[Bug ipa/89330] IPA inliner touches released cgraph_edges

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89330

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|marxin at gcc dot gnu.org          |jamborm at gcc dot 
gnu.org

--- Comment #20 from Martin Liška <marxin at gcc dot gnu.org> ---
Ok, one can reproduce the problem with:

$ ../configure --enable-languages=c,c++,lto,fortran --disable-multilib
--prefix=/home/marxin/bin/gcc2 --enable-checking=release --without-isl
--disable-libsanitizer --disable-bootstrap

Reduced test-case:

$ cat /tmp/tree-ssa-sccvn-ice.ii
class A {
public:
  int dest;
};
class B {
public:
  B(int);
  virtual int m_fn1();
};
int B::m_fn1() { return __null; }
void fn1(B &p1, bool, bool, bool, bool, bool) {
  for (;;) {
    p1.m_fn1();
    p1.m_fn1();
  }
}
A a;
void fn2(bool p1) {
  B b(a.dest);
  fn1(b, false, false, p1, fn2, &a);
}

I also have a debugging patch that shows which released edge is used:

diff --git a/gcc/cgraph.c b/gcc/cgraph.c
index 81250acb70c..c585713b23a 100644
--- a/gcc/cgraph.c
+++ b/gcc/cgraph.c
@@ -1008,8 +1008,10 @@ symbol_table::free_edge (cgraph_edge *e)
   if (e->m_summary_id != -1)
     edge_released_summary_ids.safe_push (e->m_summary_id);

+  fprintf (stderr, "releasing: %p: %p->%p\n", e, e->caller, e->callee);
   if (e->indirect_info)
     ggc_free (e->indirect_info);
+  e->caller = NULL;
   ggc_free (e);
 }

@@ -1111,6 +1113,8 @@ cgraph_edge::speculative_call_info (cgraph_edge *&direct,
       if (e2->call_stmt)
        {
          e = e->caller->get_edge (e2->call_stmt);
+         fprintf (stderr, "cgraph_edge::speculative_call_info: %p\n", e);
+         gcc_assert (e->caller);
          gcc_assert (e->speculative && !e->indirect_unknown_callee);
        }
       else
@@ -1223,6 +1227,8 @@ cgraph_edge::make_direct (cgraph_node *callee)
   ggc_free (indirect_info);
   indirect_info = NULL;

+  fprintf (stderr, "cgraph_edge::make_direct: %p\n", this);
+
   /* Get the edge out of the indirect edge list. */
   if (prev_callee)
     prev_callee->next_callee = next_callee;

$ ./xgcc -B. /tmp/tree-ssa-sccvn-ice.ii -c -O2
/tmp/tree-ssa-sccvn-ice.ii: In member function ‘virtual int B::m_fn1()’:
/tmp/tree-ssa-sccvn-ice.ii:10:25: warning: converting to non-pointer type ‘int’
from NULL [-Wconversion-null]
   10 | int B::m_fn1() { return __null; }
      |                         ^~~~~~
releasing: 0x7fe4853894e0: 0x7fe485380438->(nil)
releasing: 0x7fe485389478: 0x7fe485380438->(nil)
releasing: 0x7fe485389820: 0x7fe4853805a0->0x7fe485380438
releasing: 0x7fe4853897b8: 0x7fe4853805a0->0x7fe485380708
releasing: 0x7fe485389958: 0x7fe485380438->(nil)
releasing: 0x7fe4853898f0: 0x7fe485380438->(nil)
releasing: 0x7fe485389af8: 0x7fe485380438->(nil)
releasing: 0x7fe485389a90: 0x7fe485380438->(nil)
releasing: 0x7fe485389a28: 0x7fe4853805a0->0x7fe485380438
releasing: 0x7fe4853899c0: 0x7fe4853805a0->0x7fe485380708
releasing: 0x7fe485389ea0: 0x7fe4853805a0->0x7fe485380438
releasing: 0x7fe485389e38: 0x7fe4853805a0->0x7fe485380708
cgraph_edge::speculative_call_info: 0x7fe485389888
cgraph_edge::speculative_call_info: 0x7fe485389888
releasing: 0x7fe4853899c0: 0x7fe4854f92d0->(nil)
cgraph_edge::make_direct: 0x7fe4853899c0
during IPA pass: inline
/tmp/tree-ssa-sccvn-ice.ii: At global scope:
/tmp/tree-ssa-sccvn-ice.ii:21:1: internal compiler error: Segmentation fault
   21 | }
      | ^
0x11f0c8a crash_signal
        ../../gcc/toplev.c:326
0x7fe48560de4f ???
       
/usr/src/debug/glibc-2.29-7.3.x86_64/signal/../sysdeps/unix/sysv/linux/x86_64/sigaction.c:0
0xc078da cgraph_edge::make_direct(cgraph_node*)
        ../../gcc/cgraph.c:1238
0xef8525 ipa_make_edge_direct_to_target(cgraph_edge*, tree_node*, bool)
        ../../gcc/ipa-prop.c:2978
0xef951c try_make_edge_direct_virtual_call
        ../../gcc/ipa-prop.c:3398
0xef97cc update_indirect_edges_after_inlining
        ../../gcc/ipa-prop.c:3463
0xef9b71 propagate_info_to_inlined_callees
        ../../gcc/ipa-prop.c:3556
0xefa1ed ipa_propagate_indirect_call_infos(cgraph_edge*, vec<cgraph_edge*,
va_heap, vl_ptr>*)
        ../../gcc/ipa-prop.c:3713
0x1eb1b06 inline_call(cgraph_edge*, bool, vec<cgraph_edge*, va_heap, vl_ptr>*,
int*, bool, bool*)
        ../../gcc/ipa-inline-transform.c:486
0x1ea3efd inline_small_functions
        ../../gcc/ipa-inline.c:2088
0x1ea58c3 ipa_inline
        ../../gcc/ipa-inline.c:2550
0x1ea66b0 execute
        ../../gcc/ipa-inline.c:2958

@Martin: Can you please take a look at that?