From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by sourceware.org (Postfix) with ESMTPS id 46460385843E for ; Thu, 23 Sep 2021 17:26:42 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 46460385843E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.cz Received: from relay1.suse.de (relay1.suse.de [149.44.160.133]) by smtp-out2.suse.de (Postfix) with ESMTP id 038C3202A4 for ; Thu, 23 Sep 2021 17:26:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1632418001; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type; bh=YEEmgk3jhIILWvzACdYrBs9mVJqWTQlcodgmCcboZBM=; b=aM9qVoELGJxKvZkSb3XB4eQrGrH+dEgQA+DCxY2E0PdY/4tj1FagYCY/9693VWS1Q4WR95 6fyYOMEEjgfMOL8aUhWtrNGPouoaLm2xsM8fTzPo2cRej60bMasg4sNrT51T2uwy/pgSaO x/ae+q6V3GlIa5OwKgjlyy+yMTTgl3I= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1632418001; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type; bh=YEEmgk3jhIILWvzACdYrBs9mVJqWTQlcodgmCcboZBM=; b=PlvShJX9RVQpLSynlXFxCB7R2HqlbdQ3tiT3oJc93av3eR+oxH5qZbO1Ie19wwU8YdIAzK +xCrxpRspczG5ODA== Received: from suse.cz (virgil.suse.cz [10.100.13.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay1.suse.de (Postfix) with ESMTPS id E618F25D3C; Thu, 23 Sep 2021 17:26:40 +0000 (UTC) From: Martin Jambor To: GCC Patches Cc: Jan Hubicka Subject: [PATCH] ipa: Fix ICE when speculating calls from inlined functions (PR 102388) User-Agent: Notmuch/0.33.1 (https://notmuchmail.org) Emacs/27.2 (x86_64-suse-linux-gnu) Date: Thu, 23 Sep 2021 19:26:40 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-11.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2021 17:26:43 -0000 Hi, The code handling various cases which lead to call graph edge duplication (in order to update reference descriptions used to track and remove no-longer needed references) has missed one important case. When edge duplication is an effect of creating a speculative edge for an indirect edge which carries a constant jump function which had been created from a pass-through function when the edge caller has was inlined into one of its callers, the reference description attached to the function describes an edge higher up in the "inlined" clone tree and so even the new speculative edge will. Therefore we should not try to duplicate the reference description itself but rather just bump the refcount of the existing one. Creating a small testcase unfortunately is not very straightforward, I have not attempted to trigger just the right speculation after inlining. Bootstrapped and tested on an x86_64-linux. OK for trunk? Thanks, Martin gcc/ChangeLog: 2021-09-22 Martin Jambor PR ipa/102388 * ipa-prop.c (ipa_edge_args_sum_t::duplicate): Also handle the case when the source reference description corresponds to a referance taken in a function src->caller is inlined to. --- gcc/ipa-prop.c | 40 +++++++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 13 deletions(-) diff --git a/gcc/ipa-prop.c b/gcc/ipa-prop.c index 1c69d9766c5..443f21ce61b 100644 --- a/gcc/ipa-prop.c +++ b/gcc/ipa-prop.c @@ -4428,19 +4428,33 @@ ipa_edge_args_sum_t::duplicate (cgraph_edge *src, cgraph_edge *dst, dst_jf->value.constant.rdesc = NULL; else if (src->caller == dst->caller) { - struct ipa_ref *ref; - symtab_node *n = symtab_node_for_jfunc (src_jf); - gcc_checking_assert (n); - ref = src->caller->find_reference (n, src->call_stmt, - src->lto_stmt_uid); - gcc_checking_assert (ref); - dst->caller->clone_reference (ref, ref->stmt); - - struct ipa_cst_ref_desc *dst_rdesc = ipa_refdesc_pool.allocate (); - dst_rdesc->cs = dst; - dst_rdesc->refcount = src_rdesc->refcount; - dst_rdesc->next_duplicate = NULL; - dst_jf->value.constant.rdesc = dst_rdesc; + /* Creation of a speculative edge. If the source edge is the one + grabbing a reference, we must create a new (duplicate) + reference description. Otherwise they refer to the same + description corresponding to a reference taken in a function + src->caller is inlined to. In that case we just must + increment the refcount. */ + if (src_rdesc->cs == src) + { + symtab_node *n = symtab_node_for_jfunc (src_jf); + gcc_checking_assert (n); + ipa_ref *ref + = src->caller->find_reference (n, src->call_stmt, + src->lto_stmt_uid); + gcc_checking_assert (ref); + dst->caller->clone_reference (ref, ref->stmt); + + ipa_cst_ref_desc *dst_rdesc = ipa_refdesc_pool.allocate (); + dst_rdesc->cs = dst; + dst_rdesc->refcount = src_rdesc->refcount; + dst_rdesc->next_duplicate = NULL; + dst_jf->value.constant.rdesc = dst_rdesc; + } + else + { + src_rdesc->refcount++; + dst_jf->value.constant.rdesc = src_rdesc; + } } else if (src_rdesc->cs == src) { -- 2.33.0