https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98615
Bug ID: 98615
Summary: libgccjit crash while freeing 'clone_info' in
'cgraph_c_finalize'
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: jit
Assignee: dmalcolm at gcc dot gnu.org
Reporter: akrl at gcc dot gnu.org
Target Milestone: ---
Created attachment 49928
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=49928&action=edit
reproducer
====
$ gcc libgccjit_repro.c -lgccjit
$ ./a.out
munmap_chunk(): invalid pointer
Aborted (core dumped)
====
What is going on is that a static function (CAR) is inlined via virtual clone
and its symbol released.
Eventually 'cgraph_c_finalize' calls 'clone_info::release' and this is where
(not sure why) we crash.
I believe this bug was introduced by:
ae7a23a3fab Move clone_info to summary
The first revision where is possible to reproduce on was unbroken few commits
later with:
895fdc1f4c9 ipa: Fix segmentation fault in
function_summary<clone_info*>::get(cgraph_node*)
I found this because it breaks Emacs bootstrap on libgccjit.
