diff mbox

[PR,50301] Missing checks of number of actual arguments in IPA-CP

Message ID 20110906175511.GD21263@virgil.arch.suse.de
State New
Headers show

Commit Message

Martin Jambor Sept. 6, 2011, 5:55 p.m. UTC 
Hi,

somehow I lost two hunks in the patch allowing IPA-CP to process
functions with variable number of arguments and one of these omissions
caused PR 50301 (416.gamess LTO miscompilation).  The two hunks check
the number of actual arguments in two places of IPA-CP which are not
executed so often and where we currently can get an out-of-bounds
VECtor failure.

Bootstrapped and tested on x86_64-linux, I have verified gmaess
LTO-builds with it.  OK for trunk?

Thanks,

Martin


2011-09-06  Martin Jambor  <mjambor@suse.cz>

	PR middle-end/50301
	* ipa-cp.c (find_more_values_for_callers_subset): Check jump
	function index bounds.
	(perhaps_add_new_callers): Likewise.

Comments

Jan Hubicka Sept. 6, 2011, 9:52 p.m. UTC | #1 
> Hi,
> 
> somehow I lost two hunks in the patch allowing IPA-CP to process
> functions with variable number of arguments and one of these omissions
> caused PR 50301 (416.gamess LTO miscompilation).  The two hunks check
> the number of actual arguments in two places of IPA-CP which are not
> executed so often and where we currently can get an out-of-bounds
> VECtor failure.
> 
> Bootstrapped and tested on x86_64-linux, I have verified gmaess
> LTO-builds with it.  OK for trunk?

OK,
thanks
Honza
> 
> Thanks,
> 
> Martin
> 
> 
> 2011-09-06  Martin Jambor  <mjambor@suse.cz>
> 
> 	PR middle-end/50301
> 	* ipa-cp.c (find_more_values_for_callers_subset): Check jump
> 	function index bounds.
> 	(perhaps_add_new_callers): Likewise.
> 
> Index: src/gcc/ipa-cp.c
> ===================================================================
> --- src.orig/gcc/ipa-cp.c
> +++ src/gcc/ipa-cp.c
> @@ -2052,8 +2052,12 @@ find_more_values_for_callers_subset (str
>  	  struct ipa_jump_func *jump_func;
>  	  tree t;
>  
> +          if (i >= ipa_get_cs_argument_count (IPA_EDGE_REF (cs)))
> +            {
> +              newval = NULL_TREE;
> +              break;
> +            }
>  	  jump_func = ipa_get_ith_jump_func (IPA_EDGE_REF (cs), i);
> -
>  	  t = ipa_value_from_jfunc (IPA_NODE_REF (cs->caller), jump_func);
>  	  if (!t
>  	      || (newval
> @@ -2123,6 +2127,11 @@ perhaps_add_new_callers (struct cgraph_n
>  		  if (!val)
>  		    continue;
>  
> +		  if (i >= ipa_get_cs_argument_count (args))
> +		    {
> +		      insufficient = true;
> +		      break;
> +		    }
>  		  jump_func = ipa_get_ith_jump_func (args, i);
>  		  t = ipa_value_from_jfunc (caller_info, jump_func);
>  		  if (!t || !values_equal_for_ipcp_p (val, t))
diff mbox

Patch

Index: src/gcc/ipa-cp.c
===================================================================
--- src.orig/gcc/ipa-cp.c
+++ src/gcc/ipa-cp.c
@@ -2052,8 +2052,12 @@  find_more_values_for_callers_subset (str
 	  struct ipa_jump_func *jump_func;
 	  tree t;
 
+          if (i >= ipa_get_cs_argument_count (IPA_EDGE_REF (cs)))
+            {
+              newval = NULL_TREE;
+              break;
+            }
 	  jump_func = ipa_get_ith_jump_func (IPA_EDGE_REF (cs), i);
-
 	  t = ipa_value_from_jfunc (IPA_NODE_REF (cs->caller), jump_func);
 	  if (!t
 	      || (newval
@@ -2123,6 +2127,11 @@  perhaps_add_new_callers (struct cgraph_n
 		  if (!val)
 		    continue;
 
+		  if (i >= ipa_get_cs_argument_count (args))
+		    {
+		      insufficient = true;
+		      break;
+		    }
 		  jump_func = ipa_get_ith_jump_func (args, i);
 		  t = ipa_value_from_jfunc (caller_info, jump_func);
 		  if (!t || !values_equal_for_ipcp_p (val, t))