> I checked update_jump_functions_after_inlining(), and found one suspicious
> place:
>
> for (i = 0; i < count; i++)
> {
> struct ipa_jump_func *dst = ipa_get_ith_jump_func (args, i);
> if (!top)
> {
> ipa_set_jf_unknown (dst);
> <<<<<<<<<<<<<<<<< we should also invalidate dst->agg.items.
This is a good catch. In meantime a smaller testcase surfaces in
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92528
I am re-building Firefox with the patch I attache to the PR.Honza
