93223 – [9/10 Regression] ICE in devirtualization_time_bonus at gcc/ipa-cp.c:3161 since r261744

Bug 93223 - [9/10 Regression] ICE in devirtualization_time_bonus at gcc/ipa-cp.c:3161 since r261744

Summary: [9/10 Regression] ICE in devirtualization_time_bonus at gcc/ipa-cp.c:3161 sin...

Status:	RESOLVED FIXED

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	ipa (show other bugs)
Version:	9.2.0

Importance:	P1 normal
Target Milestone:	9.3
Assignee:	Martin Jambor

URL:
Keywords:	ice-on-valid-code

Depends on:
Blocks:

Reported:	2020-01-10 12:17 UTC by Christoph Höger
Modified:	2020-05-12 08:15 UTC (History)
CC List:	2 users (show)

See Also:
Host:
Target:
Build:
Known to work:	8.3.0
Known to fail:	10.0, 9.2.0
Last reconfirmed:	2020-01-10 00:00:00

Attachments
test (1.34 KB, text/x-csrc) 2020-01-10 12:17 UTC, Christoph Höger	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christoph Höger 2020-01-10 12:17:16 UTC

Created attachment 47629 [details]
test

The following crash occurs under a specific combination of anonymous namespace, disabled optimizations and the usage of function pointers with -O3 :

gcc_bug g++ -O3 -c demo.cpp
during IPA pass: cp
/tmp/test.cpp:59:1: internal compiler error: Segmentation fault
   59 | }
      | ^
0x8cdeef ???
	../../gcc/toplev.c:327
0x15ab641 ???
	../../gcc/ipa-cp.c:2570
0x15ad6ad ???
	../../gcc/ipa-cp.c:2828
0x15aa364 ???
	../../gcc/ipa-cp.c:3025
0x15a827d ???
	../../gcc/ipa-cp.c:3196
0x1163fc6 ???
	../../gcc/passes.c:2508
0x14da21a ???
	../../gcc/passes.c:2948
0x1472bf7 ???
	../../gcc/cgraphunit.c:2542
0x10157d4 ???
	../../gcc/cgraphunit.c:2865
0x14e804f ???
	../../gcc/toplev.c:482
0xec7947 ???
	../../gcc/toplev.c:2206
0xec9a5f ???
	../../gcc/main.c:39
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <http://bugzilla.redhat.com/bugzilla> for instructions.
Preprocessed source stored into /tmp/ccwnkWOK.out file, please attach this to your bugreport.


See attached file demo.cpp for reproduction.

According to godbolt, the issue persists in trunk:

https://godbolt.org/z/T_NMPf

Please note the suspicuous line here:

https://github.com/gcc-mirror/gcc/blob/gcc-9_2_0-release/gcc/ipa-cp.c#L2569

it looks like the result of ipa_fn_summaries->get (callee); should be checked for nullptr.

Also, the issue is rather hard to trigger as it seems to depend on heuristic optimizations.

Comment 1 Martin Liška 2020-01-10 12:37:42 UTC

Started with my r261744.
@Martin can you please take a look?

Comment 2 Martin Jambor 2020-01-10 19:28:09 UTC

(In reply to Christoph Höger from comment #0)
> it looks like the result of ipa_fn_summaries->get (callee); should be
> checked for nullptr.

Indeed, we figure out that after cloning we could devirtualize to a
function which is however compiled at -O0 and so has no inlining
summary info attached to it.  Since we would nto inline such a
function, checking for NULL is exactly what needs to be done.  I'll
prepare a patch, thanks for reporting.

Comment 3 GCC Commits 2020-01-13 18:15:37 UTC

The master branch has been updated by Martin Jambor <jamborm@gcc.gnu.org>:

https://gcc.gnu.org/g:8472660b98a31b32b7d030c2cdc4d41d326364d5

commit r10-5928-g8472660b98a31b32b7d030c2cdc4d41d326364d5
Author: Martin Jambor <mjambor@suse.cz>
Date:   Mon Jan 13 19:13:46 2020 +0100

    IPA: Avoid segfault in devirtualization_time_bonus (PR 93223)
    
    2020-01-13  Martin Jambor  <mjambor@suse.cz>
    
    	PR ipa/93223
    	* ipa-cp.c (devirtualization_time_bonus): Check whether isummary is
    	NULL.
    
    	testsuite/
    	* g++.dg/ipa/pr93223.C: New test.

Comment 4 GCC Commits 2020-01-14 20:37:34 UTC

The releases/gcc-9 branch has been updated by Martin Jambor <jamborm@gcc.gnu.org>:

https://gcc.gnu.org/g:b849001991c41b68407e7b0bcabf88e4ef414fff

commit r9-8133-gb849001991c41b68407e7b0bcabf88e4ef414fff
Author: Martin Jambor <mjambor@suse.cz>
Date:   Tue Jan 14 19:05:56 2020 +0100

    IPA: Avoid segfault in devirtualization_time_bonus (PR 93223)
    
    2020-01-14  Martin Jambor  <mjambor@suse.cz>
    
    	PR ipa/93223
    	* ipa-cp.c (devirtualization_time_bonus): Check whether isummary is
    	NULL.
    
    	testsuite/
    	* g++.dg/ipa/pr93223.C: New test.

Comment 5 Martin Jambor 2020-01-14 20:40:09 UTC

Fixed with https://gcc.gnu.org/ml/gcc-patches/2020-01/msg00736.html

Comment 6 GCC Commits 2020-05-12 08:03:22 UTC Comment hidden (obsolete)

The master branch has been updated by Martin Liska <marxin@gcc.gnu.org>:

https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=8a37df5e5cb2de8302f9412173103593ec53961e

commit r10-5852-g8a37df5e5cb2de8302f9412173103593ec53961e
Author: Martin Jambor <mjambor@suse.cz>
Date:   Mon Jan 13 19:13:46 2020 +0100

    IPA: Avoid segfault in devirtualization_time_bonus (PR 93223)
    
    2020-01-13  Martin Jambor  <mjambor@suse.cz>
    
            PR ipa/93223
            * ipa-cp.c (devirtualization_time_bonus): Check whether isummary is
            NULL.
    
            testsuite/
            * g++.dg/ipa/pr93223.C: New test.

Comment 7 Martin Liška 2020-05-12 08:15:30 UTC Comment hidden (obsolete)

(In reply to CVS Commits from comment #6)
> The master branch has been updated by Martin Liska <marxin@gcc.gnu.org>:
> 
> https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;
> h=8a37df5e5cb2de8302f9412173103593ec53961e
> 
> commit r10-5852-g8a37df5e5cb2de8302f9412173103593ec53961e
> Author: Martin Jambor <mjambor@suse.cz>
> Date:   Mon Jan 13 19:13:46 2020 +0100
> 
>     IPA: Avoid segfault in devirtualization_time_bonus (PR 93223)
>     
>     2020-01-13  Martin Jambor  <mjambor@suse.cz>
>     
>             PR ipa/93223
>             * ipa-cp.c (devirtualization_time_bonus): Check whether isummary
> is
>             NULL.
>     
>             testsuite/
>             * g++.dg/ipa/pr93223.C: New test.

Please ignore this message, it comes from a testing script.