From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 24806 invoked by alias); 20 Apr 2014 05:34:55 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 24784 invoked by uid 48); 20 Apr 2014 05:34:51 -0000 From: "xinliangli at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/60899] New: undef reference generated with -fdevirtualize-speculatively Date: Sun, 20 Apr 2014 05:34:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 4.10.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: xinliangli at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-04/txt/msg01372.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60899 Bug ID: 60899 Summary: undef reference generated with -fdevirtualize-speculatively Product: gcc Version: 4.10.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: xinliangli at gmail dot com Build the following code with the following command line: g++ -O2 -fdisable-tree-einline a.cc a_m.cc results in: /tmp/cci31j3N.o: In function `D::doit()': a.cc:(.text._ZN1D4doitEv[_ZN1D4doitEv]+0x5): undefined reference to `A::foo()' collect2: error: ld returned 1 exit status It builds fine when devirtualization is disabled: -O2 -fno-devirtualization-speculatively -fdisable-tree-einline The problem is there is no instantiation of any class A instances (final or subclass) in the program, so vtables and A::foo are all eliminated. The reference to A::foo is from D::doit. In a successful build, there are no D instances either, so D::doit won't be emitted. However with speculative devirtualization, D::doit may be speculatively referenced even though there are no D instances. What happens is that during ipa-inline, goo is inlined into D::doit, the virtual call to foo should become an direct call to A::foo, but the new edge is not discovered. Since there is no call edge to A::foo, A::foo gets removed right after ipa-inline (before inline transform). However during inline transform, gimple-fold-call converts the virtual call into a direct call. The test case is extracted from a very large real program. The explicit reference to D::doit in bar is to demonstrate the problem -- in the real program, the reference is from spec-devirt. //a.h struct B { virtual int foo() = 0; int goo() { return foo(); } int i; }; struct A : public B { A() : i(0) {} int foo() { return 1;} int i; }; struct A2 : public B { int foo() { return 2;} }; struct DI { virtual int doit() = 0; }; struct D : public DI { virtual int doit () { return m.goo(); } A m; }; // a.cc #include "a.h" int cond; int bar (DI* ap) { if (cond) return static_cast(ap)->D::doit(); // Mimic speculative devirtualization return ap->doit(); } // a_m.cc #include "a.h" int cond; int bar (DI* ap) { if (cond) return static_cast(ap)->D::doit(); // Mimic speculative devirtualization return ap->doit(); }