[Bug lto/88140] [9 Regression] ICE: verify_gimple failed since r266325

Wed Nov 28 08:28:00 GMT 2018

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88140

--- Comment #6 from Richard Biener <rguenth at gcc dot gnu.org> ---
(In reply to Jan Hubicka from comment #5)
> > diff --git a/gcc/tree.c b/gcc/tree.c
> > index 39a92464414..a39e611292a 100644
> > --- a/gcc/tree.c
> > +++ b/gcc/tree.c
> > @@ -5201,6 +5201,15 @@ fld_process_array_type (tree t, tree t2, hash_map<tree,
> > tree> *map,
> >        array = build_array_type_1 (t2, TYPE_DOMAIN (t),
> >                                   TYPE_TYPELESS_STORAGE (t), false);
> >        TYPE_CANONICAL (array) = TYPE_CANONICAL (t);
> > +      /* Re-building the array via build_array_type_1 causes the C FE
> > +         special-handling of zero-length arrays to be dropped.  So
> > +        we copy back TYPE_SIZE[_UNIT] from the original type here
> > +        if layout_type decided the type is incomplete.  */
> > +      if (!TYPE_SIZE (array))
> > +       {
> > +         TYPE_SIZE (array) = TYPE_SIZE (t);
> > +         TYPE_SIZE_UNIT (array) = TYPE_SIZE_UNIT (t);
> 
> Makes sense to me, here.
> To get types merged, we want to build same array when structure was
> originally complete or incomplete. That means we should not copy real
> size of the element because it is unknown in the incomplete case.

Testing shows that this doesn't work fully.  Consider

 struct X { struct Y { ... }[1] *a; }

(seems to happen for __va_list_tag[] * as seen by verify_type ICEs)

The incomplete-type building builds an array type of incomplete member
types - that's of course not possible.  In C we'd decay to an array.
The verifier now ICEs because I force the array type to be complete
but then gimple_canonical_types_compatible_p returns false.  Previously
the check was guarded by COMPLETE_TYPE_P (t).

IMHO the cleanest fix for _that_ would be to not simplify the type.

I guess decaying A[] * to A ** might be possible as well but I'm not sure
what that ends up.. (will try that).

A workaround restoring previous behavior would be to guard my TYPE_SIZE
setting with COMPLETE_TYPE_P (t2) ...