Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 734006

Summary: sys-devel/gcc-10.1.0-r2: ICE in in add_new_edges_to_heap, at ipa-inline.c:1746
Product: Gentoo Linux Reporter: Ștefan Talpalaru <stefantalpalaru>
Component: Current packagesAssignee: Gentoo Toolchain Maintainers <toolchain>
Status: RESOLVED FIXED    
Severity: normal CC: sam
Priority: Normal    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
URL: https://gcc.gnu.org/PR96394
See Also: https://bugs.gentoo.org/show_bug.cgi?id=914578
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: build.log
emerge --info
38_all_gcov-TOPN-PR96913.patch
gcc-10-ipa-prop-spec-PR96394.patch

Description Ștefan Talpalaru 2020-07-26 21:25:49 UTC
When builing dev-lang/tauthon-2.8.2 from https://github.com/stefantalpalaru/gentoo-overlay I get this:

x86_64-pc-linux-gnu-gcc -pthread -fPIC -fno-strict-aliasing -O3 -march=native -mlwp -pipe -fwrapv -DNDEBUG -fprofile-generate -flto -fuse-linker-plugin
 -ffat-lto-objects -flto-partition=none -g -I. -I/var/tmp/portage/dev-lang/tauthon-2.8.2/work/tauthon-2.8.2/Include -I/var/tmp/portage/dev-lang/tauthon
-2.8.2/work/x86_64-pc-linux-gnu -c /var/tmp/portage/dev-lang/tauthon-2.8.2/work/tauthon-2.8.2/Modules/parsermodule.c -o build/temp.linux-x86_64-2.8/var
/tmp/portage/dev-lang/tauthon-2.8.2/work/tauthon-2.8.2/Modules/parsermodule.o

[...]

x86_64-pc-linux-gnu-gcc -pthread -fPIC -fno-strict-aliasing -O3 -march=native -mlwp -pipe -fwrapv -DNDEBUG -fprofile-use -fprofile-correction -flto -fuse-linker-plugin -ffat-lto-objects -flto-partition=none -g -I. -I/var/tmp/portage/dev-lang/tauthon-2.8.2/work/tauthon-2.8.2/Include -I/var/tmp/portage/dev-lang/tauthon-2.8.2/work/x86_64-pc-linux-gnu -c /var/tmp/portage/dev-lang/tauthon-2.8.2/work/tauthon-2.8.2/Modules/parsermodule.c -o build/temp.linux-x86_64-2.8/var/tmp/portage/dev-lang/tauthon-2.8.2/work/tauthon-2.8.2/Modules/parsermodule.o
during IPA pass: inline
/var/tmp/portage/dev-lang/tauthon-2.8.2/work/tauthon-2.8.2/Modules/parsermodule.c:3760:1: internal compiler error: in add_new_edges_to_heap, at ipa-inline.c:1746
 3760 | }
      | ^


Reproducible: Always
Comment 1 Ștefan Talpalaru 2020-07-26 21:27:21 UTC
Created attachment 650902 [details]
build.log
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-26 22:47:37 UTC
Could you please follow https://wiki.gentoo.org/wiki/Gcc-ICE-reporting-guide?

Thanks!
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-26 22:47:51 UTC
(And include emerge --info)
Comment 4 Ștefan Talpalaru 2020-07-27 00:40:34 UTC
Created attachment 650904 [details]
emerge --info
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2020-07-28 07:13:31 UTC
Reproduced locally as well. Somehow gcc-11 makes trained pass to hang, thus unclear if gcc-master is affected. Had to fall back to gcc-10.2.

"""
$ CC=gcc-10.2.0 CXX=g++-10.2.0 CFLAGS="-O3 -march=native -mlwp -pipe" CXXFLAGS="-O3 -march=native -mlwp -pipe" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--sort-common" MAKEOPTS="-j9 -l9" USE=berkdb ebuild tauthon-2.8.2.ebuild clean compile

...

/tmp/portage/dev-lang/tauthon-2.8.2/work/tauthon-2.8.2/Modules/parsermodule.c:3760:1: внутренняя ошибка компилятора: в add_new_edges_to_heap, в ipa-inline.c:1746
 3760 | }
      | ^
0x5df6c3 add_new_edges_to_heap
        /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/ipa-inline.c:1746
0x13894ea inline_small_functions
        /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/ipa-inline.c:2210
0x13894ea ipa_inline
        /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/ipa-inline.c:2689
0x13894ea execute
        /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/ipa-inline.c:3091
Отправьте подробное сообщение об ошибке
с препроцессированным исходным кодом.

Please include the complete backtrace with any bug report.
Инструкции см. в <https://bugs.gentoo.org/>.
"""
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2020-07-28 21:29:00 UTC
Function summary is missing at 'ipa_fn_summary *caller_info = ipa_fn_summaries->get (caller);' for unknown reason. Need to find out if it's expected not to have summary here (when we need to guard with presence) or something else destroyed summary.

Raw backtrace:
"""
Breakpoint 2, internal_error (gmsgid=gmsgid@entry=0x1c5f3da "in %s, at %s:%d") at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/diagnostic.c:1706
1706    {
(gdb) bt
#0  internal_error (gmsgid=gmsgid@entry=0x1c5f3da "in %s, at %s:%d") at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/diagnostic.c:1706
#1  0x00000000005e26e8 in fancy_abort (file=file@entry=0x1bf7e18 "/tmp/portage-tmpdir/portage/sys-devel/gcc-10.2.0/work/gcc-10.2.0/gcc/ipa-inline.c", line=line@entry=1746,
    function=function@entry=0x1bf7c67 "add_new_edges_to_heap") at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/diagnostic.c:1778
#2  0x00000000005df6c4 in add_new_edges_to_heap (heap=0x7fffffffd240, new_edges=...) at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/ipa-inline.c:1236
#3  0x00000000013894eb in inline_small_functions () at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/ipa-inline.c:2210
#4  ipa_inline () at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/ipa-inline.c:2689
#5  (anonymous namespace)::pass_ipa_inline::execute (this=<optimized out>) at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/ipa-inline.c:3091
#6  0x0000000000a53218 in execute_one_pass (pass=0x372f9d0) at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/passes.c:2502
#7  0x0000000000a54057 in execute_ipa_pass_list (pass=0x372f9d0) at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/passes.c:2929
#8  0x000000000073e318 in ipa_passes () at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/cgraphunit.c:2678
#9  symbol_table::compile (this=0x7fffea475100) at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/cgraphunit.c:2755
#10 0x000000000074000d in symbol_table::compile (this=0x7fffea475100) at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/cgraphunit.c:3002
#11 symbol_table::finalize_compilation_unit (this=0x7fffea475100) at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/cgraphunit.c:3002
#12 0x0000000000b17c01 in compile_file () at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/toplev.c:483
#13 0x00000000005e5b28 in do_compile () at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/toplev.c:2282
#14 toplev::main (this=this@entry=0x7fffffffd4c6, argc=<optimized out>, argc@entry=20, argv=<optimized out>, argv@entry=0x7fffffffd5d8)
    at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/toplev.c:2421
#15 0x00000000005e96ac in main (argc=20, argv=0x7fffffffd5d8) at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/main.c:39
(gdb) fr 2
#2  0x00000000005df6c4 in add_new_edges_to_heap (heap=0x7fffffffd240, new_edges=...) at /usr/src/debug/sys-devel/gcc-10.2.0/gcc-10.2.0/gcc/ipa-inline.c:1236
1236              int caller_growth = caller_info->growth;
(gdb) list
1231                      /* ... and do not overwrite user specified hints.   */
1232                      && (!DECL_DECLARED_INLINE_P (edge->callee->decl)
1233                          || DECL_DECLARED_INLINE_P (caller->decl)))))
1234            {
1235              ipa_fn_summary *caller_info = ipa_fn_summaries->get (caller);
1236              int caller_growth = caller_info->growth;
1237
1238              /* Only apply the penalty when caller looks like inline candidate,
1239                 and it is not called once.  */
1240              if (!caller_info->single_caller && overall_growth < caller_growth
"""
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2020-07-30 22:49:56 UTC
I'll need some help understanding why edge was possibly traversed twice in ipa-inline.c. Filed https://gcc.gnu.org/PR96394 upstream.
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2020-09-06 11:56:21 UTC
Created attachment 658746 [details, diff]
38_all_gcov-TOPN-PR96913.patch

That was a long journey. I think I understand failure mode now: when profiled binary is ran it usually writes .gcda files on disk. .gcda files contain various profiling counters: branches taken, top most frequent values for some expressions (to later speculate in most likely values).

Two types of counters (all TOPN coutners) were not streamed correctly on disk if counter was counted by one shared library (_struct.so or _json.so  in our case) and was written on dist with another (libtauthon.so in our case).

It happens because type of counter type is detected by the address of their streamer function. But streamer function is duplicated across every shared object (by design). As a result some counters were incorrectly identified ans no-TOPN counters and garbage data was written as a counter.

Garbage data was fed into inliner and it found out all sorts of strange things about the program. The main one was a dead code elimination (no calls to a function) of a function that was needed to be speculated into indirect call (function was in topn of indirection).

Attached 38_all_gcov-TOPN-PR96913.patch should fix streaming of TOPN counters.

If you are feeling brave you can try the patch by dropping it to /etc/portage/patches/sys-devel/gcc:10 and rebuild gcc and tauthon.
Comment 9 Ștefan Talpalaru 2020-09-06 17:08:02 UTC
Patch applied to gcc-10.2.0-r1, but it doesn't change anything. I get the same ICE in the same place..
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2020-09-06 19:10:44 UTC
Ah, that's unfortunate. Will have a closer eye on gcc-10's difference from gcc-11.

Thanks for the test!
Comment 11 Larry the Git Cow gentoo-dev 2020-09-10 21:38:40 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/gcc-patches.git/commit/?id=bb00f570a7d3f1d0e4233f8d353fb9c56f3a55cc

commit bb00f570a7d3f1d0e4233f8d353fb9c56f3a55cc
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2020-09-10 21:37:36 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-09-10 21:37:36 +0000

    10.2.0: fix TOPN counters when logged from shared library
    
    The change does not yet fix underlying problem of recursive inliner.
    
    Bug: https://gcc.gnu.org/PR96913
    Bug: https://gcc.gnu.org/PR96394
    Bug: https://bugs.gentoo.org/734006
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 10.2.0/gentoo/38_all_gcov-TOPN-PR96913.patch | 42 ++++++++++++++++++++++++++++
 10.2.0/gentoo/README.history                 |  1 +
 2 files changed, 43 insertions(+)
Comment 12 Sergei Trofimovich (RETIRED) gentoo-dev 2020-09-25 22:55:17 UTC
Created attachment 662476 [details, diff]
gcc-10-ipa-prop-spec-PR96394.patch

Upstream is working on a patch. A safe draft is gcc-10-ipa-prop-spec-PR96394.patch (attached).
Comment 13 Sergei Trofimovich (RETIRED) gentoo-dev 2020-09-25 22:58:32 UTC
Probably not enough. Fails for me as:

$ ccache /home/slyfox/dev/git/gcc-native-quick-ggdb3/gcc/xgcc -B/home/slyfox/dev/git/gcc-native-quick-ggdb3/gcc -O2 -c -fprofile-generate parsermodule.c -o parsermodule.o
during IPA pass: inline
parsermodule.c:35:1: internal compiler error: in first_speculative_call_target, at cgraph.c:1134
   35 | int ap(entry *j) { return ai(j, ag, 14, 4); }
      | ^~~
0x6ad466 cgraph_edge::first_speculative_call_target()
        ../../gcc/gcc/cgraph.c:1134
0xa6a5b3 update_indirect_edges_after_inlining
        ../../gcc/gcc/ipa-prop.c:3792
0xa6abac propagate_info_to_inlined_callees
        ../../gcc/gcc/ipa-prop.c:3904
0xa6b33d ipa_propagate_indirect_call_infos(cgraph_edge*, vec<cgraph_edge*, va_heap, vl_ptr>*)
        ../../gcc/gcc/ipa-prop.c:4066
0xa3fc13 inline_call(cgraph_edge*, bool, vec<cgraph_edge*, va_heap, vl_ptr>*, int*, bool, bool*)
        ../../gcc/gcc/ipa-inline-transform.c:494
0x1f3b962 inline_small_functions
        ../../gcc/gcc/ipa-inline.c:2216
0x1f3d7f6 ipa_inline
        ../../gcc/gcc/ipa-inline.c:2697
0x1f3e6e8 execute
        ../../gcc/gcc/ipa-inline.c:3099
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
Comment 14 Sergei Trofimovich (RETIRED) gentoo-dev 2020-10-02 09:11:37 UTC
(In reply to Sergei Trofimovich from comment #13)
> Probably not enough. Fails for me as:
> 
> $ ccache /home/slyfox/dev/git/gcc-native-quick-ggdb3/gcc/xgcc
> -B/home/slyfox/dev/git/gcc-native-quick-ggdb3/gcc -O2 -c -fprofile-generate
> parsermodule.c -o parsermodule.o

I think I poisoned local .gcda files with ccache.

After a cache cleanup the patch works fine.
Comment 15 Larry the Git Cow gentoo-dev 2020-10-02 09:13:05 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/gcc-patches.git/commit/?id=7bf989ed8b53a13de6a6551b7f346b1dcadf5966

commit 7bf989ed8b53a13de6a6551b7f346b1dcadf5966
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2020-10-02 09:12:10 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-10-02 09:12:10 +0000

    10.2.0: fix multiple speculation resolution on prog builds
    
    Reported-by: Ștefan Talpalaru
    Bug: https://gcc.gnu.org/PR96394
    Bug: https://bugs.gentoo.org/734006
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 10.2.0/gentoo/39_all_ipa-prop-multispec.patch | 150 ++++++++++++++++++++++++++
 10.2.0/gentoo/README.history                  |   1 +
 2 files changed, 151 insertions(+)
Comment 16 Larry the Git Cow gentoo-dev 2020-10-02 09:33:15 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/gcc-patches.git/commit/?id=b4972ce62b04aafc6061836a92f0cebbadd80d7a

commit b4972ce62b04aafc6061836a92f0cebbadd80d7a
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2020-10-02 09:22:40 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-10-02 09:22:40 +0000

    10.2.0: cut 3 patchset
    
    three new patches:
    + 37_all_c-vector-init-PR96377.patch: fix vector init on arm
    + 38_all_gcov-TOPN-PR96913.patch: fix TOPN prof counters in
      shared libraries
    + 39_all_ipa-prop-multispec.patch: fix multiple speculation
      resolution on prof builds
    
    Bug: https://gcc.gnu.org/PR96377
    Bug: https://gcc.gnu.org/PR96913
    Bug: https://bugs.gentoo.org/734006
    Bug: https://gcc.gnu.org/PR96394
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 10.2.0/gentoo/README.history | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 17 Larry the Git Cow gentoo-dev 2020-10-02 09:33:54 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e8cecb7fb4585f63eaec14c2916cf7e8c30ab59

commit 0e8cecb7fb4585f63eaec14c2916cf7e8c30ab59
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2020-10-02 09:33:20 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-10-02 09:33:50 +0000

    sys-devel/gcc: 10.2.0: cut 3 patchset
    
    three new patches:
    + 37_all_c-vector-init-PR96377.patch: fix vector init on arm
    + 38_all_gcov-TOPN-PR96913.patch: fix TOPN prof counters in
      shared libraries
    + 39_all_ipa-prop-multispec.patch: fix multiple speculation
      resolution on prof builds
    
    Bug: https://gcc.gnu.org/PR96377
    Bug: https://gcc.gnu.org/PR96913
    Closes: https://bugs.gentoo.org/734006
    Bug: https://gcc.gnu.org/PR96394
    Package-Manager: Portage-3.0.8, Repoman-3.0.1
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 sys-devel/gcc/Manifest             |  1 +
 sys-devel/gcc/gcc-10.2.0-r2.ebuild | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)
Comment 18 Sergei Trofimovich (RETIRED) gentoo-dev 2020-10-02 09:35:22 UTC
With TOPN and fix for multiple speculations fix I expect gcc-10.2.0-r2 to work.
Comment 19 Ștefan Talpalaru 2020-10-03 01:22:25 UTC
Yes, the problem is resolved by gcc-10.2.0-r2. Thanks!