From patchwork Tue Sep 6 17:55:12 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Martin Jambor X-Patchwork-Id: 113652 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) by ozlabs.org (Postfix) with SMTP id 5160AB6F77 for ; Wed, 7 Sep 2011 03:55:33 +1000 (EST) Received: (qmail 29099 invoked by alias); 6 Sep 2011 17:55:31 -0000 Received: (qmail 29091 invoked by uid 22791); 6 Sep 2011 17:55:30 -0000 X-SWARE-Spam-Status: No, hits=-3.4 required=5.0 tests=AWL,BAYES_00 X-Spam-Check-By: sourceware.org Received: from cantor2.suse.de (HELO mx2.suse.de) (195.135.220.15) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 06 Sep 2011 17:55:13 +0000 Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.221.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx2.suse.de (Postfix) with ESMTP id 68CD38A908; Tue, 6 Sep 2011 19:55:12 +0200 (CEST) Date: Tue, 6 Sep 2011 19:55:12 +0200 From: Martin Jambor To: GCC Patches Cc: Jan Hubicka Subject: [PATCH, PR 50301] Missing checks of number of actual arguments in IPA-CP Message-ID: <20110906175511.GD21263@virgil.arch.suse.de> Mail-Followup-To: GCC Patches , Jan Hubicka MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-IsSubscribed: yes Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Hi, somehow I lost two hunks in the patch allowing IPA-CP to process functions with variable number of arguments and one of these omissions caused PR 50301 (416.gamess LTO miscompilation). The two hunks check the number of actual arguments in two places of IPA-CP which are not executed so often and where we currently can get an out-of-bounds VECtor failure. Bootstrapped and tested on x86_64-linux, I have verified gmaess LTO-builds with it. OK for trunk? Thanks, Martin 2011-09-06 Martin Jambor PR middle-end/50301 * ipa-cp.c (find_more_values_for_callers_subset): Check jump function index bounds. (perhaps_add_new_callers): Likewise. Index: src/gcc/ipa-cp.c =================================================================== --- src.orig/gcc/ipa-cp.c +++ src/gcc/ipa-cp.c @@ -2052,8 +2052,12 @@ find_more_values_for_callers_subset (str struct ipa_jump_func *jump_func; tree t; + if (i >= ipa_get_cs_argument_count (IPA_EDGE_REF (cs))) + { + newval = NULL_TREE; + break; + } jump_func = ipa_get_ith_jump_func (IPA_EDGE_REF (cs), i); - t = ipa_value_from_jfunc (IPA_NODE_REF (cs->caller), jump_func); if (!t || (newval @@ -2123,6 +2127,11 @@ perhaps_add_new_callers (struct cgraph_n if (!val) continue; + if (i >= ipa_get_cs_argument_count (args)) + { + insufficient = true; + break; + } jump_func = ipa_get_ith_jump_func (args, i); t = ipa_value_from_jfunc (caller_info, jump_func); if (!t || !values_equal_for_ipcp_p (val, t))