[Bug ipa/93223] New: Segmentation fault in ipa-cp.c

christoph.hoeger at celeraone dot com gcc-bugzilla@gcc.gnu.org
Fri Jan 10 12:17:00 GMT 2020 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93223

            Bug ID: 93223
           Summary: Segmentation fault in ipa-cp.c
           Product: gcc
           Version: 9.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: ipa
          Assignee: unassigned at gcc dot gnu.org
          Reporter: christoph.hoeger at celeraone dot com
                CC: marxin at gcc dot gnu.org
  Target Milestone: ---

Created attachment 47629
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=47629&action=edit
test

The following crash occurs under a specific combination of anonymous namespace,
disabled optimizations and the usage of function pointers with -O3 :

gcc_bug g++ -O3 -c demo.cpp
during IPA pass: cp
/tmp/test.cpp:59:1: internal compiler error: Segmentation fault
   59 | }
      | ^
0x8cdeef ???
        ../../gcc/toplev.c:327
0x15ab641 ???
        ../../gcc/ipa-cp.c:2570
0x15ad6ad ???
        ../../gcc/ipa-cp.c:2828
0x15aa364 ???
        ../../gcc/ipa-cp.c:3025
0x15a827d ???
        ../../gcc/ipa-cp.c:3196
0x1163fc6 ???
        ../../gcc/passes.c:2508
0x14da21a ???
        ../../gcc/passes.c:2948
0x1472bf7 ???
        ../../gcc/cgraphunit.c:2542
0x10157d4 ???
        ../../gcc/cgraphunit.c:2865
0x14e804f ???
        ../../gcc/toplev.c:482
0xec7947 ???
        ../../gcc/toplev.c:2206
0xec9a5f ???
        ../../gcc/main.c:39
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <http://bugzilla.redhat.com/bugzilla> for instructions.
Preprocessed source stored into /tmp/ccwnkWOK.out file, please attach this to
your bugreport.


See attached file demo.cpp for reproduction.

According to godbolt, the issue persists in trunk:

https://godbolt.org/z/T_NMPf

Please note the suspicuous line here:

https://github.com/gcc-mirror/gcc/blob/gcc-9_2_0-release/gcc/ipa-cp.c#L2569

it looks like the result of ipa_fn_summaries->get (callee); should be checked
for nullptr.

Also, the issue is rather hard to trigger as it seems to depend on heuristic
optimizations.

More information about the Gcc-bugs mailing list