* [Bug ipa/98078] ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93
2020-12-01 10:09 [Bug ipa/98078] New: ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93 marxin at gcc dot gnu.org
@ 2020-12-01 10:09 ` marxin at gcc dot gnu.org
2020-12-01 10:10 ` marxin at gcc dot gnu.org
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-12-01 10:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98078
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
Created attachment 49658
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=49658&action=edit
test-case 2
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/98078] ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93
2020-12-01 10:09 [Bug ipa/98078] New: ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93 marxin at gcc dot gnu.org
2020-12-01 10:09 ` [Bug ipa/98078] " marxin at gcc dot gnu.org
@ 2020-12-01 10:10 ` marxin at gcc dot gnu.org
2021-01-18 19:21 ` jamborm at gcc dot gnu.org
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-12-01 10:10 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98078
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hubicka at gcc dot gnu.org,
| |jamborm at gcc dot gnu.org
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
Last reconfirmed| |2020-12-01
--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
Started with Jason's commit, but it would be related to an inlining change I
guess.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/98078] ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93
2020-12-01 10:09 [Bug ipa/98078] New: ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93 marxin at gcc dot gnu.org
2020-12-01 10:09 ` [Bug ipa/98078] " marxin at gcc dot gnu.org
2020-12-01 10:10 ` marxin at gcc dot gnu.org
@ 2021-01-18 19:21 ` jamborm at gcc dot gnu.org
2021-01-21 10:02 ` jamborm at gcc dot gnu.org
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: jamborm at gcc dot gnu.org @ 2021-01-18 19:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98078
--- Comment #3 from Martin Jambor <jamborm at gcc dot gnu.org> ---
Here is what happens. An IPA-CP clone for a particular
devirtualziation context is created but all devirtualziations based on
it are speculative. Then the clone is inlined at one of its call
sites and the devirtualization turns out to be exactly right. The
following goes on in cgraph_edge::set_call_stmt which gets a direct
call as the statement.
We end up in the update_speculative condition, which calls itself on
all the corresponding speculative edges. First at the direct, which
then is removed and inserted into the call hash. Then at the
indirect, which is not removed from the has because it is not the one
in there. At this point, we figure out we have a direct call
statement at our hands and so we call make_direct at the edge, which
in turn simply resolves the speculation and returns the direct
branch, which we store to e.
And then we try to add e to call_site_hash, which is already there and
the assert condition does not take that possibility into account.
(gdb) p/r *slot
$42 = (cgraph_edge *) 0x7ffff74d6478
(gdb) p/r e
$43 = (cgraph_edge *) 0x7ffff74d6478
So the simplest fix is probably just adding
if (*slot == e)
return;
before the assert.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/98078] ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93
2020-12-01 10:09 [Bug ipa/98078] New: ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93 marxin at gcc dot gnu.org
` (2 preceding siblings ...)
2021-01-18 19:21 ` jamborm at gcc dot gnu.org
@ 2021-01-21 10:02 ` jamborm at gcc dot gnu.org
2021-03-05 16:42 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: jamborm at gcc dot gnu.org @ 2021-01-21 10:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98078
--- Comment #4 from Martin Jambor <jamborm at gcc dot gnu.org> ---
Actually no, that would be papering over a bigger problem. After looking at
the issue a bit more, I proposed a patch on the mailing list:
https://gcc.gnu.org/pipermail/gcc-patches/2021-January/563962.html
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/98078] ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93
2020-12-01 10:09 [Bug ipa/98078] New: ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93 marxin at gcc dot gnu.org
` (3 preceding siblings ...)
2021-01-21 10:02 ` jamborm at gcc dot gnu.org
@ 2021-03-05 16:42 ` cvs-commit at gcc dot gnu.org
2021-03-05 16:54 ` jamborm at gcc dot gnu.org
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-03-05 16:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98078
--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Jambor <jamborm@gcc.gnu.org>:
https://gcc.gnu.org/g:b8188b7d7382e4a74af5dd6a125e76e8d43a68a5
commit r11-7525-gb8188b7d7382e4a74af5dd6a125e76e8d43a68a5
Author: Martin Jambor <mjambor@suse.cz>
Date: Fri Mar 5 17:25:20 2021 +0100
ipa: Fix resolving speculations through cgraph_edge::set_call_stmt
In the PR 98078 testcase, speculative call-graph edges which were
created by IPA-CP are confirmed during inlining but
cgraph_edge::set_call_stmt does not take it very well.
The function enters the update_speculative branch and updates the
edges in the speculation bundle separately (by a recursive call), but
when it processes the first direct edge, most of the bundle actually
ceases to exist because it is devirtualized. It nevertheless goes on
to attempt to update the indirect edge (that has just been removed),
which surprisingly gets as far as adding the edge to the
call_site_hash, the same devirtualized edge for the second time, and
that triggers an assert.
Fixed by this patch which makes the function aware that it is about to
resolve a speculation and do so instead of updating components of
speculation. Also, it does so before dealing with the hash because
the speculation resolution code needs the hash to point to the first
speculative direct edge and also cleans the hash up by calling
update_call_stmt_hash_for_removing_direct_edge.
Bootstrapped and tested on x86_64-linux, also profile-LTO-bootstrapped
on the same system.
gcc/ChangeLog:
2021-01-20 Martin Jambor <mjambor@suse.cz>
PR ipa/98078
* cgraph.c (cgraph_edge::set_call_stmt): Do not update all
corresponding speculative edges if we are about to resolve
sepculation. Make edge direct (and so resolve speculations) before
removing it from call_site_hash.
(cgraph_edge::make_direct): Relax the initial assert to allow
calling
the function on speculative direct edges.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/98078] ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93
2020-12-01 10:09 [Bug ipa/98078] New: ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93 marxin at gcc dot gnu.org
` (4 preceding siblings ...)
2021-03-05 16:42 ` cvs-commit at gcc dot gnu.org
@ 2021-03-05 16:54 ` jamborm at gcc dot gnu.org
2021-03-16 15:44 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: jamborm at gcc dot gnu.org @ 2021-03-05 16:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98078
--- Comment #6 from Martin Jambor <jamborm at gcc dot gnu.org> ---
Fixed on master so far (both gcc-10 and gcc-9 branches remain affected).
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/98078] ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93
2020-12-01 10:09 [Bug ipa/98078] New: ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93 marxin at gcc dot gnu.org
` (5 preceding siblings ...)
2021-03-05 16:54 ` jamborm at gcc dot gnu.org
@ 2021-03-16 15:44 ` cvs-commit at gcc dot gnu.org
2021-03-17 10:35 ` cvs-commit at gcc dot gnu.org
2021-03-17 10:36 ` jamborm at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-03-16 15:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98078
--- Comment #7 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-10 branch has been updated by Martin Jambor
<jamborm@gcc.gnu.org>:
https://gcc.gnu.org/g:27dca33bc5c52971c00d1657560aeabae8f35d18
commit r10-9449-g27dca33bc5c52971c00d1657560aeabae8f35d18
Author: Martin Jambor <mjambor@suse.cz>
Date: Tue Mar 16 16:42:41 2021 +0100
ipa: Fix resolving speculations through cgraph_edge::set_call_stmt
In the PR 98078 testcase, speculative call-graph edges which were
created by IPA-CP are confirmed during inlining but
cgraph_edge::set_call_stmt does not take it very well.
The function enters the update_speculative branch and updates the
edges in the speculation bundle separately (by a recursive call), but
when it processes the first direct edge, most of the bundle actually
ceases to exist because it is devirtualized. It nevertheless goes on
to attempt to update the indirect edge (that has just been removed),
which surprisingly gets as far as adding the edge to the
call_site_hash, the same devirtualized edge for the second time, and
that triggers an assert.
Fixed by this patch which makes the function aware that it is about to
resolve a speculation and do so instead of updating components of
speculation. Also, it does so before dealing with the hash because
the speculation resolution code needs the hash to point to the first
speculative direct edge and also cleans the hash up by calling
update_call_stmt_hash_for_removing_direct_edge.
Bootstrapped and tested on x86_64-linux, also profile-LTO-bootstrapped
on the same system.
gcc/ChangeLog:
2021-01-20 Martin Jambor <mjambor@suse.cz>
PR ipa/98078
* cgraph.c (cgraph_edge::set_call_stmt): Do not update all
corresponding speculative edges if we are about to resolve
sepculation. Make edge direct (and so resolve speculations) before
removing it from call_site_hash.
(cgraph_edge::make_direct): Relax the initial assert to allow
calling
the function on speculative direct edges.
(cherry picked from commit b8188b7d7382e4a74af5dd6a125e76e8d43a68a5)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/98078] ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93
2020-12-01 10:09 [Bug ipa/98078] New: ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93 marxin at gcc dot gnu.org
` (6 preceding siblings ...)
2021-03-16 15:44 ` cvs-commit at gcc dot gnu.org
@ 2021-03-17 10:35 ` cvs-commit at gcc dot gnu.org
2021-03-17 10:36 ` jamborm at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-03-17 10:35 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98078
--- Comment #8 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-9 branch has been updated by Martin Jambor
<jamborm@gcc.gnu.org>:
https://gcc.gnu.org/g:25fc4cb3ff7bb86d31ac886e04bbe5dd69db832e
commit r9-9291-g25fc4cb3ff7bb86d31ac886e04bbe5dd69db832e
Author: Martin Jambor <mjambor@suse.cz>
Date: Wed Mar 17 11:32:50 2021 +0100
ipa: Fix resolving speculations through cgraph_edge::set_call_stmt
In the PR 98078 testcase, speculative call-graph edges which were
created by IPA-CP are confirmed during inlining but
cgraph_edge::set_call_stmt does not take it very well.
The function enters the update_speculative branch and updates the
edges in the speculation bundle separately (by a recursive call), but
when it processes the first direct edge, most of the bundle actually
ceases to exist because it is devirtualized. It nevertheless goes on
to attempt to update the indirect edge (that has just been removed),
which surprisingly gets as far as adding the edge to the
call_site_hash, the same devirtualized edge for the second time, and
that triggers an assert.
Fixed by this patch which makes the function aware that it is about to
resolve a speculation and do so instead of updating components of
speculation. Also, it does so before dealing with the hash because
the speculation resolution code needs the hash to point to the first
speculative direct edge and also cleans the hash up by calling
update_call_stmt_hash_for_removing_direct_edge.
Bootstrapped and tested on x86_64-linux, also profile-LTO-bootstrapped
on the same system.
gcc/ChangeLog:
2021-01-20 Martin Jambor <mjambor@suse.cz>
PR ipa/98078
* cgraph.c (cgraph_edge::set_call_stmt): Do not update all
corresponding speculative edges if we are about to resolve
speculation. Make edge direct (and so resolve speculations) before
removing it from call_site_hash.
(cgraph_edge::make_direct): Relax the initial assert to allow
calling
the function on speculative direct edges.
(cherry picked from commit b8188b7d7382e4a74af5dd6a125e76e8d43a68a5)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/98078] ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93
2020-12-01 10:09 [Bug ipa/98078] New: ICE in cgraph_add_edge_to_call_site_hash, at cgraph.c:698 since r6-1705-gd88511aec7338a93 marxin at gcc dot gnu.org
` (7 preceding siblings ...)
2021-03-17 10:35 ` cvs-commit at gcc dot gnu.org
@ 2021-03-17 10:36 ` jamborm at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: jamborm at gcc dot gnu.org @ 2021-03-17 10:36 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98078
Martin Jambor <jamborm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #9 from Martin Jambor <jamborm at gcc dot gnu.org> ---
Fixed on master and both opened released branches.
^ permalink raw reply [flat|nested] 10+ messages in thread