[Bug c++/102067] New: SEGFAULT in varpool_node::get_constructor during lto1 when optimising or not using debug symbols

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "matt at godbolt dot org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c++/102067] New: SEGFAULT in varpool_node::get_constructor during lto1 when optimising or not using debug symbols
Date: Wed, 25 Aug 2021 14:58:33 +0000	[thread overview]
Message-ID: <bug-102067-4@http.gcc.gnu.org/bugzilla/> (raw)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102067

            Bug ID: 102067
           Summary: SEGFAULT in varpool_node::get_constructor during lto1
                    when optimising or not using debug symbols
           Product: gcc
           Version: 9.3.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: matt at godbolt dot org
  Target Milestone: ---

Whillinking against a static library containing LTO objects, the `lto1` stage
crashes with a segfault during IPA/ICF:

```
#0  0x0000000000c8b1bb in varpool_node::get_constructor() ()
#1  0x00000000011cf80b in ipa_icf::sem_variable::equals(ipa_icf::sem_item*,
hash_map<symtab_node*, ipa_icf::sem_item*,
simple_hashmap_traits<default_hash_traits<symtab_node*>, ipa_icf::sem_item*>
>&) ()
#2  0x00000000011d1810 in
ipa_icf::sem_item_optimizer::subdivide_classes_by_equality(bool) ()
#3  0x00000000011d9c35 in ipa_icf::sem_item_optimizer::execute() ()
#4  0x00000000011da9d7 in ipa_icf::pass_ipa_icf::execute(function*) ()
#5  0x000000000093e15a in execute_one_pass(opt_pass*) ()
#6  0x000000000093ef32 in execute_ipa_pass_list(opt_pass*) ()
```

The pointer returned by the call to `lto_get_function_in_decl_state` in
`get_constructor` is NULL, and it's dereferenced to cause the segfault.

We found that this only happens if optimization level 2 or greater is on and
debug symbols are not being generated. It seems something required is being
dropped by the optimizer (but kept if debug is on).

We were unable to reduce the situation beyond what is attached. The `repro.sh`
script reproduces the issue. We found the issue in 9.3, and the binaries in the
attachment were created by 9.3, but 9.4 also suffers from this issue.

The attachment is too large to put here, so I've uploaded here:
https://xania.org/media/gcc-lto-bug.tar.gz

This seems somewhat related to bug 87792; though it's hard to be sure it's the
same root cause.

next             reply	other threads:[~2021-08-25 14:58 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-25 14:58 matt at godbolt dot org [this message]
2021-08-25 15:11 ` [Bug c++/102067] " marxin at gcc dot gnu.org
2021-08-25 15:24 ` matt at godbolt dot org
2021-08-25 15:39 ` marxin at gcc dot gnu.org
2021-08-25 15:40 ` matt at godbolt dot org
2021-08-25 15:41 ` matt at godbolt dot org
2021-08-25 15:47 ` marxin at gcc dot gnu.org
2021-08-25 15:50 ` marxin at gcc dot gnu.org
2021-08-25 16:02 ` matz at gcc dot gnu.org
2021-08-26  9:01 ` marxin at gcc dot gnu.org
2021-08-26 13:25 ` matt at godbolt dot org
2021-08-26 13:30 ` matt at godbolt dot org
2021-08-26 13:30 ` matt at godbolt dot org
2021-08-26 13:31 ` matt at godbolt dot org
2021-08-26 14:16 ` marxin at gcc dot gnu.org
2021-08-26 15:23 ` matt at godbolt dot org
2021-08-26 17:53 ` marxin at gcc dot gnu.org
2021-08-26 18:47 ` matt at godbolt dot org
2021-08-26 18:59 ` [Bug ipa/102067] " pinskia at gcc dot gnu.org
2021-08-27  7:27 ` marxin at gcc dot gnu.org
2021-08-27  7:28 ` marxin at gcc dot gnu.org
2021-08-27 12:22 ` matt at godbolt dot org
2022-11-10 20:28 ` samuelpmish at gmail dot com
2022-11-11 12:48 ` marxin at gcc dot gnu.org
2022-11-11 15:42 ` samuelpmish at gmail dot com
2022-11-14  9:53 ` marxin at gcc dot gnu.org

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-102067-4@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).