Double free of rt_node

[amin1377]

In function "connection_router.cpp:timing_driven_route_connection_common_setup", "free_route_tree" is called if no path is found. "cpp:timing_driven_route_connection_common_setup" is called inside "connection_router.cpp:timing_driven_route_connection_from_route_tree_high_fanout" if no path is found based on the default settings. If "timing_driven_route_connection_common_setup" cannot find a path either, "free_route_tree" is called again. This would add the same nodes to "rt_node_free_list". Later, when "route_tree_timing.h:free_route_tree_timing_structs", the nodes inside the free list will be deleted one by one. As a result, "delete" operator is called twice on repetitive nodes.

Possible Solution

• The first solution is to simply comment the line in which "free_route_tree" is called for the second time.
• The possibly, more robust solution is to do some checking before adding a node to the free list. The drawback of this solution is that it may hurt performance.

@vaughnbetz

[vaughnbetz]

I think I'd need a walk through of the code. If we've freed a route tree we should set it to NULL to a second free call wouldn't do anything. (Without looking at the code that seems like it would be a robust solution).