From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 5B114385841E; Wed, 25 Aug 2021 14:58:34 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5B114385841E From: "matt at godbolt dot org" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/102067] New: SEGFAULT in varpool_node::get_constructor during lto1 when optimising or not using debug symbols Date: Wed, 25 Aug 2021 14:58:33 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: 9.3.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: matt at godbolt dot org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Aug 2021 14:58:34 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D102067 Bug ID: 102067 Summary: SEGFAULT in varpool_node::get_constructor during lto1 when optimising or not using debug symbols Product: gcc Version: 9.3.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: matt at godbolt dot org Target Milestone: --- Whillinking against a static library containing LTO objects, the `lto1` sta= ge crashes with a segfault during IPA/ICF: ``` #0 0x0000000000c8b1bb in varpool_node::get_constructor() () #1 0x00000000011cf80b in ipa_icf::sem_variable::equals(ipa_icf::sem_item*, hash_map, ipa_icf::sem_item*> >&) () #2 0x00000000011d1810 in ipa_icf::sem_item_optimizer::subdivide_classes_by_equality(bool) () #3 0x00000000011d9c35 in ipa_icf::sem_item_optimizer::execute() () #4 0x00000000011da9d7 in ipa_icf::pass_ipa_icf::execute(function*) () #5 0x000000000093e15a in execute_one_pass(opt_pass*) () #6 0x000000000093ef32 in execute_ipa_pass_list(opt_pass*) () ``` The pointer returned by the call to `lto_get_function_in_decl_state` in `get_constructor` is NULL, and it's dereferenced to cause the segfault. We found that this only happens if optimization level 2 or greater is on and debug symbols are not being generated. It seems something required is being dropped by the optimizer (but kept if debug is on). We were unable to reduce the situation beyond what is attached. The `repro.= sh` script reproduces the issue. We found the issue in 9.3, and the binaries in= the attachment were created by 9.3, but 9.4 also suffers from this issue. The attachment is too large to put here, so I've uploaded here: https://xania.org/media/gcc-lto-bug.tar.gz This seems somewhat related to bug 87792; though it's hard to be sure it's = the same root cause.=