https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116572
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed|2024-09-02 00:00:00 |2025-2-28
--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
Re-confirmed.
(gdb) l
1859 /* It is invalid to release body before materializing clones
except
1860 for thunks that don't really need a body. Verify also that we
do
1861 not leak pointers to the call statements. */
1862 for (cgraph_node *node = clones; node;
1863 node = node->next_sibling_clone)
1864 gcc_assert (node->thunk && !node->callees->call_stmt);
(gdb) p debug_gimple_stmt (clones->callees->call_stmt)
__builtin___ubsan_handle_builtin_unreachable (&*.Lubsan_data15);
this gets introduced during inlining:
#0 symbol_table::create_edge (this=0x7ffff6806000,
caller=caller@entry=<cgraph_node * 0x7ffff660cdd0
"_ZThn8_NK12_GLOBAL__N_12F33fooE1BIc1AIcEcE"/8>,
callee=callee@entry=<cgraph_node * 0x7ffff660cbb0
"__builtin___ubsan_handle_builtin_unreachable"/71>,
call_stmt=call_stmt@entry=0x7ffff6688260, count=...,
indir_unknown_callee=indir_unknown_callee@entry=false, cloning_p=false)
at /home/rguenther/src/gcc/gcc/cgraph.cc:912
#1 0x0000000000af3fa6 in cgraph_node::create_edge (
this=this@entry=<cgraph_node * const 0x7ffff660cdd0
"_ZThn8_NK12_GLOBAL__N_12F33fooE1BIc1AIcEcE"/8>,
callee=<cgraph_node * 0x7ffff660cbb0
"__builtin___ubsan_handle_builtin_unreachable"/71>,
call_stmt=call_stmt@entry=0x7ffff6688260, count=...,
count@entry=..., cloning_p=cloning_p@entry=false)
at /home/rguenther/src/gcc/gcc/cgraph.cc:952
#2 0x0000000000af5a09 in cgraph_update_edges_for_call_stmt_node (
node=node@entry=<cgraph_node * 0x7ffff660cdd0
"_ZThn8_NK12_GLOBAL__N_12F33fooE1BIc1AIcEcE"/8>,
old_stmt=old_stmt@entry=<gimple_call 0x7ffff6688098>,
old_call=old_call@entry=<function_decl 0x7ffff6942f00
__builtin_unreachable>, new_stmt=new_stmt@entry=<gimple_call 0x7ffff6688260>)
at /home/rguenther/src/gcc/gcc/cgraph.cc:1688
#3 0x0000000000af5bf1 in cgraph_update_edges_for_call_stmt (
old_stmt=old_stmt@entry=<gimple_call 0x7ffff6688098>,
old_decl=old_decl@entry=<function_decl 0x7ffff6942f00
__builtin_unreachable>, new_stmt=new_stmt@entry=<gimple_call 0x7ffff6688260>)
at /home/rguenther/src/gcc/gcc/cgraph.cc:1715
#4 0x000000000102414e in fold_marked_statements (first=first@entry=3,
statements=0x3234bd0) at /home/rguenther/src/gcc/gcc/tree-inline.cc:5497
#5 0x00000000010313b7 in optimize_inline_calls (
fn=<function_decl 0x7ffff69f1400
_ZThn8_NK12_GLOBAL__N_12F33fooE1BIc1AIcEcE>) at
/home/rguenther/src/gcc/gcc/tree-inline.cc:5633
#6 0x0000000000d29834 in inline_transform (node=<optimized out>)
at /home/rguenther/src/gcc/gcc/ipa-inline-transform.cc:808
#7 0x0000000000e94cf5 in execute_one_ipa_transform_pass (
for some reason we are inlining
<cgraph_node * 0x7ffff681aee0 "_ZThn8_NK12_GLOBAL__N_12F33fooE1BIc1AIcEcE"/8>
-> <cgraph_node * 0x7ffff6600330 "foo"/6>
where the caller is !thunk but has a clone that is thunk. Then
cgraph_update_edges_for_call_stmt will update both and we get confused?
