Reduced from PR63671 comment 14: markus@x4 ~ % cat tramp3d-v4.ii class A; class B { public: A *operator->(); }; class C { public: virtual void m_fn1 (); }; class A { public: C *m_fn2 (); }; class D { public: void m_fn3 () { list_m->m_fn2 ()->m_fn1 (); } B list_m; }; class F { public: D m_fn4 (); }; class G { public: F m_fn5 (int, int); }; class H { public: void m_fn6 () { fieldEngine_m.m_fn5 (0, 0).m_fn4 ().m_fn3 (); } G fieldEngine_m; }; void fn1 (H a) { a.m_fn6 (); } markus@x4 ~ % g++ -r -nostdlib -O2 -flto -fno-devirtualize tramp3d-v4.ii tramp3d-v4.ii: In member function ‘D::m_fn3()’: tramp3d-v4.ii:53:1: internal compiler error: Segmentation fault } ^ 0xc7542f crash_signal ../../gcc/gcc/toplev.c:359 0xac92b8 tree_check ../../gcc/gcc/tree.h:2763 0xac92b8 ipa_polymorphic_call_context::get_dynamic_type(tree_node*, tree_node*, tree_node*, gimple_statement_base*) ../../gcc/gcc/ipa-polymorphic-call.c:1593 0xae4c04 ipa_analyze_call_uses ../../gcc/gcc/ipa-prop.c:2173 0xae4c04 ipa_analyze_stmt_uses ../../gcc/gcc/ipa-prop.c:2192 0xae4c04 ipa_analyze_params_uses_in_bb ../../gcc/gcc/ipa-prop.c:2232 0xae4c04 analysis_dom_walker::before_dom_children(basic_block_def*) ../../gcc/gcc/ipa-prop.c:2316 0x12202d7 dom_walker::walk(basic_block_def*) ../../gcc/gcc/domwalk.c:188 0xaeb839 ipa_analyze_node(cgraph_node*) ../../gcc/gcc/ipa-prop.c:2373 0x125c77f ipcp_generate_summary ../../gcc/gcc/ipa-cp.c:4254 0xbba939 execute_ipa_summary_passes(ipa_opt_pass_d*) ../../gcc/gcc/passes.c:2137 0x8d39fe ipa_passes ../../gcc/gcc/cgraphunit.c:2074 0x8d39fe symbol_table::compile() ../../gcc/gcc/cgraphunit.c:2187 0x8d5177 symbol_table::finalize_compilation_unit() ../../gcc/gcc/cgraphunit.c:2340 0x6ac91b cp_write_global_declarations() ../../gcc/gcc/cp/decl2.c:4688 Please submit a full bug report, with preprocessed source if appropriate. Please include the complete backtrace with any bug report. See <http://gcc.gnu.org/bugs.html> for instructions
Breakpoint 1, ipa_polymorphic_call_context::get_dynamic_type (this=0x7fffffffdb90, instance=0x7ffff7271678, otr_object=0x7ffff7271678, otr_type=0x7ffff73dd1f8, call=0x7ffff73e4ab0) at ../../gcc/gcc/ipa-polymorphic-call.c:1593 1593 = get_deref_alias_set (TREE_TYPE (BINFO_VTABLE (TYPE_BINFO (otr_type)))); (gdb) l 1588 /* We look for vtbl pointer read. */ 1589 ao.size = POINTER_SIZE; 1590 ao.max_size = ao.size; 1591 if (otr_type) 1592 ao.ref_alias_set 1593 = get_deref_alias_set (TREE_TYPE (BINFO_VTABLE (TYPE_BINFO (otr_type)))); 1594 1595 if (dump_file) 1596 { 1597 fprintf (dump_file, "Determining dynamic type for call: "); (gdb) p otr_type->type_non_common.binfo $1 = (tree) 0x0
The patch I sent to original PR log works on the testcase: Index: ../../gcc/ipa-prop.c =================================================================== --- ../../gcc/ipa-prop.c (revision 217980) +++ ../../gcc/ipa-prop.c (working copy) @@ -2155,7 +2155,7 @@ ipa_analyze_call_uses (struct func_body_ if (cs && !cs->indirect_unknown_callee) return; - if (cs->indirect_info->polymorphic) + if (cs->indirect_info->polymorphic && flag_devirtualize) { tree instance; tree target = gimple_call_fn (call); The thing is that get_dynamic_type should be never called when devirt is disabled.
Fixed.