[Bug lto/69650] [6 Regression] ICE in linemap_line_start, at libcpp/line-map.c:803

[dmalcolm at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69650

--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Looking at the LTO data creation, by putting a breakpoint in cc1plus on
lto_output_location to see the values that are written, I see that the
bogus-looking location is coming from this ordinary map.  It has an
insane-looking value for "to_line":
  (gdb) p *map
  $13 = {<line_map> = {start_location = 8224, reason = LC_LEAVE}, to_file =
0x2154630 "Unified_cpp_js_src35.ii", to_line = 1048576, included_from = -1,
sysp = 0 '\000', m_column_and_range_bits = 12, m_range_bits = 5}

This ordinary map was created within cc1plus in response to the "#" line
directive:
(gdb) bt
#0  linemap_add (set=0x7ffff7ffb000, reason=LC_RENAME, sysp=0,
to_file=0x2154630 "Unified_cpp_js_src35.ii", to_line=1048576)
    at ../../src/libcpp/line-map.c:560
#1  0x0000000001541f13 in _cpp_do_file_change (pfile=0x213d5d0,
reason=<optimized out>, to_file=<optimized out>, 
    file_line=<optimized out>, sysp=<optimized out>) at
../../src/libcpp/directives.c:1071
#2  0x00000000015420bc in do_linemarker (pfile=0x213d5d0) at
../../src/libcpp/directives.c:1056
#3  0x0000000001541cb0 in _cpp_handle_directive (pfile=pfile@entry=0x213d5d0,
indented=<optimized out>)
    at ../../src/libcpp/directives.c:510

Within linemap_add, it transitions from this map:
(gdb) p map[-1]
$47 = {<line_map> = {start_location = 32, reason = LC_ENTER}, to_file =
0x2161630 "Unified_cpp_js_src35.ii", to_line = 1, 
  included_from = -1, sysp = 0 '\000', m_column_and_range_bits = 12,
m_range_bits = 5}

to this map:
(gdb) p *map
$46 = {<line_map> = {start_location = 0, reason = LC_LEAVE}, to_file = 0x0,
to_line = 0, included_from = 0, sysp = 0 '\000', 
  m_column_and_range_bits = 0, m_range_bits = 0}

and this conditional fires:
  if (MAIN_FILE_P (map - 1))

and we hit this error-handling:
      /* A TO_FILE of NULL is special - we use the natural values.  */
      if (error || to_file == NULL)
        {
          to_file = ORDINARY_MAP_FILE_NAME (from);
          to_line = SOURCE_LINE (from, from[1].start_location);
          sysp = ORDINARY_MAP_IN_SYSTEM_HEADER_P (from);
        }
and so we have:
  (gdb) p to_file
  $48 = 0x2161630 "Unified_cpp_js_src35.ii"
  (gdb) p to_line
  $49 = 1048576
  (gdb) p /x to_line
  $50 = 0x100000

giving us the bogus to_line value.

Where is this "to_line" value coming from?
  551             to_line = SOURCE_LINE (from, from[1].start_location);

Breakpoint 9, SOURCE_LINE (ord_map=0x7ffff7fed000, loc=0) at
../../src/libcpp/include/line-map.h:1092
  (gdb) p *ord_map
  $54 = {<line_map> = {start_location = 32, reason = LC_ENTER}, to_file =
0x2161630 "Unified_cpp_js_src35.ii", to_line = 1, 
  included_from = -1, sysp = 0 '\000', m_column_and_range_bits = 12,
m_range_bits = 5}

1088    /* Converts a map and a source_location to source line.  */
1089    inline linenum_type
1090    SOURCE_LINE (const line_map_ordinary *ord_map, source_location loc)
1091    {
1092      return ((loc - ord_map->start_location)
1093              >> ord_map->m_column_and_range_bits) + ord_map->to_line;
1094    }
1095    

so we have this calculation: ((0 - 32) >> 12) + 1

(gdb) p /x ((unsigned int)(0 - 32)) >> 12
$59 = 0xfffff
(gdb) p /x (((unsigned int)(0 - 32)) >> 12) + 1
$60 = 0x100000

which explains where the bogus value is coming from.