[Bug c++/103328] [11/12 Regression] ICE in remap_gimple_stmt, at tree-inline.c:1921 since r11-7419-g0f161cc8494cf728

Thu, 10 Mar 2022 18:15:07 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103328

Benno Evers <gcc at bmevers dot de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |gcc at bmevers dot de

--- Comment #19 from Benno Evers <gcc at bmevers dot de> ---
I've independently encountered this issue, and investigated a bit using the
reproducer by Avi Kivity.

>From what I've found, the issue is when inlining the function body into the
actor function in `coro_rewrite_function_body()`:

    /* Append the original function body.  */
    add_stmt (fnbody);

it will contain a reference to the top-level BLOCK of the user-provided
function.

However, when the actor function gets built it is not actually the "current"
function being finished, so `current_function_decl` points to the lambda (that
is currently being morphed into the ramp) instead.

Later on when we finish the lambda in `poplevel()` in decl.cc, we (may) assign
the DECL_INITIAL for that function from the `current_binding_level` which still
points to the last top-level block of the original function that is also used
by `fnbody`.

    subblocks = functionbody >= 0 ? current_binding_level->blocks : 0;
    // [...]
    DECL_INITIAL (current_function_decl) = block ? block : subblocks;


So we end up with the same `tree` being used in two different functions, and
then during gimple lowering bad things happen (in particular, the `subblocks`
set by the actor function are overwritten while lowering the ramp function)

The following change fixed the segfault on both reproducers on a local build.
I'm not too familiar with the GCC codebase so there's probably a better way to
handle the issue, but if the approach looks reasonable I'm happy to submit a
full patch.


--- a/gcc/cp/coroutines.cc
+++ b/gcc/cp/coroutines.cc
@@ -4541,6 +4541,8 @@ morph_fn_to_coro (tree orig, tree *resumer, tree
*destroyer)
   BLOCK_VARS (top_block) = BIND_EXPR_VARS (ramp_bind);
   BLOCK_SUBBLOCKS (top_block) = NULL_TREE;

+  current_binding_level->blocks = top_block;
+
   /* The decl_expr for the coro frame pointer, initialize to zero so that we
      can pass it to the IFN_CO_FRAME (since there's no way to pass a type,
      directly apparently).  This avoids a "used uninitialized" warning.  */

Reply via email to