https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91508
Bug ID: 91508
Summary: Segfault due to referencing removed cgraph_node
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: ipa
Assignee: unassigned at gcc dot gnu.org
Reporter: fxue at os dot amperecomputing.com
CC: marxin at gcc dot gnu.org
Target Milestone: ---
Caught a segfault when compiling pr63766.C with debug version gcc.
pr63766.C:48:1: internal compiler error: Segmentation fault
48 | }
| ^
0x14ace78 crash_signal
../../gcc/toplev.c:326
0x8fd7c5 tree_check(tree_node*, char const*, int, char const*, tree_code)
../../gcc/tree.h:3256
0x1342850 do_per_function_toporder(void (*)(function*, void*), void*)
../../gcc/passes.c:1703
0x1345471 execute_ipa_pass_list(opt_pass*)
../../gcc/passes.c:2919
0xe10dba ipa_passes
../../gcc/cgraphunit.c:2480
0xe1120c symbol_table::compile()
../../gcc/cgraphunit.c:2618
0xe117d2 symbol_table::finalize_compilation_unit()
../../gcc/cgraphunit.c:2868
Analysis points to do_per_function_order()/passes.c, in which handling an
cgraph_node in a worklist might remove later unprocessed node. So, it registers
a remove hook to track removed node by hashset, and uses node's uid as hashset
key. But this trick has a problem in that node's uid becomes garbage if the
node has been removed. Alternative way is to use node address as key.
/* Function could be inlined and removed as unreachable. */
if (node == NULL || removed_nodes.contains (node->get_uid ()))
^^^^^^^^^^
