Hi,
my previous fix to ipa-prop actually causes ipa-cp to ICE during FDO build of
firefox.
What happens is that we produce speculative call that is off and leads to a
method with
wrong number of parameters.
It would probably make a lot of sense to validate devirtualization with the
actual type
of the call, but we do not have that handy, so this patch simply makes ipa-cp
to not ICE.
Obviously in a valid program those wrong devirtualizations should be never
executed.
Bootstrapped/regtested x86_64-linux, will commit it shortly.
Honza
* ipa-cp.c (ipa_value_from_jfunc, ipa_context_from_jfunc): Check
bound on number of arguments.
Index: ipa-cp.c
===================================================================
--- ipa-cp.c (revision 220433)
+++ ipa-cp.c (working copy)
@@ -942,7 +942,8 @@ ipa_value_from_jfunc (struct ipa_node_pa
{
ipcp_lattice<tree> *lat;
- if (!info->lattices)
+ if (!info->lattices
+ || idx >= ipa_get_param_count (info))
return NULL_TREE;
lat = ipa_get_scalar_lat (info, idx);
if (!lat->is_single_const ())
@@ -1004,7 +1005,8 @@ ipa_context_from_jfunc (ipa_node_params
}
else
{
- if (!info->lattices)
+ if (!info->lattices
+ || srcidx >= ipa_get_param_count (info))
return ctx;
ipcp_lattice<ipa_polymorphic_call_context> *lat;
lat = ipa_get_poly_ctx_lat (info, srcidx);
