96059 – ICE: in remove_unreachable_nodes, at ipa.c:575 with -fdevirtualize-at-ltrans

Bug 96059 - ICE: in remove_unreachable_nodes, at ipa.c:575 with -fdevirtualize-at-ltrans

Summary: ICE: in remove_unreachable_nodes, at ipa.c:575 with -fdevirtualize-at-ltrans

Status:	ASSIGNED

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	ipa (show other bugs)
Version:	10.1.0

Importance:	P3 normal
Target Milestone:	---
Assignee:	Jan Hubicka

URL:
Keywords:	ice-on-valid-code, lto

Depends on:
Blocks:

Reported:	2020-07-04 10:44 UTC by Krzysztof Nowicki
Modified:	2024-05-15 12:09 UTC (History)
CC List:	4 users (show)

See Also:	https://bugs.gentoo.org/show_bug.cgi?id=900146
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:	2020-07-07 00:00:00

Attachments
Reduced test-case (1.13 KB, application/x-tar) 2020-07-07 12:10 UTC, Martin Liška	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Krzysztof Nowicki 2020-07-04 10:44:53 UTC

When building the ktexteditor-5.71 from the KDE Frameworks with LTO enabled I'm seeing an ICE when linking libKF5TextEditor.so:

during IPA pass: inline
lto1: internal compiler error: in remove_unreachable_nodes, at ipa.c:575
0xa7e802 symbol_table::remove_unreachable_nodes(_IO_FILE*)
        /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/ipa.c:575
0x19cb14f ipa_inline
        /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/ipa-inline.c:2696
0x19cb702 execute
        /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/ipa-inline.c:3091
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://bugs.gentoo.org/> for instructions.

GDB backtrace:

#0  internal_error (gmsgid=gmsgid@entry=0x233d39a "in %s, at %s:%d") at /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/diagnostic.c:1706
#1  0x0000000001b09d9a in fancy_abort (file=file@entry=0x1c07468 "/var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/ipa.c", line=line@entry=575, function=function@entry=0x1c073fc "remove_unreachable_nodes")
    at /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/diagnostic.c:1778
#2  0x0000000000a7e803 in symbol_table::remove_unreachable_nodes (this=0x7ffff6e8d100, file=0x0) at /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/ipa.c:577
#3  0x00000000019cb150 in ipa_inline () at /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/ipa-inline.c:2696
#4  0x00000000019cb703 in (anonymous namespace)::pass_ipa_inline::execute (this=<optimized out>) at /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/ipa-inline.c:3091
#5  0x0000000000c047a3 in execute_one_pass (pass=pass@entry=0x3edc4a0) at /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/passes.c:2502
#6  0x0000000000c06052 in execute_ipa_pass_list (pass=0x3edc4a0) at /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/passes.c:2929
#7  0x00000000006442ac in do_whole_program_analysis () at /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/context.h:48
#8  0x00000000006445f7 in lto_main () at /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/lto/lto.c:637
#9  0x0000000000d1844d in compile_file () at /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/toplev.c:458
#10 0x0000000000d1b891 in do_compile () at /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/toplev.c:2277
#11 0x0000000000d1c1fd in toplev::main (this=this@entry=0x7fffffffd7f6, argc=<optimized out>, argc@entry=36, argv=<optimized out>, argv@entry=0x7fffffffd8f8) at /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/toplev.c:2416
#12 0x0000000001ae9eeb in main (argc=36, argv=0x7fffffffd8f8) at /var/tmp/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/gcc/main.c:39

CXXFLAGS: -O2 -pipe -march=skylake -flto=3 -fgraphite-identity -floop-nest-optimize -fdevirtualize-at-ltrans -fipa-pta -fno-semantic-interposition

The ICE goes away after removing the -fdevirtualize-at-ltrans flag.

The backtrace above was generated from Gentoo-patched version of GCC, but it's also reproducible with a vanilla version compiled directly from sources.

This is a regression since GCC 10 (reproducible also with latest GCC 11 trunk), as GCC 9 compiles this package with the same CXXFLAGS without issues.

I've bisected the regression to the following commit:

commit 2bc2379be5c98d34ecbb347b2abf059aa6d94499
Author: Jan Hubicka <jh@suse.cz>
Date:   Mon Nov 4 20:39:52 2019 +0100

    ipa-inline-transform.c: Include ipa-utils.h


            * ipa-inline-transform.c: Include ipa-utils.h
            (inline_call): Set thunk_expansion flag.
            * ipa-utils.h (thunk_expansion): Declare.
            * ipa-devirt.c (thunk_expansion): New global var.
            (devirt_node_removal_hook): Do not invalidate cache while
            doing thunk expansion.

    From-SVN: r277789

Maybe the "HACK alert" in the commit diff has something to do with it :)

Comment 1 Martin Liška 2020-07-07 08:09:58 UTC

Confirmed, I can reproduce that I'm reducing that right now..

Comment 2 Martin Liška 2020-07-07 12:10:21 UTC

Created attachment 48841 [details]
Reduced test-case

$ g++ -O2 -flto=auto -fdevirtualize-at-ltrans -fvisibility=hidden -fvisibility-inlines-hidden -fPIC *.ii
...
during IPA pass: inline
lto1: internal compiler error: in remove_unreachable_nodes, at ipa.c:575
0x5cb461 symbol_table::remove_unreachable_nodes(_IO_FILE*)
	../../gcc/ipa.c:575
0x12a7597 ipa_inline
	../../gcc/ipa-inline.c:2696
0x12a7597 execute
	../../gcc/ipa-inline.c:3091
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
lto-wrapper: fatal error: g++ returned 1 exit status
compilation terminated.
/usr/bin/ld: error: lto-wrapper failed
collect2: error: ld returned 1 exit status

Comment 3 Martin Jambor 2023-03-15 18:12:40 UTC

I have summarized some observations in 
https://gcc.gnu.org/pipermail/gcc/2023-March/240887.html

Comment 4 Martin Jambor 2023-03-15 18:26:30 UTC

...and Honza correctly guessed that it is ICF that merges the two functions (virtual and non-virtual) and that is how we ended up in the situation that the devirtualizing machinery returns a non-virtual function cgraph_node.

Comment 5 Martin Jambor 2023-03-15 18:31:58 UTC

Which means that the following (untested) patch might be the correct fix:

diff --git a/gcc/ipa.cc b/gcc/ipa.cc
index 5c15b60a603..c2d94163dc2 100644
--- a/gcc/ipa.cc
+++ b/gcc/ipa.cc
@@ -199,6 +199,11 @@ walk_polymorphic_call_targets (hash_set<void *> *reachable_call_targets,
          n->indirect_call_target = true;
          symtab_node *body = n->function_symbol ();

+         /* We have already decided that an offlie copy which could be a
+            target of a virtual call is not necessary.  */
+         if (n->inlined_to)
+           continue;
+         
          /* Prior inlining, keep alive bodies of possible targets for
             devirtualization.  */
          if (n->definition

Comment 6 Sam James 2024-05-15 10:52:09 UTC

Actually, let me drop the PR59859 blocker, as IIRC we've had reports of this downstream w/o graphite.

Comment 7 Jan Hubicka 2024-05-15 12:09:26 UTC

> Actually, let me drop the PR59859 blocker, as IIRC we've had reports of this
> downstream w/o graphite.
I think you edited wrong PR here.