diff mbox

Fix ICE while building firefox with FDO

Message ID 20150205165320.GG31160@kam.mff.cuni.cz
State New
Headers show

Commit Message

Jan Hubicka Feb. 5, 2015, 4:53 p.m. UTC 
Hi,
my previous fix to ipa-prop actually causes ipa-cp to ICE during FDO build of firefox.
What happens is that we produce speculative call that is off and leads to a method with
wrong number of parameters.
It would probably make a lot of sense to validate devirtualization with the actual type
of the call, but we do not have that handy, so this patch simply makes ipa-cp to not ICE.
Obviously in a valid program those wrong devirtualizations should be never executed.

Bootstrapped/regtested x86_64-linux, will commit it shortly.

Honza

	* ipa-cp.c (ipa_value_from_jfunc, ipa_context_from_jfunc): Check
	bound on number of arguments.
diff mbox

Patch

Index: ipa-cp.c
===================================================================
--- ipa-cp.c	(revision 220433)
+++ ipa-cp.c	(working copy)
@@ -942,7 +942,8 @@  ipa_value_from_jfunc (struct ipa_node_pa
 	{
 	  ipcp_lattice<tree> *lat;
 
-	  if (!info->lattices)
+	  if (!info->lattices
+	      || idx >= ipa_get_param_count (info))
 	    return NULL_TREE;
 	  lat = ipa_get_scalar_lat (info, idx);
 	  if (!lat->is_single_const ())
@@ -1004,7 +1005,8 @@  ipa_context_from_jfunc (ipa_node_params
 	}
       else
 	{
-	  if (!info->lattices)
+	  if (!info->lattices
+	      || srcidx >= ipa_get_param_count (info))
 	    return ctx;
 	  ipcp_lattice<ipa_polymorphic_call_context> *lat;
 	  lat = ipa_get_poly_ctx_lat (info, srcidx);