https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89330
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|marxin at gcc dot gnu.org |jamborm at gcc dot
gnu.org
--- Comment #20 from Martin Liška <marxin at gcc dot gnu.org> ---
Ok, one can reproduce the problem with:
$ ../configure --enable-languages=c,c++,lto,fortran --disable-multilib
--prefix=/home/marxin/bin/gcc2 --enable-checking=release --without-isl
--disable-libsanitizer --disable-bootstrap
Reduced test-case:
$ cat /tmp/tree-ssa-sccvn-ice.ii
class A {
public:
int dest;
};
class B {
public:
B(int);
virtual int m_fn1();
};
int B::m_fn1() { return __null; }
void fn1(B &p1, bool, bool, bool, bool, bool) {
for (;;) {
p1.m_fn1();
p1.m_fn1();
}
}
A a;
void fn2(bool p1) {
B b(a.dest);
fn1(b, false, false, p1, fn2, &a);
}
I also have a debugging patch that shows which released edge is used:
diff --git a/gcc/cgraph.c b/gcc/cgraph.c
index 81250acb70c..c585713b23a 100644
--- a/gcc/cgraph.c
+++ b/gcc/cgraph.c
@@ -1008,8 +1008,10 @@ symbol_table::free_edge (cgraph_edge *e)
if (e->m_summary_id != -1)
edge_released_summary_ids.safe_push (e->m_summary_id);
+ fprintf (stderr, "releasing: %p: %p->%p\n", e, e->caller, e->callee);
if (e->indirect_info)
ggc_free (e->indirect_info);
+ e->caller = NULL;
ggc_free (e);
}
@@ -1111,6 +1113,8 @@ cgraph_edge::speculative_call_info (cgraph_edge *&direct,
if (e2->call_stmt)
{
e = e->caller->get_edge (e2->call_stmt);
+ fprintf (stderr, "cgraph_edge::speculative_call_info: %p\n", e);
+ gcc_assert (e->caller);
gcc_assert (e->speculative && !e->indirect_unknown_callee);
}
else
@@ -1223,6 +1227,8 @@ cgraph_edge::make_direct (cgraph_node *callee)
ggc_free (indirect_info);
indirect_info = NULL;
+ fprintf (stderr, "cgraph_edge::make_direct: %p\n", this);
+
/* Get the edge out of the indirect edge list. */
if (prev_callee)
prev_callee->next_callee = next_callee;
$ ./xgcc -B. /tmp/tree-ssa-sccvn-ice.ii -c -O2
/tmp/tree-ssa-sccvn-ice.ii: In member function ‘virtual int B::m_fn1()’:
/tmp/tree-ssa-sccvn-ice.ii:10:25: warning: converting to non-pointer type ‘int’
from NULL [-Wconversion-null]
10 | int B::m_fn1() { return __null; }
| ^~~~~~
releasing: 0x7fe4853894e0: 0x7fe485380438->(nil)
releasing: 0x7fe485389478: 0x7fe485380438->(nil)
releasing: 0x7fe485389820: 0x7fe4853805a0->0x7fe485380438
releasing: 0x7fe4853897b8: 0x7fe4853805a0->0x7fe485380708
releasing: 0x7fe485389958: 0x7fe485380438->(nil)
releasing: 0x7fe4853898f0: 0x7fe485380438->(nil)
releasing: 0x7fe485389af8: 0x7fe485380438->(nil)
releasing: 0x7fe485389a90: 0x7fe485380438->(nil)
releasing: 0x7fe485389a28: 0x7fe4853805a0->0x7fe485380438
releasing: 0x7fe4853899c0: 0x7fe4853805a0->0x7fe485380708
releasing: 0x7fe485389ea0: 0x7fe4853805a0->0x7fe485380438
releasing: 0x7fe485389e38: 0x7fe4853805a0->0x7fe485380708
cgraph_edge::speculative_call_info: 0x7fe485389888
cgraph_edge::speculative_call_info: 0x7fe485389888
releasing: 0x7fe4853899c0: 0x7fe4854f92d0->(nil)
cgraph_edge::make_direct: 0x7fe4853899c0
during IPA pass: inline
/tmp/tree-ssa-sccvn-ice.ii: At global scope:
/tmp/tree-ssa-sccvn-ice.ii:21:1: internal compiler error: Segmentation fault
21 | }
| ^
0x11f0c8a crash_signal
../../gcc/toplev.c:326
0x7fe48560de4f ???
/usr/src/debug/glibc-2.29-7.3.x86_64/signal/../sysdeps/unix/sysv/linux/x86_64/sigaction.c:0
0xc078da cgraph_edge::make_direct(cgraph_node*)
../../gcc/cgraph.c:1238
0xef8525 ipa_make_edge_direct_to_target(cgraph_edge*, tree_node*, bool)
../../gcc/ipa-prop.c:2978
0xef951c try_make_edge_direct_virtual_call
../../gcc/ipa-prop.c:3398
0xef97cc update_indirect_edges_after_inlining
../../gcc/ipa-prop.c:3463
0xef9b71 propagate_info_to_inlined_callees
../../gcc/ipa-prop.c:3556
0xefa1ed ipa_propagate_indirect_call_infos(cgraph_edge*, vec<cgraph_edge*,
va_heap, vl_ptr>*)
../../gcc/ipa-prop.c:3713
0x1eb1b06 inline_call(cgraph_edge*, bool, vec<cgraph_edge*, va_heap, vl_ptr>*,
int*, bool, bool*)
../../gcc/ipa-inline-transform.c:486
0x1ea3efd inline_small_functions
../../gcc/ipa-inline.c:2088
0x1ea58c3 ipa_inline
../../gcc/ipa-inline.c:2550
0x1ea66b0 execute
../../gcc/ipa-inline.c:2958
@Martin: Can you please take a look at that?
