https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103328
Benno Evers changed:
What|Removed |Added
CC||gcc at bmevers dot de
--- Comment #19 from Benno Evers ---
I've independently encountered this issue, and investigated a bit using the
reproducer by Avi Kivity.
>From what I've found, the issue is when inlining the function body into the
actor function in `coro_rewrite_function_body()`:
/* Append the original function body. */
add_stmt (fnbody);
it will contain a reference to the top-level BLOCK of the user-provided
function.
However, when the actor function gets built it is not actually the "current"
function being finished, so `current_function_decl` points to the lambda (that
is currently being morphed into the ramp) instead.
Later on when we finish the lambda in `poplevel()` in decl.cc, we (may) assign
the DECL_INITIAL for that function from the `current_binding_level` which still
points to the last top-level block of the original function that is also used
by `fnbody`.
subblocks = functionbody >= 0 ? current_binding_level->blocks : 0;
// [...]
DECL_INITIAL (current_function_decl) = block ? block : subblocks;
So we end up with the same `tree` being used in two different functions, and
then during gimple lowering bad things happen (in particular, the `subblocks`
set by the actor function are overwritten while lowering the ramp function)
The following change fixed the segfault on both reproducers on a local build.
I'm not too familiar with the GCC codebase so there's probably a better way to
handle the issue, but if the approach looks reasonable I'm happy to submit a
full patch.
--- a/gcc/cp/coroutines.cc
+++ b/gcc/cp/coroutines.cc
@@ -4541,6 +4541,8 @@ morph_fn_to_coro (tree orig, tree *resumer, tree
*destroyer)
BLOCK_VARS (top_block) = BIND_EXPR_VARS (ramp_bind);
BLOCK_SUBBLOCKS (top_block) = NULL_TREE;
+ current_binding_level->blocks = top_block;
+
/* The decl_expr for the coro frame pointer, initialize to zero so that we
can pass it to the IFN_CO_FRAME (since there's no way to pass a type,
directly apparently). This avoids a "used uninitialized" warning. */
