https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99447
--- Comment #17 from Richard Biener <rguenth at gcc dot gnu.org> ---
(In reply to Jan Hubicka from comment #15)
> I also tried to reproduce this locally w/o luck.
>
> Looking at the backtrace in detail, there is no DEF_STMT involved. It walks
> from dwarf dies, to RTL constant pool address that points to tree which has
> abstract origin that points to symtab node which points to callgraph edge
> which points to dead basic block.
>
> The pointer from cgraph node to edge that should be removed.
> I can add code to clear pointers SSA_NAME->def_stmt bit there is no def stmt
> in the backtrace, so it would not help here.
We're already doing this it seems:
void
fini_ssanames (struct function *fn)
{
unsigned i;
tree name;
/* Some SSA names leak into global tree data structures so we can't simply
ggc_free them. But make sure to clear references to stmts since we now
ggc_free the CFG itself. */
FOR_EACH_VEC_SAFE_ELT (SSANAMES (fn), i, name)
if (name)
SSA_NAME_DEF_STMT (name) = NULL;
> W/o reproducer it seem hard to tell what is/was real cause of this issue...
So the backtrace points at
gt_ggc_m_11symtab_node
((*x).generic.function_decl.common.common.symtab_node);
from LTO 'tree' walk. To me it's still obvious - we walk a cgraph edge
call_stmt and from there to gimple_bb which was freed.
Looking around the only place (we don't know whether this was WPA or LTRANS)
we'd have a cgraph with edges is during clone materialization which pointed
me at cgraph_node::release_body which frees the body but fails to eventually
zap ->call_stmt references.
Matthias reported this for "trunk 20210306" which I assume is a snapshot
tarball configured the Debian way.
> Honza
