[Bug lto/99447] [11 Regression] ICE (segfault) in lookup_page_table_entry

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99447

--- Comment #8 from Richard Biener <rguenth at gcc dot gnu.org> ---
(In reply to Richard Biener from comment #6)
> More specifically, likely caused by
> g:ae99b315ba5b9e1ccc221b3c45de323cbc574400 which did
> 
> diff --git a/gcc/cfg.c b/gcc/cfg.c
> index 529b6ed2105..e8bd1456c9f 100644
> --- a/gcc/cfg.c
> +++ b/gcc/cfg.c
> @@ -102,8 +102,7 @@ free_block (basic_block bb)
>     bb->succs = NULL;
>     vec_free (bb->preds);
>     bb->preds = NULL;
> -   /* Do not free BB itself yet since we leak pointers to dead statements
> -      that points to dead basic blocks.  */
> +   ggc_free (bb);
>  }
>  
>  /* Free the memory associated with the CFG in FN.  */
> 
> and the backtrace of the crash points at some RTX tree (if gtype-desc from
> trunk still matches, it's likely SYMBOL_REF_DECL) refers to a GIMPLE stmt
> via the callgraph edge ->call_stmt which refers to the CFG BB it is
> contained in.
> 
> unfortunately it's not visible what pass/phase this segfault occurs in
> (might be WPA function materialization or ltrans compilation).
> 
> That said, the ggc_free above looks like a bad idea until we can sort out
> these issue.  So - should we simply revert the change again?

Note we can't leave cgraph & edge reclaim to GC when we free a function
and at the same time forcefully ggc_free things pointed to (but ultimatively
dead).  That's in principle true for the gimple stmts themselves as well.

It looks like release_function_body simply leaves stmts dangling, it doesn't
remove them from blocks (clearing ->bb).  We've not seen ICEs from that
for unknown reasons.

I'm not sure it's worth all the trouble?