[Bug c/101347] New: [11/12 Regression] ICE in cfg_layout_initialize, at cfgrtl.c:4478

[Bug c/101347] New: [11/12 Regression] ICE in cfg_layout_initialize, at cfgrtl.c:4478

[gscfq@t-online.de]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101347

            Bug ID: 101347
           Summary: [11/12 Regression] ICE in cfg_layout_initialize, at
                    cfgrtl.c:4478
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: gscfq@t-online.de
  Target Milestone: ---

Testcase reduced from pr26983.c :
(seen with cet-sjlj-6a.c, cet-sjlj-6b.c, setjmp-1.c, pr26983.c)


$ cat z1.c
void *jmpbuf[6];
void
foo (void)
{
  __builtin_setjmp (jmpbuf);
}


$ gcc-12-20210704 -c z1.c -O2 -fprofile-generate -fprofile-use
z1.c: In function 'foo':
z1.c:6:1: warning: 'z1.gcda' profile count data file not found
[-Wmissing-profile]
    6 | }
      | ^
during RTL pass: into_cfglayout
z1.c:6:1: internal compiler error: Segmentation fault
0xdcbcdf crash_signal
        ../../gcc/toplev.c:328
0x8c9a5b cfg_layout_initialize(int)
        ../../gcc/cfgrtl.c:4478
0x8c9bba execute
        ../../gcc/cfgrtl.c:3685

[Bug rtl-optimization/101347] [11/12 Regression] ICE in cfg_layout_initialize with __builtin_setjmp and -fprofile-generate -fprofile-use

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101347

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|[11/12 Regression] ICE in   |[11/12 Regression] ICE in
                   |cfg_layout_initialize, at   |cfg_layout_initialize with
                   |cfgrtl.c:4478               |__builtin_setjmp and
                   |                            |-fprofile-generate
                   |                            |-fprofile-use
   Target Milestone|---                         |11.2

[Bug rtl-optimization/101347] [11/12 Regression] ICE in cfg_layout_initialize with __builtin_setjmp and -fprofile-generate -fprofile-use

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101347

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2021-07-07

--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
Confirmed.

Program received signal SIGSEGV, Segmentation fault.
0x0000000000cc2c66 in cfg_layout_initialize (flags=0)
    at /home/rguenther/src/gcc2/gcc/cfgrtl.c:4478
4478          bb->flags |= BB_NON_LOCAL_GOTO_TARGET;
(gdb) l
4473
4474      /* Make sure that the targets of non local gotos are marked.  */
4475      for (x = nonlocal_goto_handler_labels; x; x = x->next ())
4476        {
4477          bb = BLOCK_FOR_INSN (x->insn ());
4478          bb->flags |= BB_NON_LOCAL_GOTO_TARGET;
4479        }

and bb is NULL.  We have

(note/s 38 0 0 "" NOTE_INSN_DELETED_LABEL 3)

as x->insn (), so whatever deleted this label forgot to adjust
nonlocal_goto_handler_labels (or wrongly deleted it).

Breakpoint 5, delete_insn (insn=0x7ffff6557780)
    at /home/rguenther/src/gcc2/gcc/cfgrtl.c:138
138       bool really_delete = true;
(gdb) p debug_rtx (insn)
(code_label/s 38 37 53 5 3 (nil) [3 uses])
(gdb) bt
#0  delete_insn (insn=0x7ffff6557780)
    at /home/rguenther/src/gcc2/gcc/cfgrtl.c:138
#1  0x0000000000cb8d09 in delete_insn_chain (start=0x7ffff6557780, 
    finish=0x7ffff6557e00, clear_bb=true)
    at /home/rguenther/src/gcc2/gcc/cfgrtl.c:273
#2  0x0000000000cb913f in rtl_delete_block (b=<basic_block 0x7ffff654f340 (5)>)
    at /home/rguenther/src/gcc2/gcc/cfgrtl.c:420
#3  0x0000000000ca542a in delete_basic_block (
    bb=<basic_block 0x7ffff654f340 (5)>)
    at /home/rguenther/src/gcc2/gcc/cfghooks.c:603
#4  0x000000000229b84b in delete_unreachable_blocks ()
    at /home/rguenther/src/gcc2/gcc/cfgcleanup.c:3058
#5  0x000000000229ba3c in cleanup_cfg (mode=16)
    at /home/rguenther/src/gcc2/gcc/cfgcleanup.c:3122
#6  0x0000000000c9cc0f in (anonymous namespace)::pass_expand::execute (
    this=0x38446a0, fun=0x7ffff669f000)
    at /home/rguenther/src/gcc2/gcc/cfgexpand.c:6974
#7  0x00000000012275f7 in execute_one_pass (
    pass=<opt_pass* 0x38446a0 "expand"(252)>)
    at /home/rguenther/src/gcc2/gcc/passes.c:2567

I don't know how nonlocal_goto_handler_labels is supposed to work.

[Bug rtl-optimization/101347] [11/12 Regression] ICE in cfg_layout_initialize with __builtin_setjmp and -fprofile-generate -fprofile-use

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101347

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P3                          |P2

[Bug rtl-optimization/101347] [11/12 Regression] ICE in cfg_layout_initialize with __builtin_setjmp and -fprofile-generate -fprofile-use

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101347

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|11.2                        |11.3

--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 11.2 is being released, retargeting bugs to GCC 11.3

[Bug rtl-optimization/101347] [11/12 Regression] ICE in cfg_layout_initialize with __builtin_setjmp and -fprofile-generate -fprofile-use

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101347

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|11.3                        |11.4

--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 11.3 is being released, retargeting bugs to GCC 11.4.

[Bug rtl-optimization/101347] [11/12/13 Regression] ICE in cfg_layout_initialize with __builtin_setjmp and -fprofile-generate -fprofile-use

[amonakov at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101347

Alexander Monakov <amonakov at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |amonakov at gcc dot gnu.org

--- Comment #4 from Alexander Monakov <amonakov at gcc dot gnu.org> ---
The label at __builtin_setjmp_receiver was added to
nonlocal_goto_handler_labels twice (because __builtin_setjmp_setup was
duplicated), but remove_node_from_insn_list removed only the first copy. A
simple check would have caught this early:

@@ -2928,6 +2899,7 @@ remove_node_from_insn_list (const rtx_insn *node,
rtx_insn_list **listp)
          else
            *listp = temp->next ();

+         gcc_checking_assert (!in_insn_list_p (temp->next (), node));
          return;
        }


I think a reasonable solution is to move registration of receiver label from
expansion of __builtin_setjmp_setup to expansion of __builtin_setjmp_receiver:

@@ -7467,15 +7467,7 @@ expand_builtin (tree exp, rtx target, rtx subtarget,
machine_mode mode,
          tree label = TREE_OPERAND (CALL_EXPR_ARG (exp, 1), 0);
          rtx_insn *label_r = label_rtx (label);

-         /* This is copied from the handling of non-local gotos.  */
          expand_builtin_setjmp_setup (buf_addr, label_r);
-         nonlocal_goto_handler_labels
-           = gen_rtx_INSN_LIST (VOIDmode, label_r,
-                                nonlocal_goto_handler_labels);
-         /* ??? Do not let expand_label treat us as such since we would
-            not want to be both on the list of non-local labels and on
-            the list of forced labels.  */
-         FORCED_LABEL (label) = 0;
          return const0_rtx;
        }
       break;
@@ -7488,6 +7480,13 @@ expand_builtin (tree exp, rtx target, rtx subtarget,
machine_mode mode,
          rtx_insn *label_r = label_rtx (label);

          expand_builtin_setjmp_receiver (label_r);
+         nonlocal_goto_handler_labels
+           = gen_rtx_INSN_LIST (VOIDmode, label_r,
+                                nonlocal_goto_handler_labels);
+         /* ??? Do not let expand_label treat us as such since we would
+            not want to be both on the list of non-local labels and on
+            the list of forced labels.  */
+         FORCED_LABEL (label) = 0;
          return const0_rtx;
        }
       break;

[Bug rtl-optimization/101347] [11/12/13 Regression] ICE in cfg_layout_initialize with __builtin_setjmp and -fprofile-generate -fprofile-use

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101347

--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Alexander Monakov <amonakov@gcc.gnu.org>:

https://gcc.gnu.org/g:daa36cfc2fc2538810db071b81d250f4d621f7ea

commit r13-1766-gdaa36cfc2fc2538810db071b81d250f4d621f7ea
Author: Alexander Monakov <amonakov@ispras.ru>
Date:   Tue Jul 19 18:04:30 2022 +0300

    Avoid registering __builtin_setjmp_receiver label twice [PR101347]

    The testcase in the PR demonstrates how it is possible for one
    __builtin_setjmp_receiver label to appear in
    nonlocal_goto_handler_labels list twice (after the block with
    __builtin_setjmp_setup referring to it was duplicated).

    remove_node_from_insn_list did not account for this possibility and
    removed only the first copy from the list. Add an assert verifying that
    duplicates are not present.

    To avoid adding a label to the list twice, move registration of the
    label from __builtin_setjmp_setup handling to __builtin_setjmp_receiver.

    gcc/ChangeLog:

            PR rtl-optimization/101347
            * builtins.cc (expand_builtin) [BUILT_IN_SETJMP_SETUP]: Move
            population of nonlocal_goto_handler_labels from here ...
            (expand_builtin) [BUILT_IN_SETJMP_RECEIVER]: ... to here.
            * rtlanal.cc (remove_node_from_insn_list): Verify that a
            duplicate is not present in the remainder of the list.

[Bug rtl-optimization/101347] [11/12 Regression] ICE in cfg_layout_initialize with __builtin_setjmp and -fprofile-generate -fprofile-use

[amonakov at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101347

Alexander Monakov <amonakov at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|[11/12/13 Regression] ICE   |[11/12 Regression] ICE in
                   |in cfg_layout_initialize    |cfg_layout_initialize with
                   |with __builtin_setjmp and   |__builtin_setjmp and
                   |-fprofile-generate          |-fprofile-generate
                   |-fprofile-use               |-fprofile-use

--- Comment #6 from Alexander Monakov <amonakov at gcc dot gnu.org> ---
Should be fixed on the trunk, suggestions regarding backports welcome.

[Bug rtl-optimization/101347] [11/12 Regression] ICE in cfg_layout_initialize with __builtin_setjmp and -fprofile-generate -fprofile-use

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101347

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Known to work|                            |13.0
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED
      Known to fail|                            |11.3.1, 12.1.1
   Target Milestone|11.4                        |13.0

--- Comment #7 from Richard Biener <rguenth at gcc dot gnu.org> ---
The issue is most definitely latent forever, let's close this bug and be done
with it (it's unlikely to hit in practice).