https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96394
--- Comment #10 from Sergei Trofimovich <slyfox at gcc dot gnu.org> ---
Finally managed to shrink it down to self-contained example. It has to be split
into two .c files (and one header) to prevent analyzer from inferring too much:
// node.h:
void bug(void);
void * PyErr_Format(const void * ...);
typedef struct _entry {
int has_next;
int next_ix;
int count;
} entry;
extern entry table[];
// main.c:
#include "node.h"
void * PyErr_Format(const void * ...){ return 0; }
int main(void)
{
bug();
}
entry table[2] = {
{ .has_next = 1
, .next_ix = 1
, .count = 0
},
{ .has_next = 0
, .next_ix = 0
, .count = 0
},
};
// parsermodule.c:
#include "node.h"
void ae(entry *);
int h(entry *);
int ap(entry *);
int ag(entry *);
int ag(entry *j) {
if (j->has_next)
h(&table[j->next_ix]);
return 0;
}
static int ai(entry *j, int k(entry *), int l, int m) {
int am = 1;
int ab;
/* k is either 'h' or 'ap': 50%/50% */
ab = k(j);
/* loop never gets executed on real data */
for (; j->count >= 2; am += 2)
if (l) {
entry *i = &table[am + m];
PyErr_Format(i);
}
return ab;
}
void bug() {
h(table);
h(table);
}
int h(entry *j) { return ai(j, ap, 4, 5); }
int ap(entry *j) { return ai(j, ag, 14, 4); }
Commands to crash:
$ g++-11.0.0 -O2 -c -fprofile-generate parsermodule.c -o parsermodule.o
$ g++-11.0.0 -O2 -c -fprofile-generate main.c -o main.o
$ g++-11.0.0 -O2 -fprofile-generate main.o parsermodule.o -o b
$ ./b
$ g++-11.0.0 -O2 -c -fprofile-use parsermodule.c -o parsermodule.o -fopt-info
parsermodule.c:20:9: optimized: Indirect call -> direct call k_6(D) => ap (will
resolve by ipa-profile)
parsermodule.c:20:9: optimized: Indirect call -> direct call k_6(D) => ag (will
resolve by ipa-profile)
parsermodule.c:20:9: optimized: Inlined int ag(entry*)/7 into int ai(entry*,
int (*)(entry*), int, int)/1 which now has time 15.125000 and size 25, net
change of +2.
parsermodule.c:20:9: optimized: converting indirect call in int ai(entry*, int
(*)(entry*), int, int)/8 to direct call to int ag(entry*)/0
parsermodule.c:35:29: optimized: Inlined int ai(entry*, int (*)(entry*), int,
int)/8 into int ap(entry*)/4 which now has time 8.625000 and size 15, net
change of +6.
parsermodule.c:20:9: optimized: converting indirect call in int ai(entry*, int
(*)(entry*), int, int)/1 to direct call to int ap(entry*)/4
during IPA pass: inline
parsermodule.c:35:45: internal compiler error: in add_new_edges_to_heap, at
ipa-inline.c:1754
35 | int ap(entry *j) { return ai(j, ag, 14, 4); }
| ^
0x621b65 add_new_edges_to_heap
/usr/src/debug/sys-devel/gcc-11.0.0_pre9999/gcc-11.0.0_pre9999/gcc/ipa-inline.c:1754
0x163ded7 inline_small_functions
/usr/src/debug/sys-devel/gcc-11.0.0_pre9999/gcc-11.0.0_pre9999/gcc/ipa-inline.c:2218
0x163ded7 ipa_inline
/usr/src/debug/sys-devel/gcc-11.0.0_pre9999/gcc-11.0.0_pre9999/gcc/ipa-inline.c:2697
0x163ded7 execute
/usr/src/debug/sys-devel/gcc-11.0.0_pre9999/gcc-11.0.0_pre9999/gcc/ipa-inline.c:3099
Please submit a full bug report,
