[Bug ipa/107769] [12/13 Regression] -flto with -Os/-O2/-O3 emitted code with gcc 12.x segfaults via mutated global in .rodata since r12-2887-ga6da2cddcf0e959d
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107769 --- Comment #8 from CVS Commits --- The master branch has been updated by Martin Jambor : https://gcc.gnu.org/g:8e08c7886eed5824bebd0e011526ec302d622844 commit r13-7206-g8e08c7886eed5824bebd0e011526ec302d622844 Author: Martin Jambor Date: Mon Apr 17 12:59:51 2023 +0200 ipa: Fix double reference-count decrements for the same edge (PR 107769, PR 109318) It turns out that since addition of the code that can identify globals which are only read from, the code that keeps track of the references can decrement their count for the same calls, once during IPA-CP and then again during inlining. Fixed by adding a special flag to the pass-through variant and simply wiping out the reference to the refdesc structure from the constant ones. Moreover, during debugging of the issue I have discovered that the code removing references could remove a reference associated with the same statement but of a wrong type. In all cases it wanted to remove an IPA_REF_ADDR reference so removing a lesser one instead should do no harm in practice, but we should try to be consistent and so this patch extends symtab_node::find_reference so that it searches for a reference of a given type only. gcc/ChangeLog: 2023-04-14 Martin Jambor PR ipa/107769 PR ipa/109318 * cgraph.h (symtab_node::find_reference): Add parameter use_type. * ipa-prop.h (ipa_pass_through_data): New flag refdesc_decremented. (ipa_zap_jf_refdesc): New function. (ipa_get_jf_pass_through_refdesc_decremented): Likewise. (ipa_set_jf_pass_through_refdesc_decremented): Likewise. * ipa-cp.cc (ipcp_discover_new_direct_edges): Provide a value for the new parameter of find_reference. (adjust_references_in_caller): Likewise. Make sure the constant jump function is not used to decrement a refdec counter again. Only decrement refdesc counters when the pass_through jump function allows it. Added a detailed dump when decrementing refdesc counters. * ipa-prop.cc (ipa_print_node_jump_functions_for_edge): Dump new flag. (ipa_set_jf_simple_pass_through): Initialize the new flag. (ipa_set_jf_unary_pass_through): Likewise. (ipa_set_jf_arith_pass_through): Likewise. (remove_described_reference): Provide a value for the new parameter of find_reference. (update_jump_functions_after_inlining): Zap refdesc of new jfunc if the previous pass_through had a flag mandating that we do so. (propagate_controlled_uses): Likewise. Only decrement refdesc counters when the pass_through jump function allows it. (ipa_edge_args_sum_t::duplicate): Provide a value for the new parameter of find_reference. (ipa_write_jump_function): Assert the new flag does not have to be streamed. * symtab.cc (symtab_node::find_reference): Add parameter use_type, use it in searching. gcc/testsuite/ChangeLog: 2023-04-06 Martin Jambor PR ipa/107769 PR ipa/109318 * gcc.dg/ipa/pr109318.c: New test. * gcc.dg/lto/pr107769_0.c: Likewise.
[Bug ipa/107769] [12/13 Regression] -flto with -Os/-O2/-O3 emitted code with gcc 12.x segfaults via mutated global in .rodata since r12-2887-ga6da2cddcf0e959d
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107769 --- Comment #7 from Martin Jambor --- Created attachment 54817 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54817=edit potential patch I am testing the attached patch. I'd like to think about the whole situation a bit more next week, but this seems like a way to fix this and PR 109318.
[Bug ipa/107769] [12/13 Regression] -flto with -Os/-O2/-O3 emitted code with gcc 12.x segfaults via mutated global in .rodata since r12-2887-ga6da2cddcf0e959d
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107769 --- Comment #6 from Martin Jambor --- Yes, you identified the correct commit. The same jump function is double counted (once during iPA-CP and then again during inlining) when we drop references and so an address reference is replaced with a read one. I will make this bug a priority next week.
[Bug ipa/107769] [12/13 Regression] -flto with -Os/-O2/-O3 emitted code with gcc 12.x segfaults via mutated global in .rodata since r12-2887-ga6da2cddcf0e959d
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107769 Xionghu Luo (luoxhu at gcc dot gnu.org) changed: What|Removed |Added CC||yinyuefengyi at gmail dot com --- Comment #5 from Xionghu Luo (luoxhu at gcc dot gnu.org) --- For case c#1: g__r_1 is a global variable changed in function hh, but ipa-prop think it is only loaded by reference without change then removed references in gcc/ipa-prop.cc:propagate_controlled_uses. .wpa.081i.cp: g__r_1/6 (g__r_1) Type: variable definition analyzed Visibility: semantic_interposition prevailing_def_ironly References: Referring: main/7 (addr) kk.constprop.0/16 (addr) kk.part.0.constprop.0/17 (read) Read from file: /tmp/cc3peQfe.o Availability: available Varpool flags: initialized .wpa.085i.inline: ipa-prop: Address IPA constant will reach a load so adding LOAD reference from main/7 to g__r_1/6. ipa-prop: Removed a reference from main/7 to g__r_1/6. ipa-prop: Removing cloning-created reference from kk.constprop/16 to g__r_1/6. ... g__r_1/6 (g__r_1) Type: variable definition analyzed Visibility: semantic_interposition prevailing_def_ironly References: Referring: main/7 (read) main/7 (read) kk.part.0.constprop.0/17 (read) Read from file: /tmp/cc3peQfe.o Availability: available Varpool flags: initialized It seems a bug exposed by r12-2887-ga6da2cddcf0e959d, but maybe actually caused by r12-2523-g13586172d0b70c since it fail to identify globals not read-only...
[Bug ipa/107769] [12/13 Regression] -flto with -Os/-O2/-O3 emitted code with gcc 12.x segfaults via mutated global in .rodata since r12-2887-ga6da2cddcf0e959d
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107769 Martin Jambor changed: What|Removed |Added Assignee|hubicka at gcc dot gnu.org |jamborm at gcc dot gnu.org --- Comment #4 from Martin Jambor --- Indeed, I hope I know what is going on.
[Bug ipa/107769] [12/13 Regression] -flto with -Os/-O2/-O3 emitted code with gcc 12.x segfaults via mutated global in .rodata since r12-2887-ga6da2cddcf0e959d
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107769 Richard Biener changed: What|Removed |Added Priority|P3 |P2
[Bug ipa/107769] [12/13 Regression] -flto with -Os/-O2/-O3 emitted code with gcc 12.x segfaults via mutated global in .rodata since r12-2887-ga6da2cddcf0e959d
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107769 Jan Hubicka changed: What|Removed |Added Assignee|unassigned at gcc dot gnu.org |hubicka at gcc dot gnu.org Status|NEW |ASSIGNED --- Comment #3 from Jan Hubicka --- Looks like ipa-prop loses track of uses of the variable. I will look into it more.
[Bug ipa/107769] [12/13 Regression] -flto with -Os/-O2/-O3 emitted code with gcc 12.x segfaults via mutated global in .rodata since r12-2887-ga6da2cddcf0e959d
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107769 Martin Liška changed: What|Removed |Added Summary|[12/13 Regression] -flto|[12/13 Regression] -flto |with -Os/-O2/-O3 emitted|with -Os/-O2/-O3 emitted |code with gcc 12.x |code with gcc 12.x |segfaults via mutated |segfaults via mutated |global in .rodata |global in .rodata since ||r12-2887-ga6da2cddcf0e959d CC||hubicka at gcc dot gnu.org --- Comment #2 from Martin Liška --- Started with r12-2887-ga6da2cddcf0e959d.
