GNU Arm Embedded Toolchain

ICE in lto1: Os + C++11 has missing symbol table nodes during SSA CCP pass

Bug #1289281 reported by Andrew Reading
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNU Arm Embedded Toolchain
Fix Released
Low
Terry Guo
GNU Arm Embedded Toolchain 4.9-2014-q4-major
4.9
Fix Released
Low
Terry Guo
GNU Arm Embedded Toolchain 4.9-2014-q4-major

Bug Description

Toolchain:
arm-none-eabi-g++ (GNU Tools for ARM Embedded Processors) 4.8.3 20131129 (release) [ARM/embedded-4_8-branch revision 205641]

Host:
Darwin andrewre-osx.local 13.1.0 Darwin Kernel Version 13.1.0: Thu Jan 16 19:40:37 PST 2014; root:xnu-2422.90.20~2/RELEASE_X86_64 x86_64

I've noticed segfaults in g++ while linking a large project together, but only while -flto was enabled. Removing references to these large objects fixed the segfault. Using the -flto-partition=1to1 option also fixed the segfault. I was able to recreate a test case, provided in the attached ice_lto.ii file, while using the -flto-partition=max setting.

The segfault only occurs with the -std=c++11 option, and with some optimization option greater than O0. The segfault also only occurs when the A and B global objects in ice_lto.ii are declared with the const qualifier. I took the liberty of using -v -save-temps to generate a backtrace, listed below.

-flto-partition did not exist back in 4.7.4, but linking with all the original libraries never produced an ICE, so I believe this is a regression.

To compile:
arm-none-eabi-g++ -Os -flto -flto-partition=max -std=c++11 --specs=rdimon.specs ice_lto.cpp

Crash:
lto1 crashes inside gimple-fold.c, in can_refer_decl_in_current_p(tree decl, tree from_decl), at:

  if (!from_decl
      || TREE_CODE (from_decl) != VAR_DECL
      || !DECL_EXTERNAL (from_decl)
      || (flag_ltrans
      && symtab_get_node (from_decl)->symbol.in_other_partition))
     return true;

symtab_get_node(from_decl) is returning NULL.

I am not entirely sure what is happening, but I'm guessing the optimizer folds a call into a virtual function when it does its constant expression pass, but that method has been removed?

Faulting output:
ice_lto.cpp: In function 'main':
ice_lto.cpp:41:5: internal compiler error: Segmentation fault: 11
 int main(void)
     ^

ice_lto.cpp:41:5: internal compiler error: Abort trap: 6
arm-none-eabi-g++: internal compiler error: Abort trap: 6 (program lto1)
lto-wrapper: arm-none-eabi-g++ terminated with signal 6 [Abort trap: 6]
/opt/arm-2013q4/bin/../lib/gcc/arm-none-eabi/4.8.3/../../../../arm-none-eabi/bin/ld: lto-wrapper failed
collect2: error: ld returned 1 exit status

The segfault occurs in lto1, with the following backtrace

(gdb) run -quiet -dumpbase ccr25Vgz.ltrans0.o -auxbase-strip /var/folders/ys/3p0gvsfn5994fthjtndjftf0hdymb7/T//ccr25Vgz.ltrans0.ltrans.o -Os -version -fexceptions -flto-partition=max -fltrans-output-list=/var/folders/ys/3p0gvsfn5994fthjtndjftf0hdymb7/T//ccr25Vgz.ltrans.out -fltrans @/var/folders/ys/3p0gvsfn5994fthjtndjftf0hdymb7/T//cc8scjzn -o ccr25Vgz.ltrans0.s
Starting program: /opt/arm-2013q4/lib/gcc/arm-none-eabi/4.8.3/lto1 -quiet -dumpbase ccr25Vgz.ltrans0.o -auxbase-strip /var/folders/ys/3p0gvsfn5994fthjtndjftf0hdymb7/T//ccr25Vgz.ltrans0.ltrans.o -Os -version -fexceptions -flto-partition=max -fltrans-output-list=/var/folders/ys/3p0gvsfn5994fthjtndjftf0hdymb7/T//ccr25Vgz.ltrans.out -fltrans @/var/folders/ys/3p0gvsfn5994fthjtndjftf0hdymb7/T//cc8scjzn -o ccr25Vgz.ltrans0.s

GNU GIMPLE (GNU Tools for ARM Embedded Processors) version 4.8.3 20131129 (release) [ARM/embedded-4_8-branch revision 205641] (arm-none-eabi)
 compiled by GNU C version 4.2.1 Compatible Apple LLVM 5.0 (clang-500.2.79), GMP version 4.3.2, MPFR version 2.4.2, MPC version 0.8.1
GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096
GNU GIMPLE (GNU Tools for ARM Embedded Processors) version 4.8.3 20131129 (release) [ARM/embedded-4_8-branch revision 205641] (arm-none-eabi)
 compiled by GNU C version 4.2.1 Compatible Apple LLVM 5.0 (clang-500.2.79), GMP version 4.3.2, MPFR version 2.4.2, MPC version 0.8.1
GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000002
0x00000001003aa4eb in can_refer_decl_in_current_unit_p (decl=0x142068400, from_decl=<value temporarily unavailable, due to optimizations>) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/gimple-fold.c:70
70 && symtab_get_node (from_decl)->symbol.in_other_partition))
(gdb) bt
#0 0x00000001003aa4eb in can_refer_decl_in_current_unit_p (decl=0x142068400, from_decl=<value temporarily unavailable, due to optimizations>) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/gimple-fold.c:70
#1 0x00000001003aa016 in canonicalize_constructor_val (cval=<value temporarily unavailable, due to optimizations>, from_decl=0x14161d130) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/gimple-fold.c:172
#2 0x00000001003b1ae3 in fold_ctor_reference (type=0x14206a540, ctor=<value temporarily unavailable, due to optimizations>, offset=0, size=32, from_decl=0x14161d130) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/gimple-fold.c:2944
#3 0x00000001003b23b1 in fold_ctor_reference (type=0x14206a540, ctor=<value temporarily unavailable, due to optimizations>, offset=<value temporarily unavailable, due to optimizations>, size=32, from_decl=0x14161d130) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/gimple-fold.c:2924
#4 0x00000001003b139a in fold_const_aggregate_ref_1 (t=0x14207c500, valueize=0x1006af960 <_ZL11valueize_opP9tree_node>) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/gimple-fold.c:3068
#5 0x00000001003b0ebb in gimple_fold_stmt_to_constant_1 (stmt=<value temporarily unavailable, due to optimizations>, valueize=0x1006af960 <_ZL11valueize_opP9tree_node>) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/gimple-fold.c:2520
#6 0x00000001006ac957 in ccp_fold () at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/tree-ssa-ccp.c:1060
#7 0x00000001006ac957 in evaluate_stmt (stmt=0x142073d20) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/tree-ssa-ccp.c:1505
#8 0x00000001006b00a1 in visit_assignment (stmt=0x142073d20, output_p=0x7fff5fbff5a0) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/tree-ssa-ccp.c:1988
#9 0x00000001006aaf56 in ccp_visit_stmt (stmt=0x142073d20, taken_edge_p=<value temporarily unavailable, due to optimizations>, output_p=0x7fff5fbff5a0) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/tree-ssa-ccp.c:2066
#10 0x00000001007258fa in simulate_stmt (stmt=0x142073d20) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/tree-ssa-propagate.c:314
#11 0x00000001007248b8 in ssa_propagate (visit_stmt=<value temporarily unavailable, due to optimizations>, visit_phi=<value temporarily unavailable, due to optimizations>) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/tree-ssa-propagate.c:437
#12 0x00000001006a983b in do_ssa_ccp () at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/tree-ssa-ccp.c:2112
#13 0x0000000100515d15 in execute_one_pass () at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/passes.c:2333
#14 0x000000010051657d in execute_pass_list (pass=<value temporarily unavailable, due to optimizations>) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/passes.c:2381
#15 0x000000010051658f in execute_pass_list (pass=<value temporarily unavailable, due to optimizations>) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/passes.c:2382
#16 0x000000010021b559 in _ZL23invoke_plugin_callbacksiPv [inlined] () at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/plugin.h:1640
#17 0x000000010021b559 in expand_function (node=0x142074000) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/cgraphunit.c:1643
#18 0x000000010021cd1f in expand_all_functions () at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/cgraphunit.c:1744
#19 0x000000010021cd1f in compile () at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/cgraphunit.c:2042
#20 0x0000000100028cf6 in lto_main () at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/lto/lto.c:3396
#21 0x00000001005ce85a in _ZL11timevar_pop12timevar_id_t [inlined] () at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/timevar.h:543
#22 0x00000001005ce85a in compile_file () at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/toplev.c:545
#23 0x00000001005ce68f in toplev_main (argc=15, argv=0x141103d00) at /Users/andrewre/Code/gcc-arm-none-eabi-4_8-2013q4-20131204/src/gcc/gcc/toplev.c:1864
#24 0x00007fff8cd575fd in start ()

Any advice?

Tags: ice lto
Revision history for this message
Andrew Reading (code-5) wrote :
Terry Guo (terry.guo)
Changed in gcc-arm-embedded:
assignee: nobody → Terry Guo (terry.guo)
Revision history for this message
Terry Guo (terry.guo) wrote :

Thank you for reporting issue and providing the investigation and reduced cases. Those are very helpful for us to analyze it. I can reproduce this issue on Windows and will look into it.

Changed in gcc-arm-embedded:
status: New → In Progress
Revision history for this message
Terry Guo (terry.guo) wrote :

No such issue on trunk GCC, so I guess we need some backports.

Revision history for this message
Terry Guo (terry.guo) wrote :

Managed to find which trunk commit fixed this issue. But there will be many other changes involved in order to back port this fix. GCC LTO code around this issue have been vastly changed. An incomplete back port may cause other issue. Consider this issue can be avoided by not using max partition, I would like to mark this issue as whishlist. If you have other thoughts, please share.

Changed in gcc-arm-embedded:
status: In Progress → Won't Fix
importance: Undecided → Wishlist
Revision history for this message
Joey Ye (jinyun-ye) wrote :

This issue will be fixed in 4.9 branch

Changed in gcc-arm-embedded:
milestone: none → 4.9-2014-q4-major
status: Won't Fix → Confirmed
importance: Wishlist → Low
Revision history for this message
Andrew Reading (code-5) wrote :

Thanks for looking into this.

In the meantime, I have been working around the issue by adding -flto-partition=1to1 to all my command line options. Would it be reasonable to make 1to1 the default partitioner just for this 4.8 branch, or could this cause other problems?

Revision history for this message
Terry Guo (terry.guo) wrote :

I can confirm that issue is fixed in latest 4.9 major release. Please try with it. Thanks.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.