[Bug ipa/94856] [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) since r10-4944-g1e83bd7003e03160

Thu, 30 Apr 2020 03:31:21 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94856

--- Comment #7 from Martin Jambor <jamborm at gcc dot gnu.org> ---
The "edge points to wrong decl" case is a verifier error.  We have a
method which (in the course of IPA-CP) loses its this pointer because
it is unused and the pass then does not clone all the this adjusting
thunks and just makes the calls go straight to the new clone - and
then the verifier complains that the edge does not seem to point to a
clone of what it used to.  This looked weird because the verifier
actually has logic detecting this case but it turns out that it is
confused by inliner body-saving mechanism which invents a new decl for
the base function.

Inlining body-saving mechanism should correctly set former_clone_of
and then we can detect this case too.  Then we pass this particular
round of verification but the subsequent one fails because we have
inlined the function into its former thunk - which subsequently does
not have any callees, but the verifier still access them and segfaults
just like in the original -fopenacc case.  That is why the following
(yet untested) patch most likely fixes that case too:

diff --git a/gcc/cgraph.c b/gcc/cgraph.c
index 72d7cb54301..2a9813df2d9 100644
--- a/gcc/cgraph.c
+++ b/gcc/cgraph.c
@@ -3104,15 +3104,17 @@ clone_of_p (cgraph_node *node, cgraph_node *node2)
        return false;
       /* In case of instrumented expanded thunks, which can have multiple
calls
         in them, we do not know how to continue and just have to be
-        optimistic.  */
-      if (node->callees->next_callee)
+        optimistic.  The same applies if all calls have already been inlined
+        into the thunk.  */
+      if (!node->callees || node->callees->next_callee)
        return true;
       node = node->callees->callee->ultimate_alias_target ();

       if (!node2->clone.param_adjustments
          || node2->clone.param_adjustments->first_param_intact_p ())
        return false;
-      if (node2->former_clone_of == node->decl)
+      if (node2->former_clone_of == node->decl
+         || node2->former_clone_of == node->former_clone_of)
        return true;

       cgraph_node *n2 = node2;
diff --git a/gcc/ipa-inline-transform.c b/gcc/ipa-inline-transform.c
index be60bbccb5c..e9e21cc0296 100644
--- a/gcc/ipa-inline-transform.c
+++ b/gcc/ipa-inline-transform.c
@@ -607,6 +607,8 @@ save_inline_function_body (struct cgraph_node *node)
        }
     }
   *ipa_saved_clone_sources->get_create (first_clone) = prev_body_holder;
+  first_clone->former_clone_of
+    = node->former_clone_of ? node->former_clone_of : node->decl;
   first_clone->clone_of = NULL;

   /* Now node in question has no clones.  */

Reply via email to