On Sat, Apr 26, 2014 at 11:27 AM, Tom de Vries <tom_devr...@mentor.com> wrote:
> On 13-03-14 21:49, Richard Henderson wrote:
>>
>> (define_expand "ldexpxf3"
>> - [(set (match_dup 3)
>> - (float:XF (match_operand:SI 2 "register_operand")))
>> - (parallel [(set (match_operand:XF 0 " register_operand")
>> - (unspec:XF [(match_operand:XF 1 "register_operand")
>> - (match_dup 3)]
>> - UNSPEC_FSCALE_FRACT))
>> - (set (match_dup 4)
>> - (unspec:XF [(match_dup 1) (match_dup 3)]
>> - UNSPEC_FSCALE_EXP))])]
>> + [(match_operand:XF 0 "register_operand")
>> + (match_operand:XF 1 "register_operand")
>> + (match_operand:SI 2 "register_operand")]
>> "TARGET_USE_FANCY_MATH_387
>> && flag_unsafe_math_optimizations"
>> {
>> @@ -14808,6 +14633,11 @@
>>
>> operands[3] = gen_reg_rtx (XFmode);
>> operands[4] = gen_reg_rtx (XFmode);
>> +
>> + emit_insn (gen_floatsixf2 (operands[3], operands[2]));
>> + emit_insn (gen_fscalexf4_i387 (operands[0], operands[4],
>> + operands[1], operands[3]));
>> + DONE;
>> })
>
>
> Richard,
>
> For a non-bootstrap x86_64 build, gcc.dg/builtins-34.c fails for me with a
> sigsegv.
>
> I've traced it back to this code in insn-emit.c:
> ...
> rtx
> gen_ldexpxf3 (rtx operand0,
> rtx operand1,
> rtx operand2)
> {
> rtx _val = 0;
> start_sequence ();
> {
> rtx operands[3];
> operands[0] = operand0;
> operands[1] = operand1;
> operands[2] = operand2;
>
> {
> if (optimize_insn_for_size_p ())
> FAIL;
>
> operands[3] = gen_reg_rtx (XFmode);
> operands[4] = gen_reg_rtx (XFmode);
> ...
>
> operands is declared with size 3, and operands[3,4] accesses are out of
> bounds.
>
> I've done a minimal build with attached patch, and reran the test-case,
> which passes now.
>
> OK if bootstrap succeeds?
>
> 2014-04-26 Tom de Vries <t...@codesourcery.com>
>
> * config/i386/i386.md (define_expand "ldexpxf3"): Fix out-of-bounds
> array accesses.
OK for mainline and 4.9 branch.
Thanks,
Uros.
