From 6dcb9e910b8e6f7638f88d657bb9cc10d38b141c Mon Sep 17 00:00:00 2001
From: Vladimir Makarov <vmakarov@redhat.com>
Date: Wed, 11 Oct 2017 19:35:48 +0000
Subject: [PATCH] re PR sanitizer/82353 (runtime ubsan crash)

2017-10-11  Vladimir Makarov  <vmakarov@redhat.com>

	PR sanitizer/82353
	* lra.c (collect_non_operand_hard_regs): Don't ignore operator
	locations.
	* lra-lives.c (bb_killed_pseudos, bb_gen_pseudos): Move up.
	(make_hard_regno_born, make_hard_regno_dead): Update
	bb_killed_pseudos and bb_gen_pseudos.

2017-10-11  Vladimir Makarov  <vmakarov@redhat.com>

	PR sanitizer/82353
	* gcc.target/i386/i386.exp (tests): Permit '.C' extension.
	* gcc.target/i386/pr82353.C: New.

From-SVN: r253656
---
 gcc/ChangeLog                           |  9 ++++
 gcc/lra-lives.c                         |  9 ++--
 gcc/lra.c                               |  3 +-
 gcc/testsuite/ChangeLog                 |  6 +++
 gcc/testsuite/gcc.target/i386/i386.exp  |  2 +-
 gcc/testsuite/gcc.target/i386/pr82353.C | 60 +++++++++++++++++++++++++
 6 files changed, 84 insertions(+), 5 deletions(-)
 create mode 100644 gcc/testsuite/gcc.target/i386/pr82353.C

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index cb3a961b86a..c3d95d9ba5b 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,12 @@
+2017-10-11  Vladimir Makarov  <vmakarov@redhat.com>
+
+	PR sanitizer/82353
+	* lra.c (collect_non_operand_hard_regs): Don't ignore operator
+	locations.
+	* lra-lives.c (bb_killed_pseudos, bb_gen_pseudos): Move up.
+	(make_hard_regno_born, make_hard_regno_dead): Update
+	bb_killed_pseudos and bb_gen_pseudos.
+
 2017-10-11  Nathan Sidwell  <nathan@acm.org>
 
 	* incpath.h (enum incpath_kind): Name enum, prefix values.
diff --git a/gcc/lra-lives.c b/gcc/lra-lives.c
index 4648eca5ace..6a49f9a8341 100644
--- a/gcc/lra-lives.c
+++ b/gcc/lra-lives.c
@@ -220,6 +220,9 @@ lra_intersected_live_ranges_p (lra_live_range_t r1, lra_live_range_t r2)
   return false;
 }
 
+/* The corresponding bitmaps of BB currently being processed.  */
+static bitmap bb_killed_pseudos, bb_gen_pseudos;
+
 /* The function processing birth of hard register REGNO.  It updates
    living hard regs, START_LIVING, and conflict hard regs for living
    pseudos.  Conflict hard regs for the pic pseudo is not updated if
@@ -243,6 +246,7 @@ make_hard_regno_born (int regno, bool check_pic_pseudo_p ATTRIBUTE_UNUSED)
 	|| i != REGNO (pic_offset_table_rtx))
 #endif
       SET_HARD_REG_BIT (lra_reg_info[i].conflict_hard_regs, regno);
+  bitmap_set_bit (bb_gen_pseudos, regno);
 }
 
 /* Process the death of hard register REGNO.  This updates
@@ -255,6 +259,8 @@ make_hard_regno_dead (int regno)
     return;
   sparseset_set_bit (start_dying, regno);
   CLEAR_HARD_REG_BIT (hard_regs_live, regno);
+  bitmap_clear_bit (bb_gen_pseudos, regno);
+  bitmap_set_bit (bb_killed_pseudos, regno);
 }
 
 /* Mark pseudo REGNO as living at program point POINT, update conflicting
@@ -299,9 +305,6 @@ mark_pseudo_dead (int regno, int point)
     }
 }
 
-/* The corresponding bitmaps of BB currently being processed.  */
-static bitmap bb_killed_pseudos, bb_gen_pseudos;
-
 /* Mark register REGNO (pseudo or hard register) in MODE as live at
    program point POINT.  Update BB_GEN_PSEUDOS.
    Return TRUE if the liveness tracking sets were modified, or FALSE
diff --git a/gcc/lra.c b/gcc/lra.c
index a4737773b6e..3122f2c2505 100644
--- a/gcc/lra.c
+++ b/gcc/lra.c
@@ -820,7 +820,8 @@ collect_non_operand_hard_regs (rtx *x, lra_insn_recog_data_t data,
   const char *fmt = GET_RTX_FORMAT (code);
 
   for (i = 0; i < data->insn_static_data->n_operands; i++)
-    if (x == data->operand_loc[i])
+    if (! data->insn_static_data->operand[i].is_operator
+	&& x == data->operand_loc[i])
       /* It is an operand loc. Stop here.  */
       return list;
   for (i = 0; i < data->insn_static_data->n_dups; i++)
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index b85e93cafd0..740454058d3 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,9 @@
+2017-10-11  Vladimir Makarov  <vmakarov@redhat.com>
+
+	PR sanitizer/82353
+	* gcc.target/i386/i386.exp (tests): Permit '.C' extension.
+	* gcc.target/i386/pr82353.C: New.
+
 2017-10-11  Uros Bizjak  <ubizjak@gmail.com>
 
 	* gcc.target/i386/387-ficom-1.c: New test.
diff --git a/gcc/testsuite/gcc.target/i386/i386.exp b/gcc/testsuite/gcc.target/i386/i386.exp
index eae253192ad..1dc37cdac12 100644
--- a/gcc/testsuite/gcc.target/i386/i386.exp
+++ b/gcc/testsuite/gcc.target/i386/i386.exp
@@ -445,7 +445,7 @@ if [runtest_file_p $runtests $srcdir/$subdir/vect-args.c] {
 }
 
 # Everything else.
-set tests [lsort [glob -nocomplain $srcdir/$subdir/*.\[cS\]]]
+set tests [lsort [glob -nocomplain $srcdir/$subdir/*.\[cCS\]]]
 set tests [prune $tests $srcdir/$subdir/vect-args.c]
 
 # Main loop.
diff --git a/gcc/testsuite/gcc.target/i386/pr82353.C b/gcc/testsuite/gcc.target/i386/pr82353.C
new file mode 100644
index 00000000000..309bff764a4
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/pr82353.C
@@ -0,0 +1,60 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -std=c++11 -fsanitize=undefined -fno-sanitize-recover=undefined -w -fdump-rtl-reload" } */
+
+extern unsigned long tf_2_var_1, tf_2_var_21;
+extern bool tf_2_var_2, tf_2_var_24, tf_2_var_6, tf_2_var_5;
+extern unsigned char tf_2_var_16, tf_2_var_31;
+extern short tf_2_var_69;
+extern unsigned tf_2_var_233;
+struct tf_2_struct_1 {
+  short member_1_0 : 27;
+  long member_1_1 : 10;
+};
+struct a {
+  int member_2_0 : 5;
+};
+struct tf_2_struct_3 {
+  static tf_2_struct_1 member_3_0;
+};
+struct tf_2_struct_4 {
+  static unsigned member_4_0;
+  a member_4_1;
+};
+struct tf_2_struct_5 {
+  tf_2_struct_1 member_5_2;
+  tf_2_struct_4 member_5_4;
+};
+struct tf_2_struct_6 {
+  tf_2_struct_5 member_6_2;
+  short member_6_4;
+} extern tf_2_struct_obj_2;
+extern tf_2_struct_3 tf_2_struct_obj_8;
+tf_2_struct_1 a;
+tf_2_struct_5 b;
+tf_2_struct_1 tf_2_struct_3::member_3_0;
+unsigned tf_2_struct_4::member_4_0;
+void tf_2_init() {
+  a.member_1_1 = tf_2_struct_obj_2.member_6_2.member_5_2.member_1_1 = 5;
+}
+void tf_2_foo() {
+  int c = tf_2_struct_obj_2.member_6_2.member_5_4.member_4_1.member_2_0 -
+          -~tf_2_struct_obj_2.member_6_4 * char(90284000534361);
+  tf_2_struct_obj_8.member_3_0.member_1_0 =
+      tf_2_var_24 >
+      tf_2_var_21 * a.member_1_0 * tf_2_var_2 - tf_2_var_5 % a.member_1_1;
+  if ((~(tf_2_var_31 * tf_2_var_6) &&
+       -~tf_2_struct_obj_2.member_6_4 * 90284000534361) %
+      ~tf_2_var_31 * tf_2_var_6)
+    b.member_5_2.member_1_0 << tf_2_var_16 << tf_2_var_1;
+  tf_2_var_233 = -~tf_2_struct_obj_2.member_6_4 * char(90284000534361);
+  int d(tf_2_struct_obj_2.member_6_4);
+  if (b.member_5_2.member_1_0)
+    b.member_5_2.member_1_1 = c;
+  bool e(~-~tf_2_struct_obj_2.member_6_4);
+  a.member_1_1 % e;
+  if (tf_2_var_5 / tf_2_struct_obj_2.member_6_2.member_5_2.member_1_1)
+    b.member_5_4.member_4_0 = tf_2_var_21 * a.member_1_0 * tf_2_var_2;
+  tf_2_var_69 = tf_2_var_6;
+}
+
+/* { dg-final { scan-rtl-dump-not "Inserting rematerialization insn" "reload" } } */
-- 
2.30.2