https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65743
Jan Hubicka <hubicka at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |ASSIGNED
Last reconfirmed| |2015-04-12
Assignee|unassigned at gcc dot gnu.org |hubicka at gcc dot
gnu.org
Ever confirmed|0 |1
--- Comment #4 from Jan Hubicka <hubicka at gcc dot gnu.org> ---
Fixing the ICE I now get:
(gdb) p ie->caller->debug ()
_ZN3xpc12JSXrayTraits4callEP9JSContextN2JS6HandleIP8JSObjectEERKNS3_8CallArgsERKN2js7WrapperE.constprop.19823/18042102
(call.constprop) @0x7fffacf46dc8
Type: function definition analyzed
Visibility:
References: _ZN3xpc12JSXrayTraits9singletonE/2875287
(addr)_ZN2js23CrossCompartmentWrapper9singletonE/17591103 (addr)
Referring:
Read from file:
/aux/hubicka/firefox6-50-lto-test6-fdo-hg200-b/toolkit/library/../../js/xpconnect/wrappers/XrayWrapper.o
Function call.constprop/18042102 is inline copy in call/2875462
Clone of
_ZN3xpc12JSXrayTraits4callEP9JSContextN2JS6HandleIP8JSObjectEERKNS3_8CallArgsERKN2js7WrapperE/2862316
Availability: local
First run: 0
Function flags: local unlikely_executed
Called by:
_ZNK3xpc11XrayWrapperIN2js23CrossCompartmentWrapperENS_12JSXrayTraitsEE4callEP9JSContextN2JS6HandleIP8JSObjectEERKNS7_8CallArgsE/2875462
(inlined) (1.00 per call)
Calls:
_ZN3xpc10XrayTraits12ensureHolderEP9JSContextN2JS6HandleIP8JSObjectEE/2875306
(1.00 per call)
_Z22js_ReportIsNotFunctionP9JSContextN2JS6HandleINS1_5ValueEEE/17498760 (0.80
per call)
Indirect call(0.20 per call) of param:3 (vptr maybe changed)
$26 = void
(gdb) p debug_generic_stmt (target)
singleton.D.920554;
So for some reason ipa-cp thinks that the target of the call is COMPONENT_REF.
That is fully bogus of course.
ipa_make_edge_direct_to_target gets jfunc containing the component ref:
<addr_expr 0x7fff9697fa40
type <pointer_type 0x7fffec18b1f8
type <record_type 0x7fffec18b150 Wrapper readonly addressable
needs-constructing BLK
size <integer_cst 0x7ffff6af4048 constant 192>
unit size <integer_cst 0x7ffff6af4078 constant 24>
align 64 symtab 0 alias set 0 canonical type 0x7fffec184f18
attributes <tree_list 0x7ffff62ecf00
purpose <identifier_node 0x7ffff68db2f8 visibility>
value <tree_list 0x7ffff68db2d0
value <string_cst 0x7ffff6cbea00 type <array_type
0x7ffff68dc2a0>
readonly constant static "default\000">>
chain <tree_list 0x7ffff68db320 purpose <identifier_node
0x7ffff68db2f8 visibility> value <tree_list 0x7ffff68db2d0>>> fields
<field_decl 0x7fffec1695f0 D.920532> context <namespace_decl 0x7ffff669ab48 js>
pointer_to_this <pointer_type 0x7fffec18b1f8> reference_to_this
<reference_type 0x7fffebe2cb28>>
public unsigned DI
size <integer_cst 0x7ffff6ad7bb8 constant 64>
unit size <integer_cst 0x7ffff6ad7bd0 constant 8>
align 64 symtab 0 alias set 0 canonical type 0x7ffff6cd1888>
readonly constant
arg 0 <component_ref 0x7fff96989180 type <record_type 0x7fffec18b150
Wrapper>
readonly
arg 0 <var_decl 0x7fffb3283bd0 singleton type <record_type
0x7fffb31f90a8 CrossCompartmentWrapper>
readonly addressable public static BLK file
/aux/hubicka/firefox8/js/src/proxy/CrossCompartmentWrapper.cpp line 425 col 31
size <integer_cst 0x7ffff6af4048 192> unit size <integer_cst 0x7ffff6af4078 24>
align 64 context <record_type 0x7fffb31890a8
CrossCompartmentWrapper> initial <error_mark 0x7ffff6ad7ba0>>
arg 1 <field_decl 0x7fffec187688 D.920554 type <record_type
0x7fffec184f18 Wrapper>
ignored BLK file ../../../dist/include/jswrapper.h line 108 col 7
size <integer_cst 0x7ffff6af4048 192> unit size <integer_cst 0x7ffff6af4078 24>
align 64 offset_align 256
offset <integer_cst 0x7ffff6ad7be8 constant 0>
bit offset <integer_cst 0x7ffff6ad7c30 constant 0> context
<record_type 0x7fffec1883f0 CrossCompartmentWrapper> chain <type_decl
0x7fffec1875f0 CrossCompartmentWrapper>>>>
$34 = void
which is IP invariant, but the target itself is an expression. I think we need
to redirect to unreachable only if the target is indeed known to be constant
and not a function. I am testing fix.
