[Bug target/65233] [5 Regression] ICE (segfault) on arm-linux-gnueabihf and aarch64-linux-gnu

Sun Mar 1 16:56:00 GMT 2015

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65233

Aldy Hernandez <aldyh at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |law at gcc dot gnu.org

--- Comment #12 from Aldy Hernandez <aldyh at gcc dot gnu.org> ---
Though I think the problem is in ipa-polymorphic-call.c, the problem started
with r220743:

commit 849b1089b935f6875fe20b13f472ca955edc8223
Author: law <law@138bc75d-0d04-0410-961f-82ee72b054a4>
Date:   Mon Feb 16 20:56:55 2015 +0000

        PR tree-optimization/64823
        * tree-vrp.c (identify_jump_threads): Handle blocks with no real
        statements.
        * tree-ssa-threadedge.c (potentially_threadable_block): Allow
        threading through blocks with PHIs, but no statements.
        (thread_through_normal_block): Distinguish between blocks where
        we did not process all the statements and blocks with no statements.

        PR tree-optimization/64823
        * gcc.dg/uninit-20.c: New test.

What's happening here is that the ipa_polymorphic_call_context constructor is
calling walk_ssa_copies on a PHI node that has no arguments .  This happens
because finalize_jump_threads eventually removes some PHI arguments as it's
redirecting some edges, leaving a PHI with no arguments:

SR.33_23 = PHI <>

Presumably this will get cleaned up later, but the IPA polymorphic code gets
called *while* cleaning up the CFG, and the polymorphic code (walk_ssa_copies)
cannot handle an empty PHI, which IMO it should, since it is being called from
the cleanup code after all.

Just a shot in the dark, but perhaps we want this untested patch (which fixes
the ICE)?

diff --git a/gcc/ipa-polymorphic-call.c b/gcc/ipa-polymorphic-call.c
index aaa549e..13cc7f6 100644
--- a/gcc/ipa-polymorphic-call.c
+++ b/gcc/ipa-polymorphic-call.c
@@ -835,7 +835,10 @@ walk_ssa_copies (tree op, hash_set<tree> **global_visited
= NULL)
        {
          gimple phi = SSA_NAME_DEF_STMT (op);

-         if (gimple_phi_num_args (phi) > 2)
+         if (gimple_phi_num_args (phi) > 2
+             /* We can be called while cleaning up the CFG and can
+                have empty PHIs about to be removed.  */
+             || gimple_phi_num_args (phi) == 0)
            goto done;
          if (gimple_phi_num_args (phi) == 1)
            op = gimple_phi_arg_def (phi, 0);

