[Bug ipa/96394] [10/11 Regression] ICE in add_new_edges_to_heap, at ipa-inline.c:1746 (-O3 PGO)

Thu, 24 Sep 2020 03:32:29 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96394

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |10.3
           Priority|P3                          |P1
                 CC|                            |jamborm at gcc dot gnu.org

--- Comment #13 from Martin Liška <marxin at gcc dot gnu.org> ---
Thank you Sergei for the reduced test-case. What happens:

(gdb) p ie->caller->debug()
ai/1 (ai) @0x7ffff772b168
  Type: function definition analyzed
  Visibility: prevailing_def_ironly
  previous sharing asm name: 8
  References: table/5 (addr) ap/4 (addr) (speculative) ag/0 (addr)
(speculative) 
  Referring: 
  Function ai/1 is inline copy in h/3
  Availability: local
  Profile id: 1923518911
  Function flags: count:4 (precise) first_run:4 body local hot
  Called by: h/3 (inlined) (4 (precise),1.00 per call) 
  Calls: ag/7 (speculative) (inlined) (2 (adjusted),0.50 per call) ap/4
(speculative) (2 (adjusted),0.50 per call) PyErr_Format/6 (0 (precise),0.00 per
call) 
   Indirect call(speculative) (0 (adjusted),0.00 per call)  of param:1 (vptr
maybe changed) Num speculative call targets: 2

We first enqueu the edge ai/1 -> ap/4 and then ipa_make_edge_direct_to_target
is called for the Indirect call (with speculative=false) and we end up:

(gdb) p ie->caller->debug()
ai/1 (ai) @0x7ffff772b168
  Type: function definition analyzed
  Visibility: prevailing_def_ironly
  previous sharing asm name: 8
  References: table/5 (addr) 
  Referring: 
  Function ai/1 is inline copy in h/3
  Availability: local
  Profile id: 1923518911
  Function flags: count:4 (precise) first_run:4 body local hot
  Called by: h/3 (inlined) (4 (precise),1.00 per call) 
  Calls: ap/4 (4 (adjusted),1.00 per call) PyErr_Format/6 (0 (precise),0.00 per
call) 

and we add the edge again to the heap in ipa-prop:
  3830                new_edges->safe_push (new_direct_edge);

and we ICE due to that. I tried not to add the edge in case
new_direct_edge->aux is NULL, but a sanity check in inliner fails:

during IPA pass: inline
parsermodule.c:35:1: internal compiler error: in estimate_calls_size_and_time,
at ipa-fnsummary.c:3328
   35 | int ap(entry *j) { return ai(j, ag, 14, 4); }
      | ^~~

So I guess a profile masage is needed. Leaving to Martin as he's more familiar
with IPA PROP. Something similar to ipa-prop.c:3309-3316?

Reply via email to