https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102067
Bug ID: 102067
Summary: SEGFAULT in varpool_node::get_constructor during lto1
when optimising or not using debug symbols
Product: gcc
Version: 9.3.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: matt at godbolt dot org
Target Milestone: ---
Whillinking against a static library containing LTO objects, the `lto1` stage
crashes with a segfault during IPA/ICF:
```
#0 0x0000000000c8b1bb in varpool_node::get_constructor() ()
#1 0x00000000011cf80b in ipa_icf::sem_variable::equals(ipa_icf::sem_item*,
hash_map<symtab_node*, ipa_icf::sem_item*,
simple_hashmap_traits<default_hash_traits<symtab_node*>, ipa_icf::sem_item*>
>&) ()
#2 0x00000000011d1810 in
ipa_icf::sem_item_optimizer::subdivide_classes_by_equality(bool) ()
#3 0x00000000011d9c35 in ipa_icf::sem_item_optimizer::execute() ()
#4 0x00000000011da9d7 in ipa_icf::pass_ipa_icf::execute(function*) ()
#5 0x000000000093e15a in execute_one_pass(opt_pass*) ()
#6 0x000000000093ef32 in execute_ipa_pass_list(opt_pass*) ()
```
The pointer returned by the call to `lto_get_function_in_decl_state` in
`get_constructor` is NULL, and it's dereferenced to cause the segfault.
We found that this only happens if optimization level 2 or greater is on and
debug symbols are not being generated. It seems something required is being
dropped by the optimizer (but kept if debug is on).
We were unable to reduce the situation beyond what is attached. The `repro.sh`
script reproduces the issue. We found the issue in 9.3, and the binaries in the
attachment were created by 9.3, but 9.4 also suffers from this issue.
The attachment is too large to put here, so I've uploaded here:
https://xania.org/media/gcc-lto-bug.tar.gz
This seems somewhat related to bug 87792; though it's hard to be sure it's the
same root cause.
