ipa-devirt: Fix crash in obj_type_ref_class [PR95114]

The testcase has failed since r9-5035, because obj_type_ref_class
tries to look up an ODR type when no ODR type information is
available.  (The information was available earlier in the
compilation, but was freed during pass_ipa_free_lang_data.)
We then crash dereferencing the null get_odr_type result.

The test passes with -O2.  However, it fails again if -fdump-tree-all
is used, since obj_type_ref_class is called indirectly from the
dump routines.

Other code creates ODR type entries on the fly by passing “true”
as the insert parameter.  But obj_type_ref_class can't do that
unconditionally, since it should have no side-effects when used
from the dumping code.

Following a suggestion from Honza, this patch adds parameters
to say whether the routines are being called from dump routines
and uses those to derive the insert parameter.

gcc/
	PR middle-end/95114
	* tree.h (virtual_method_call_p): Add a default-false parameter
	that indicates whether the function is being called from dump
	routines.
	(obj_type_ref_class): Likewise.
	* tree.c (virtual_method_call_p): Likewise.
	* ipa-devirt.c (obj_type_ref_class): Likewise.  Lazily add ODR
	type information for the type when the parameter is false.
	* tree-pretty-print.c (dump_generic_node): Update calls to
	virtual_method_call_p and obj_type_ref_class accordingly.

gcc/testsuite/
	PR middle-end/95114
	* g++.target/aarch64/pr95114.C: New test.

diff --git a/gcc/ipa-devirt.c b/gcc/ipa-devirt.c
index 0340decba9b1431b7337a16d9c715358b62eab5b..3ab7049734ff0984291c2f8a673dd4395191d729 100644 (file)
--- a/gcc/ipa-devirt.c
+++ b/gcc/ipa-devirt.c
@@ -1883,10 +1883,11 @@ add_type_duplicate (odr_type val, tree type)
   return build_bases;
 }
 
-/* REF is OBJ_TYPE_REF, return the class the ref corresponds to.  */
+/* REF is OBJ_TYPE_REF, return the class the ref corresponds to.
+   FOR_DUMP_P is true when being called from the dump routines.  */
 
 tree
-obj_type_ref_class (const_tree ref)
+obj_type_ref_class (const_tree ref, bool for_dump_p)
 {
   gcc_checking_assert (TREE_CODE (ref) == OBJ_TYPE_REF);
   ref = TREE_TYPE (ref);
@@ -1902,8 +1903,10 @@ obj_type_ref_class (const_tree ref)
   tree ret = TREE_TYPE (ref);
   if (!in_lto_p && !TYPE_STRUCTURAL_EQUALITY_P (ret))
     ret = TYPE_CANONICAL (ret);
+  else if (odr_type ot = get_odr_type (ret, !for_dump_p))
+    ret = ot->type;
   else
-    ret = get_odr_type (ret)->type;
+    gcc_assert (for_dump_p);
   return ret;
 }
 

diff --git a/gcc/testsuite/g++.target/aarch64/pr95114.C b/gcc/testsuite/g++.target/aarch64/pr95114.C
new file mode 100644 (file)
index 0000000..1689159
--- /dev/null
+++ b/gcc/testsuite/g++.target/aarch64/pr95114.C
@@ -0,0 +1,3 @@
+template<typename T> struct foo { virtual void f() = 0; };
+extern foo<__Int8x8_t> &x;
+void f() { x.f(); }

diff --git a/gcc/tree-pretty-print.c b/gcc/tree-pretty-print.c
index 4f50f37b0da5aadb12bfc3219164acd391812d7f..be1ed906c1d0520039322f2ab3758d297cb9ddf3 100644 (file)
--- a/gcc/tree-pretty-print.c
+++ b/gcc/tree-pretty-print.c
@@ -3167,10 +3167,11 @@ dump_generic_node (pretty_printer *pp, tree node, int spc, dump_flags_t flags,
         libstdc++-prettyprinters/shared_ptr.cc with and without -g,
         for example, at occurrences of OBJ_TYPE_REF.  */
       if (!(flags & (TDF_SLIM | TDF_COMPARE_DEBUG))
-         && virtual_method_call_p (node))
+         && virtual_method_call_p (node, true))
        {
          pp_string (pp, "(");
-         dump_generic_node (pp, obj_type_ref_class (node), spc, flags, false);
+         dump_generic_node (pp, obj_type_ref_class (node, true),
+                            spc, flags, false);
          pp_string (pp, ")");
        }
       dump_generic_node (pp, OBJ_TYPE_REF_OBJECT (node), spc, flags, false);

diff --git a/gcc/tree.c b/gcc/tree.c
index 342da55bba7efd2bbf0c129ff224062a7a780bb3..3d9968fd7a01ff942c40df69804b12ab3be09a4f 100644 (file)
--- a/gcc/tree.c
+++ b/gcc/tree.c
@@ -12810,10 +12810,11 @@ lhd_gcc_personality (void)
    OBJ_TYPE_REF representing an virtual call of C++ method.
    (As opposed to OBJ_TYPE_REF representing objc calls
    through a cast where middle-end devirtualization machinery
-   can't apply.) */
+   can't apply.)  FOR_DUMP_P is true when being called from
+   the dump routines.  */
 
 bool
-virtual_method_call_p (const_tree target)
+virtual_method_call_p (const_tree target, bool for_dump_p)
 {
   if (TREE_CODE (target) != OBJ_TYPE_REF)
     return false;
@@ -12826,7 +12827,7 @@ virtual_method_call_p (const_tree target)
   /* If we do not have BINFO associated, it means that type was built
      without devirtualization enabled.  Do not consider this a virtual
      call.  */
-  if (!TYPE_BINFO (obj_type_ref_class (target)))
+  if (!TYPE_BINFO (obj_type_ref_class (target, for_dump_p)))
     return false;
   return true;
 }

diff --git a/gcc/tree.h b/gcc/tree.h
index cf546ed9491309b57bd0f170af2987caaa7b43bd..866d9ba8fbca2fe93ffebf2673112cfdb5900857 100644 (file)
--- a/gcc/tree.h
+++ b/gcc/tree.h
@@ -5241,8 +5241,8 @@ extern location_t *block_nonartificial_location (tree);
 extern location_t tree_nonartificial_location (tree);
 extern tree block_ultimate_origin (const_tree);
 extern tree get_binfo_at_offset (tree, poly_int64, tree);
-extern bool virtual_method_call_p (const_tree);
-extern tree obj_type_ref_class (const_tree ref);
+extern bool virtual_method_call_p (const_tree, bool = false);
+extern tree obj_type_ref_class (const_tree ref, bool = false);
 extern bool types_same_for_odr (const_tree type1, const_tree type2);
 extern bool contains_bitfld_component_ref_p (const_tree);
 extern bool block_may_fallthru (const_tree);