Re: [COMMITTED] Fix debug/60438 -- i686 stack vs fp operations

Sat, 26 Apr 2014 02:28:23 -0700 

On 13-03-14 21:49, Richard Henderson wrote:

  (define_expand "ldexpxf3"
-  [(set (match_dup 3)
-       (float:XF (match_operand:SI 2 "register_operand")))
-   (parallel [(set (match_operand:XF 0 " register_operand")
-                  (unspec:XF [(match_operand:XF 1 "register_operand")
-                              (match_dup 3)]
-                             UNSPEC_FSCALE_FRACT))
-             (set (match_dup 4)
-                  (unspec:XF [(match_dup 1) (match_dup 3)]
-                             UNSPEC_FSCALE_EXP))])]
+  [(match_operand:XF 0 "register_operand")
+   (match_operand:XF 1 "register_operand")
+   (match_operand:SI 2 "register_operand")]
    "TARGET_USE_FANCY_MATH_387
     && flag_unsafe_math_optimizations"
  {
@@ -14808,6 +14633,11 @@

    operands[3] = gen_reg_rtx (XFmode);
    operands[4] = gen_reg_rtx (XFmode);
+
+  emit_insn (gen_floatsixf2 (operands[3], operands[2]));
+  emit_insn (gen_fscalexf4_i387 (operands[0], operands[4],
+                                 operands[1], operands[3]));
+  DONE;
  })


Richard,

For a non-bootstrap x86_64 build, gcc.dg/builtins-34.c fails for me with a 
sigsegv.

I've traced it back to this code in insn-emit.c:
...
rtx
gen_ldexpxf3 (rtx operand0,
        rtx operand1,
        rtx operand2)
{
  rtx _val = 0;
  start_sequence ();
  {
    rtx operands[3];
    operands[0] = operand0;
    operands[1] = operand1;
    operands[2] = operand2;

{
  if (optimize_insn_for_size_p ())
    FAIL;

  operands[3] = gen_reg_rtx (XFmode);
  operands[4] = gen_reg_rtx (XFmode);
...

operands is declared with size 3, and operands[3,4] accesses are out of bounds.
I've done a minimal build with attached patch, and reran the test-case, which passes now. 

OK if bootstrap succeeds?

Thanks,
- Tom

2014-04-26  Tom de Vries  <t...@codesourcery.com>

	* config/i386/i386.md (define_expand "ldexpxf3"): Fix out-of-bounds
	array accesses.
---
 gcc/config/i386/i386.md | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/gcc/config/i386/i386.md b/gcc/config/i386/i386.md
index 25e2e93..9f103cf 100644
--- a/gcc/config/i386/i386.md
+++ b/gcc/config/i386/i386.md
@@ -14427,15 +14427,16 @@
   "TARGET_USE_FANCY_MATH_387
    && flag_unsafe_math_optimizations"
 {
+  rtx tmp1, tmp2;
   if (optimize_insn_for_size_p ())
     FAIL;
 
-  operands[3] = gen_reg_rtx (XFmode);
-  operands[4] = gen_reg_rtx (XFmode);
+  tmp1 = gen_reg_rtx (XFmode);
+  tmp2 = gen_reg_rtx (XFmode);
 
-  emit_insn (gen_floatsixf2 (operands[3], operands[2]));
-  emit_insn (gen_fscalexf4_i387 (operands[0], operands[4],
-                                 operands[1], operands[3]));
+  emit_insn (gen_floatsixf2 (tmp1, operands[2]));
+  emit_insn (gen_fscalexf4_i387 (operands[0], tmp2,
+                                 operands[1], tmp1));
   DONE;
 })
 
-- 
1.8.3.2

Reply via email to