From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 831A83858C20; Fri, 11 Mar 2022 02:14:59 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 831A83858C20 From: "gcc at bmevers dot de" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/103328] [11/12 Regression] ICE in remap_gimple_stmt, at tree-inline.c:1921 since r11-7419-g0f161cc8494cf728 Date: Fri, 11 Mar 2022 02:14:59 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: 11.2.1 X-Bugzilla-Keywords: ice-on-valid-code X-Bugzilla-Severity: normal X-Bugzilla-Who: gcc at bmevers dot de X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 11.3 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2022 02:14:59 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D103328 Benno Evers changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gcc at bmevers dot de --- Comment #19 from Benno Evers --- I've independently encountered this issue, and investigated a bit using the reproducer by Avi Kivity. >>From what I've found, the issue is when inlining the function body into the actor function in `coro_rewrite_function_body()`: /* Append the original function body. */ add_stmt (fnbody); it will contain a reference to the top-level BLOCK of the user-provided function. However, when the actor function gets built it is not actually the "current" function being finished, so `current_function_decl` points to the lambda (t= hat is currently being morphed into the ramp) instead. Later on when we finish the lambda in `poplevel()` in decl.cc, we (may) ass= ign the DECL_INITIAL for that function from the `current_binding_level` which s= till points to the last top-level block of the original function that is also us= ed by `fnbody`. subblocks =3D functionbody >=3D 0 ? current_binding_level->blocks : 0; // [...] DECL_INITIAL (current_function_decl) =3D block ? block : subblocks; So we end up with the same `tree` being used in two different functions, and then during gimple lowering bad things happen (in particular, the `subblock= s` set by the actor function are overwritten while lowering the ramp function) The following change fixed the segfault on both reproducers on a local buil= d. I'm not too familiar with the GCC codebase so there's probably a better way= to handle the issue, but if the approach looks reasonable I'm happy to submit a full patch. --- a/gcc/cp/coroutines.cc +++ b/gcc/cp/coroutines.cc @@ -4541,6 +4541,8 @@ morph_fn_to_coro (tree orig, tree *resumer, tree *destroyer) BLOCK_VARS (top_block) =3D BIND_EXPR_VARS (ramp_bind); BLOCK_SUBBLOCKS (top_block) =3D NULL_TREE; + current_binding_level->blocks =3D top_block; + /* The decl_expr for the coro frame pointer, initialize to zero so that = we can pass it to the IFN_CO_FRAME (since there's no way to pass a type, directly apparently). This avoids a "used uninitialized" warning. *= /=