[Bug c++/82759] New: SIGSEGV in gcc-7.2.0/gcc/tree-ssa-sccvn.c:3087: vn_phi_lookup()

[slyfox at inbox dot ru]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82759

            Bug ID: 82759
           Summary: SIGSEGV in gcc-7.2.0/gcc/tree-ssa-sccvn.c:3087:
                    vn_phi_lookup()
           Product: gcc
           Version: 7.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: slyfox at inbox dot ru
  Target Milestone: ---

Created attachment 42492
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=42492&action=edit
_png.ii

Original build failure was found out on matplotlib-1.4.3 package.

Minimal example is extraxted with c-reduce to the following:


$ cat _png.ii

    void _setjmp(int);
    void a();
    class b {
    public:
      virtual long c() {}
      void m_fn2() { c(); }
    } d;
    void e() {
      d.m_fn2();
      try {
        a();
        _setjmp(0);
      } catch (...) {
      }
    }

$ x86_64-pc-linux-gnu-gcc-7.2.0 -O2 -c _png.ii
_png.ii: In function 'void e()':
_png.ii:8:6: internal compiler error: Segmentation fault
 void e() {
      ^

gdb backtrace:

Program received signal SIGSEGV, Segmentation fault.
vn_phi_lookup (phi=0x7ffff6b42b00) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/tree-ssa-sccvn.c:3087
3087        if (gcond *last1 = dyn_cast <gcond *> (last_stmt (idom1)))
(gdb) bt
#0  vn_phi_lookup (phi=0x7ffff6b42b00) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/tree-ssa-sccvn.c:3087
#1  visit_phi (phi=0x7ffff6b42b00) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/tree-ssa-sccvn.c:3882
#2  visit_use (use=<optimized out>) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/tree-ssa-sccvn.c:3948
#3  0x0000000000c55721 in process_scc (scc=...) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/tree-ssa-sccvn.c:4296
#4  extract_and_process_scc_for_name (name=<optimized out>) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/tree-ssa-sccvn.c:4352
#5  DFS (name=0x7ffff69caf30) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/tree-ssa-sccvn.c:4404
#6  0x0000000000c56657 in sccvn_dom_walker::before_dom_children
(this=0x7fffffffcb40, bb=0x7ffff69cb548)
    at /usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/tree-ssa-sccvn.c:4857
#7  0x00000000010fdc6b in dom_walker::walk (this=this@entry=0x7fffffffcb40,
bb=0x7ffff69cb548) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/domwalk.c:265
#8  0x0000000000c5724b in run_scc_vn
(default_vn_walk_kind_=default_vn_walk_kind_@entry=VN_WALKREWRITE)
    at /usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/tree-ssa-sccvn.c:4981
#9  0x0000000000c2b435 in (anonymous namespace)::pass_fre::execute
(this=<optimized out>, fun=0x7ffff6b3a370)
    at /usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/tree-ssa-pre.c:5201
#10 0x0000000000a3b487 in execute_one_pass (pass=pass@entry=0x1e212e0) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/passes.c:2465
#11 0x0000000000a3bc91 in execute_pass_list_1 (pass=0x1e212e0) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/passes.c:2554
#12 0x0000000000a3bca3 in execute_pass_list_1 (pass=0x1e20e40) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/passes.c:2555
#13 0x0000000000a3bce5 in execute_pass_list (fn=<optimized out>,
pass=<optimized out>) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/passes.c:2565
#14 0x00000000007b2e12 in cgraph_node::expand (this=0x7ffff6b3b730) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/cgraphunit.c:2042
#15 0x00000000007b41a9 in expand_all_functions () at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/cgraphunit.c:2178
#16 symbol_table::compile (this=this@entry=0x7ffff69c3100) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/cgraphunit.c:2535
#17 0x00000000007b5e97 in symbol_table::compile (this=0x7ffff69c3100) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/cgraphunit.c:2628
#18 symbol_table::finalize_compilation_unit (this=0x7ffff69c3100) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/cgraphunit.c:2625
#19 0x0000000000af5025 in compile_file () at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/toplev.c:492
#20 0x0000000000597c05 in do_compile () at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/toplev.c:2003
#21 toplev::main (this=this@entry=0x7fffffffcdd6, argc=<optimized out>,
argc@entry=14, argv=<optimized out>, argv@entry=0x7fffffffced8)
    at /usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/toplev.c:2137
#22 0x0000000000599f1b in main (argc=14, argv=0x7fffffffced8) at
/usr/src/debug/sys-devel/gcc-7.2.0/gcc-7.2.0/gcc/main.c:39

valgrind reports a lot of unitialized accesses like:

==12689== Conditional jump or move depends on uninitialised value(s)
==12689==    at 0x995EC1: sparseset_bit_p (sparseset.h:147)
==12689==    by 0x995EC1: mark_pseudo_regno_live(int) (ira-lives.c:289)
==12689==    by 0x997078: process_bb_node_lives(ira_loop_tree_node*)
(ira-lives.c:1254)
==12689==    by 0x97C19E: ira_traverse_loop_tree(bool, ira_loop_tree_node*,
void (*)(ira_loop_tree_node*), void (*)(ira_loop_tree_node*))
(ira-build.c:1806)
==12689==    by 0x997BA1: ira_create_allocno_live_ranges() (ira-lives.c:1564)
==12689==    by 0x97DD4C: ira_build() (ira-build.c:3422)
==12689==    by 0x9755BB: ira (ira.c:5302)
==12689==    by 0x9755BB: (anonymous namespace)::pass_ira::execute(function*)
(ira.c:5613)
==12689==    by 0xA3B486: execute_one_pass(opt_pass*) (passes.c:2465)
==12689==    by 0xA3BC90: execute_pass_list_1(opt_pass*) (passes.c:2554)
==12689==    by 0xA3BCA2: execute_pass_list_1(opt_pass*) (passes.c:2555)
==12689==    by 0xA3BCE4: execute_pass_list(function*, opt_pass*)
(passes.c:2565)
==12689==    by 0x7B2E11: cgraph_node::expand() (cgraphunit.c:2042)
==12689==    by 0x7B41A8: expand_all_functions (cgraphunit.c:2178)
==12689==    by 0x7B41A8: symbol_table::compile() [clone .part.50]
(cgraphunit.c:2535)
==12689==    by 0x7B5E96: compile (cgraphunit.c:2628)
==12689==    by 0x7B5E96: symbol_table::finalize_compilation_unit()
(cgraphunit.c:2625)
==12689==    by 0xAF5024: compile_file() (toplev.c:492)
==12689==    by 0x597C04: do_compile (toplev.c:2003)
==12689==    by 0x597C04: toplev::main(int, char**) (toplev.c:2137)
==12689==    by 0x599F1A: main (main.c:39)
==12689==  Uninitialised value was created by a heap allocation
==12689==    at 0x4C2CEAF: malloc (vg_replace_malloc.c:299)
==12689==    by 0x123A027: xmalloc (xmalloc.c:147)
==12689==    by 0xAE16EF: sparseset_alloc(unsigned long) (sparseset.c:33)
==12689==    by 0x997B2F: ira_create_allocno_live_ranges() (ira-lives.c:1557)
==12689==    by 0x97DD4C: ira_build() (ira-build.c:3422)
==12689==    by 0x9755BB: ira (ira.c:5302)
==12689==    by 0x9755BB: (anonymous namespace)::pass_ira::execute(function*)
(ira.c:5613)
==12689==    by 0xA3B486: execute_one_pass(opt_pass*) (passes.c:2465)
==12689==    by 0xA3BC90: execute_pass_list_1(opt_pass*) (passes.c:2554)
==12689==    by 0xA3BCA2: execute_pass_list_1(opt_pass*) (passes.c:2555)
==12689==    by 0xA3BCE4: execute_pass_list(function*, opt_pass*)
(passes.c:2565)
==12689==    by 0x7B2E11: cgraph_node::expand() (cgraphunit.c:2042)
==12689==    by 0x7B41A8: expand_all_functions (cgraphunit.c:2178)
==12689==    by 0x7B41A8: symbol_table::compile() [clone .part.50]
(cgraphunit.c:2535)
==12689==    by 0x7B5E96: compile (cgraphunit.c:2628)
==12689==    by 0x7B5E96: symbol_table::finalize_compilation_unit()
(cgraphunit.c:2625)
==12689==    by 0xAF5024: compile_file() (toplev.c:492)
==12689==    by 0x597C04: do_compile (toplev.c:2003)
==12689==    by 0x597C04: toplev::main(int, char**) (toplev.c:2137)
==12689==    by 0x599F1A: main (main.c:39)