Hello! Attached patch prevents out-of-bounds offset in the call to simplify_subreg, where the subreg offset is taken from the offset of a memory access. The problem triggers on 4.6 branch and is latent on 4.7 and mainline.
2013-02-10 Uros Bizjak <ubiz...@gmail.com> PR rtl-optimization/56275 * simplify-rtx.c (avoid_constant_pool_reference): Check that offset is non-negative and less than cmode size before calling simplify_subreg. testsuite/ChangeLog: 2013-02-10 Uros Bizjak <ubiz...@gmail.com> PR rtl-optimization/56275 * gcc.dg/pr56275.c: New test. Tested on x86_64-pc-linux-gnu {,-m32}. OK for mainline and release branches? Uros.
Index: simplify-rtx.c =================================================================== --- simplify-rtx.c (revision 195931) +++ simplify-rtx.c (working copy) @@ -242,7 +242,8 @@ avoid_constant_pool_reference (rtx x) /* If we're accessing the constant in a different mode than it was originally stored, attempt to fix that up via subreg simplifications. If that fails we have no choice but to return the original memory. */ - if (offset != 0 || cmode != GET_MODE (x)) + if ((offset != 0 || cmode != GET_MODE (x)) + && offset >= 0 && offset < GET_MODE_SIZE (cmode)) { rtx tem = simplify_subreg (GET_MODE (x), c, cmode, offset); if (tem && CONSTANT_P (tem)) Index: testsuite/gcc.dg/pr56275.c =================================================================== --- testsuite/gcc.dg/pr56275.c (revision 0) +++ testsuite/gcc.dg/pr56275.c (working copy) @@ -0,0 +1,12 @@ +/* { dg-do compile } */ +/* { dg-options "-O2" } */ +/* { dg-additional-options "-mno-sse" { target { i?86-*-* x86_64-*-* } } } */ + +typedef long long v2tw __attribute__ ((vector_size (2 * sizeof (long long)))); + +void tiger_block_v2 (long long in1, v2tw *res) +{ + v2tw i1 = { in1, in1 }; + + *res = i1 << 1; +}