https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102067
Bug ID: 102067 Summary: SEGFAULT in varpool_node::get_constructor during lto1 when optimising or not using debug symbols Product: gcc Version: 9.3.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: matt at godbolt dot org Target Milestone: --- Whillinking against a static library containing LTO objects, the `lto1` stage crashes with a segfault during IPA/ICF: ``` #0 0x0000000000c8b1bb in varpool_node::get_constructor() () #1 0x00000000011cf80b in ipa_icf::sem_variable::equals(ipa_icf::sem_item*, hash_map<symtab_node*, ipa_icf::sem_item*, simple_hashmap_traits<default_hash_traits<symtab_node*>, ipa_icf::sem_item*> >&) () #2 0x00000000011d1810 in ipa_icf::sem_item_optimizer::subdivide_classes_by_equality(bool) () #3 0x00000000011d9c35 in ipa_icf::sem_item_optimizer::execute() () #4 0x00000000011da9d7 in ipa_icf::pass_ipa_icf::execute(function*) () #5 0x000000000093e15a in execute_one_pass(opt_pass*) () #6 0x000000000093ef32 in execute_ipa_pass_list(opt_pass*) () ``` The pointer returned by the call to `lto_get_function_in_decl_state` in `get_constructor` is NULL, and it's dereferenced to cause the segfault. We found that this only happens if optimization level 2 or greater is on and debug symbols are not being generated. It seems something required is being dropped by the optimizer (but kept if debug is on). We were unable to reduce the situation beyond what is attached. The `repro.sh` script reproduces the issue. We found the issue in 9.3, and the binaries in the attachment were created by 9.3, but 9.4 also suffers from this issue. The attachment is too large to put here, so I've uploaded here: https://xania.org/media/gcc-lto-bug.tar.gz This seems somewhat related to bug 87792; though it's hard to be sure it's the same root cause.