memset instead of placement new diff --git a/gcc/config/aarch64/cortex-a57-fma-steering.c b/gcc/config/aarch64/cortex-a57-fma-steering.c index 92e3d045996..50e5108aa59 100644 --- a/gcc/config/aarch64/cortex-a57-fma-steering.c +++ b/gcc/config/aarch64/cortex-a57-fma-steering.c @@ -406,7 +406,7 @@ fma_forest::merge_forest (fma_forest *other_forest) /* Update root nodes' pointer to forest. */ for (other_root_iter = other_roots->begin (); - other_root_iter != other_roots->end (); other_root_iter++) + other_root_iter != other_roots->end (); ++other_root_iter) (*other_root_iter)->set_forest (this); /* Remove other_forest from the list of forests and move its tree roots in @@ -847,14 +847,13 @@ func_fma_steering::dfs (void (*process_forest) (fma_forest *), void (*process_node) (fma_forest *, fma_node *), bool free) { - vec to_process; + auto_vec to_process; + auto_vec to_free; std::list::iterator forest_iter; - to_process.create (0); - /* For each forest. */ for (forest_iter = this->m_fma_forests.begin (); - forest_iter != this->m_fma_forests.end (); forest_iter++) + forest_iter != this->m_fma_forests.end (); ++forest_iter) { std::list::iterator root_iter; @@ -863,7 +862,7 @@ func_fma_steering::dfs (void (*process_forest) (fma_forest *), /* For each tree root in this forest. */ for (root_iter = (*forest_iter)->get_roots ()->begin (); - root_iter != (*forest_iter)->get_roots ()->end (); root_iter++) + root_iter != (*forest_iter)->get_roots ()->end (); ++root_iter) { if (process_root) process_root (*forest_iter, *root_iter); @@ -881,28 +880,30 @@ func_fma_steering::dfs (void (*process_forest) (fma_forest *), if (process_node) process_node (*forest_iter, node); - /* Absence of children might indicate an alternate root of a *chain*. - It's ok to skip it here as the chain will be renamed when - processing the canonical root for that chain. */ - if (node->get_children ()->empty ()) - continue; - for (child_iter = node->get_children ()->begin (); - child_iter != node->get_children ()->end (); child_iter++) + child_iter != node->get_children ()->end (); ++child_iter) to_process.safe_push (*child_iter); + + /* Defer freeing so that the process_node callback can access the + parent and children of the node being processed. */ if (free) + to_free.safe_push (node); + } + + if (free) + { + delete *forest_iter; + + while (!to_free.is_empty ()) { + fma_node *node = to_free.pop (); if (node->root_p ()) delete static_cast (node); else delete node; } } - if (free) - delete *forest_iter; } - - to_process.release (); } /* Build the dependency trees of FMUL and FMADD/FMSUB instructions. */ diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog index 64d0308ff01..2ead408c90a 100644 --- a/gcc/testsuite/ChangeLog +++ b/gcc/testsuite/ChangeLog @@ -1,5 +1,8 @@ 2018-02-16 Jakub Jelinek + PR target/84272 + * g++.dg/opt/pr84272.C: New test. + PR rtl-optimization/83723 * gcc.dg/pr83723.c: New test. diff --git a/gcc/testsuite/g++.dg/opt/pr84272.C b/gcc/testsuite/g++.dg/opt/pr84272.C new file mode 100644 index 00000000000..ad4b8a29cd7 --- /dev/null +++ b/gcc/testsuite/g++.dg/opt/pr84272.C @@ -0,0 +1,23 @@ +// PR target/84272 +// { dg-do compile } +// { dg-options "-O2" } +// { dg-additional-options "-march=armv8-a -mtune=cortex-a57" { target aarch64-*-* } } + +struct A +{ + float b, c; + A (); + A (float, float, float); + float operator * (A) + { + float d = b * b + c * c; + return d; + } +}; + +void +foo () +{ + A g[1]; + A h (0, 0, h * g[2]); +}