https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97857
--- Comment #8 from Jan Hubicka <hubicka at gcc dot gnu.org> ---
In my setup I get ICE segfault with
#0 0x00000000011fcf44 in vec<speculative_call_target, va_heap,
vl_ptr>::release (this=0x0) at ../../gcc/vec.h:1811
#1 0x00000000011fcf2f in auto_vec<speculative_call_target, 0ul>::~auto_vec
(this=<optimized out>, this=<optimized out>) at ../../gcc/vec.h:1542
#2 speculative_call_summary::~speculative_call_summary (this=<optimized out>,
this=<optimized out>) at ../../gcc/ipa-profile.c:178
#3 object_allocator<speculative_call_summary>::remove (object=0x0,
this=0x2c980f8) at ../../gcc/alloc-pool.h:522
#4 call_summary_base<speculative_call_summary>::release (this=0x2c980c0,
item=0x0) at ../../gcc/symbol-summary.h:625
#5 0x0000000000d03fbf in
call_summary<speculative_call_summary*>::~call_summary (this=<optimized out>,
this=<optimized out>) at ../../gcc/hash-map.h:270
#6 0x00000000011e1070 in
ipa_profile_call_summaries::~ipa_profile_call_summaries (this=<optimized out>,
this=<optimized out>) at ../../gcc/ipa-profile.c:192
#7 ipa_profile_call_summaries::~ipa_profile_call_summaries (this=<optimized
out>, this=<optimized out>) at ../../gcc/ipa-profile.c:192
#8 0x00000000011e0d00 in ipa_profile () at ../../gcc/ipa-profile.c:1031
#9 (anonymous namespace)::pass_ipa_profile::execute (this=<optimized out>) at
../../gcc/ipa-profile.c:1070
#10 0x0000000000d01344 in execute_one_pass (pass=0x1cc8fe0) at
../../gcc/passes.c:2564
#11 0x00000000011ded75 in execute_ipa_pass_list (pass=0x1cc8fe0) at
../../gcc/passes.c:2993
#12 0x0000000000cffe1f in ipa_passes () at ../../gcc/cgraphunit.c:2217
#13 symbol_table::compile (this=0x7ffff7066100) at ../../gcc/cgraphunit.c:2294
#14 0x00000000011cb792 in symbol_table::finalize_compilation_unit
(this=0x7ffff7066100) at ../../gcc/cgraphunit.c:2542
#15 compile_file () at ../../gcc/toplev.c:485
#16 0x000000000119744d in do_compile () at ../../gcc/toplev.c:2321
#17 toplev::main (argv=<optimized out>, argc=6, this=<synthetic pointer>) at
../../gcc/toplev.c:2460
#18 main (argc=<optimized out>, argv=0x7fffffffeb08) at ../../gcc/main.c:39
What is wrong is already
#4 call_summary_base<speculative_call_summary>::release (this=0x2c980c0,
item=0x0) at ../../gcc/symbol-summary.h:625
625 m_allocator.remove (item);
here item should be non-NULL. This is called from:
template <typename T>
call_summary<T *>::~call_summary ()
{
this->unregister_hooks ();
/* Release all summaries. */
typedef typename hash_map <map_hash, T *>::iterator map_iterator;
for (map_iterator it = m_map.begin (); it != m_map.end (); ++it)
this->release ((*it).second);
}
and here
Dump of assembler code for function
call_summary<speculative_call_summary*>::~call_summary():
0x0000000000d03f9e <+94>: movaps %xmm0,(%rsp)
0x0000000000d03fa2 <+98>: callq 0xd16140
<hash_table<hash_map<int_hash<int, 0, -1>, thunk_info*,
simple_hashmap_traits<default_hash_traits<int_hash<int, 0, -1> >, thunk_info*>
>::hash_entry, false, xcallocator>::iterator::slide()>
0x0000000000d03fa7 <+103>: movdqa (%rsp),%xmm2
0x0000000000d03fac <+108>: movaps %xmm2,0x10(%rsp)
0x0000000000d03fb1 <+113>: jmp 0xd03fcf
<call_summary<speculative_call_summary*>::~call_summary()+143>
0x0000000000d03fb3 <+115>: mov 0x8(%rdx),%rsi
0x0000000000d03fb7 <+119>: mov %rbx,%rdi
0x0000000000d03fba <+122>: callq 0x11fcf10
<call_summary_base<speculative_call_summary>::release(speculative_call_summary*)>
=> 0x0000000000d03fbf <+127>: lea 0x10(%rsp),%rdi
0x0000000000d03fc4 <+132>: addq $0x10,0x10(%rsp)
0x0000000000d03fca <+138>: callq 0xd16140
<hash_table<hash_map<int_hash<int, 0, -1>, thunk_info*,
simple_hashmap_traits<default_hash_traits<int_hash<int, 0, -1> >, thunk_info*>
>::hash_entry, false, xcallocator>::iterator::slide()>
0x0000000000d03fcf <+143>: mov 0x10(%rsp),%rdx
0x0000000000d03fd4 <+148>: test %rdx,%rdx
so clearly ICF happens on iterator::slide() and something goes wrong here.
We merge quite a lot of slies.
