* [Bug ipa/94856] [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) since r10-4944-g1e83bd7003e03160
2020-04-29 17:43 [Bug ipa/94856] New: [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) asolokha at gmx dot com
@ 2020-04-29 19:10 ` marxin at gcc dot gnu.org
2020-04-29 19:12 ` marxin at gcc dot gnu.org
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-04-29 19:10 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94856
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Known to work| |9.3.0
Summary|[10 Regression] ICE: |[10 Regression] ICE:
|Segmentation fault (in |Segmentation fault (in
|clone_of_p); or ICE: |clone_of_p); or ICE:
|verify_cgraph_node failed |verify_cgraph_node failed
|(error: edge points to |(error: edge points to
|wrong declaration) |wrong declaration) since
| |r10-4944-g1e83bd7003e03160
Last reconfirmed| |2020-4-29
CC| |hubicka at gcc dot gnu.org
Known to fail| |10.0
Target Milestone|--- |10.0
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
Started with r10-4944-g1e83bd7003e03160.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/94856] [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) since r10-4944-g1e83bd7003e03160
2020-04-29 17:43 [Bug ipa/94856] New: [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) asolokha at gmx dot com
2020-04-29 19:10 ` [Bug ipa/94856] [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) since r10-4944-g1e83bd7003e03160 marxin at gcc dot gnu.org
@ 2020-04-29 19:12 ` marxin at gcc dot gnu.org
2020-04-30 6:45 ` rguenth at gcc dot gnu.org
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-04-29 19:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94856
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
CC| |jamborm at gcc dot gnu.org
Status|UNCONFIRMED |NEW
--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
I can take a look tomorrow.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/94856] [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) since r10-4944-g1e83bd7003e03160
2020-04-29 17:43 [Bug ipa/94856] New: [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) asolokha at gmx dot com
2020-04-29 19:10 ` [Bug ipa/94856] [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) since r10-4944-g1e83bd7003e03160 marxin at gcc dot gnu.org
2020-04-29 19:12 ` marxin at gcc dot gnu.org
@ 2020-04-30 6:45 ` rguenth at gcc dot gnu.org
2020-04-30 8:01 ` marxin at gcc dot gnu.org
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: rguenth at gcc dot gnu.org @ 2020-04-30 6:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94856
--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
The issue was likely latent before the cited rev. - for this reason and because
the testcase needs -fgnu-tm which is not maintained _not_ P1.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/94856] [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) since r10-4944-g1e83bd7003e03160
2020-04-29 17:43 [Bug ipa/94856] New: [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) asolokha at gmx dot com
` (2 preceding siblings ...)
2020-04-30 6:45 ` rguenth at gcc dot gnu.org
@ 2020-04-30 8:01 ` marxin at gcc dot gnu.org
2020-04-30 8:49 ` marxin at gcc dot gnu.org
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-04-30 8:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94856
--- Comment #4 from Martin Liška <marxin at gcc dot gnu.org> ---
Reduced test-case:
class a {
public:
virtual ~a() {}
};
class b {
public:
virtual void c();
};
class C : a, public b {};
class d : C {
~d();
void c();
};
d::~d() { ((b *)this)->c(); }
void d::c() {}
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/94856] [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) since r10-4944-g1e83bd7003e03160
2020-04-29 17:43 [Bug ipa/94856] New: [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) asolokha at gmx dot com
` (3 preceding siblings ...)
2020-04-30 8:01 ` marxin at gcc dot gnu.org
@ 2020-04-30 8:49 ` marxin at gcc dot gnu.org
2020-04-30 8:51 ` marxin at gcc dot gnu.org
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-04-30 8:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94856
--- Comment #5 from Martin Liška <marxin at gcc dot gnu.org> ---
So the GNU TM is involved only very slightly as it prevents one inlining
candidate:
Without -fgnu-tm:
Enqueueing calls in d::~d()/9.
Estimating body: c.constprop/34
Known to be false: not inlined
size:0 time:0.000000 nonspec time:2.000000
Estimating body: c.constprop/34
Known to be false: not inlined
size:0 time:0.000000 nonspec time:2.000000
enqueuing call d::~d()/9 -> c.constprop/34, badness -inf
With -fgnu-tm:
pr47218.ii:14:25: missed: not inlinable: d::~d()/9 -> c.constprop/34,
reason is this:
ipa-inline.c:364:
/* TM pure functions should not be inlined into non-TM_pure
functions. */
else if (is_tm_pure (callee->decl) && !is_tm_pure (caller->decl))
{
e->inline_failed = CIF_UNSPECIFIED;
inlinable = false;
}
The following patch can cause the ICE without -fgnu-tm:
diff --git a/gcc/ipa-inline.c b/gcc/ipa-inline.c
index f71443feff7..cb968059a28 100644
--- a/gcc/ipa-inline.c
+++ b/gcc/ipa-inline.c
@@ -361,7 +361,8 @@ can_inline_edge_p (struct cgraph_edge *e, bool report,
}
/* TM pure functions should not be inlined into non-TM_pure
functions. */
- else if (is_tm_pure (callee->decl) && !is_tm_pure (caller->decl))
+ else if (strcmp (callee->name(), "c.constprop") == 0
+ && strcmp (caller->name(), "d::~d()") == 0)
{
e->inline_failed = CIF_UNSPECIFIED;
inlinable = false;
@Martin, Honza: Can you please take a look?
I tend to mark it as P1.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/94856] [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) since r10-4944-g1e83bd7003e03160
2020-04-29 17:43 [Bug ipa/94856] New: [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) asolokha at gmx dot com
` (4 preceding siblings ...)
2020-04-30 8:49 ` marxin at gcc dot gnu.org
@ 2020-04-30 8:51 ` marxin at gcc dot gnu.org
2020-04-30 10:30 ` jamborm at gcc dot gnu.org
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-04-30 8:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94856
--- Comment #6 from Martin Liška <marxin at gcc dot gnu.org> ---
With the patch, minimal options are:
g++ pr47218.ii -fno-tree-dse --param uninlined-function-insns=0 --param
early-inlining-insns=3 -O2 -c
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/94856] [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) since r10-4944-g1e83bd7003e03160
2020-04-29 17:43 [Bug ipa/94856] New: [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) asolokha at gmx dot com
` (5 preceding siblings ...)
2020-04-30 8:51 ` marxin at gcc dot gnu.org
@ 2020-04-30 10:30 ` jamborm at gcc dot gnu.org
2020-04-30 14:37 ` jamborm at gcc dot gnu.org
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: jamborm at gcc dot gnu.org @ 2020-04-30 10:30 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94856
--- Comment #7 from Martin Jambor <jamborm at gcc dot gnu.org> ---
The "edge points to wrong decl" case is a verifier error. We have a
method which (in the course of IPA-CP) loses its this pointer because
it is unused and the pass then does not clone all the this adjusting
thunks and just makes the calls go straight to the new clone - and
then the verifier complains that the edge does not seem to point to a
clone of what it used to. This looked weird because the verifier
actually has logic detecting this case but it turns out that it is
confused by inliner body-saving mechanism which invents a new decl for
the base function.
Inlining body-saving mechanism should correctly set former_clone_of
and then we can detect this case too. Then we pass this particular
round of verification but the subsequent one fails because we have
inlined the function into its former thunk - which subsequently does
not have any callees, but the verifier still access them and segfaults
just like in the original -fopenacc case. That is why the following
(yet untested) patch most likely fixes that case too:
diff --git a/gcc/cgraph.c b/gcc/cgraph.c
index 72d7cb54301..2a9813df2d9 100644
--- a/gcc/cgraph.c
+++ b/gcc/cgraph.c
@@ -3104,15 +3104,17 @@ clone_of_p (cgraph_node *node, cgraph_node *node2)
return false;
/* In case of instrumented expanded thunks, which can have multiple
calls
in them, we do not know how to continue and just have to be
- optimistic. */
- if (node->callees->next_callee)
+ optimistic. The same applies if all calls have already been inlined
+ into the thunk. */
+ if (!node->callees || node->callees->next_callee)
return true;
node = node->callees->callee->ultimate_alias_target ();
if (!node2->clone.param_adjustments
|| node2->clone.param_adjustments->first_param_intact_p ())
return false;
- if (node2->former_clone_of == node->decl)
+ if (node2->former_clone_of == node->decl
+ || node2->former_clone_of == node->former_clone_of)
return true;
cgraph_node *n2 = node2;
diff --git a/gcc/ipa-inline-transform.c b/gcc/ipa-inline-transform.c
index be60bbccb5c..e9e21cc0296 100644
--- a/gcc/ipa-inline-transform.c
+++ b/gcc/ipa-inline-transform.c
@@ -607,6 +607,8 @@ save_inline_function_body (struct cgraph_node *node)
}
}
*ipa_saved_clone_sources->get_create (first_clone) = prev_body_holder;
+ first_clone->former_clone_of
+ = node->former_clone_of ? node->former_clone_of : node->decl;
first_clone->clone_of = NULL;
/* Now node in question has no clones. */
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/94856] [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) since r10-4944-g1e83bd7003e03160
2020-04-29 17:43 [Bug ipa/94856] New: [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) asolokha at gmx dot com
` (6 preceding siblings ...)
2020-04-30 10:30 ` jamborm at gcc dot gnu.org
@ 2020-04-30 14:37 ` jamborm at gcc dot gnu.org
2020-04-30 15:59 ` [Bug ipa/94856] [10/11 " cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: jamborm at gcc dot gnu.org @ 2020-04-30 14:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94856
--- Comment #8 from Martin Jambor <jamborm at gcc dot gnu.org> ---
I proposed the patch on the mailing list:
https://gcc.gnu.org/pipermail/gcc-patches/2020-April/544943.html
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/94856] [10/11 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) since r10-4944-g1e83bd7003e03160
2020-04-29 17:43 [Bug ipa/94856] New: [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) asolokha at gmx dot com
` (7 preceding siblings ...)
2020-04-30 14:37 ` jamborm at gcc dot gnu.org
@ 2020-04-30 15:59 ` cvs-commit at gcc dot gnu.org
2020-04-30 16:08 ` cvs-commit at gcc dot gnu.org
2020-04-30 16:23 ` jamborm at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-04-30 15:59 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94856
--- Comment #9 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Jambor <jamborm@gcc.gnu.org>:
https://gcc.gnu.org/g:b31ede6e376302047830691fe6249be3ade0a2c0
commit r11-1-gb31ede6e376302047830691fe6249be3ade0a2c0
Author: Martin Jambor <mjambor@suse.cz>
Date: Thu Apr 30 17:59:00 2020 +0200
ipa: Cgraph verification fix (PR 94856)
PR 94856 is a call graph verifier error. We have a method which (in
the course of IPA-CP) loses its this pointer because it is unused and
the pass then does not clone all the this adjusting thunks and just
makes the calls go straight to the new clone - and then the verifier
complains that the edge does not seem to point to a clone of what it
used to. This looked weird because the verifier actually has logic
detecting this case but it turns out that it is confused by inliner
body-saving mechanism which invents a new decl for the base function.
Making the inlining body-saving mechanism to correctly set
former_clone_of allows us to detect this case too. Then we pass this
particular round of verification but the subsequent one fails because
we have inlined the function into its former thunk - which
subsequently does not have any callees, but the verifier still access
them and segfaults. Therefore the patch also adds a test whether the
a former hunk even has any call.
2020-04-30 Martin Jambor <mjambor@suse.cz>
PR ipa/94856
* cgraph.c (clone_of_p): Also consider thunks whih had their bodies
saved by the inliner and thunks which had their call inlined.
* ipa-inline-transform.c (save_inline_function_body): Fill in
former_clone_of of new body holders.
PR ipa/94856
* g++.dg/ipa/pr94856.C: New test.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/94856] [10/11 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) since r10-4944-g1e83bd7003e03160
2020-04-29 17:43 [Bug ipa/94856] New: [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) asolokha at gmx dot com
` (8 preceding siblings ...)
2020-04-30 15:59 ` [Bug ipa/94856] [10/11 " cvs-commit at gcc dot gnu.org
@ 2020-04-30 16:08 ` cvs-commit at gcc dot gnu.org
2020-04-30 16:23 ` jamborm at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-04-30 16:08 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94856
--- Comment #10 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-10 branch has been updated by Martin Jambor
<jamborm@gcc.gnu.org>:
https://gcc.gnu.org/g:e72cfef362a98528bf3d199f127916c3dbef7727
commit r10-8079-ge72cfef362a98528bf3d199f127916c3dbef7727
Author: Martin Jambor <mjambor@suse.cz>
Date: Thu Apr 30 17:59:00 2020 +0200
ipa: Cgraph verification fix (PR 94856)
PR 94856 is a call graph verifier error. We have a method which (in
the course of IPA-CP) loses its this pointer because it is unused and
the pass then does not clone all the this adjusting thunks and just
makes the calls go straight to the new clone - and then the verifier
complains that the edge does not seem to point to a clone of what it
used to. This looked weird because the verifier actually has logic
detecting this case but it turns out that it is confused by inliner
body-saving mechanism which invents a new decl for the base function.
Making the inlining body-saving mechanism to correctly set
former_clone_of allows us to detect this case too. Then we pass this
particular round of verification but the subsequent one fails because
we have inlined the function into its former thunk - which
subsequently does not have any callees, but the verifier still access
them and segfaults. Therefore the patch also adds a test whether the
a former hunk even has any call.
2020-04-30 Martin Jambor <mjambor@suse.cz>
PR ipa/94856
* cgraph.c (clone_of_p): Also consider thunks whih had their bodies
saved by the inliner and thunks which had their call inlined.
* ipa-inline-transform.c (save_inline_function_body): Fill in
former_clone_of of new body holders.
PR ipa/94856
* g++.dg/ipa/pr94856.C: New test.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/94856] [10/11 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) since r10-4944-g1e83bd7003e03160
2020-04-29 17:43 [Bug ipa/94856] New: [10 Regression] ICE: Segmentation fault (in clone_of_p); or ICE: verify_cgraph_node failed (error: edge points to wrong declaration) asolokha at gmx dot com
` (9 preceding siblings ...)
2020-04-30 16:08 ` cvs-commit at gcc dot gnu.org
@ 2020-04-30 16:23 ` jamborm at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: jamborm at gcc dot gnu.org @ 2020-04-30 16:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94856
Martin Jambor <jamborm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #11 from Martin Jambor <jamborm at gcc dot gnu.org> ---
Fixed on both master and the newly created gcc-10 branch.
^ permalink raw reply [flat|nested] 12+ messages in thread