[Bug target/83111] [sh] stack smashing detected in gen_udivsi3

2017-11-22 Thread olegendo at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83111

Oleg Endo  changed:

   What|Removed |Added

 Status|UNCONFIRMED |NEW
   Last reconfirmed||2017-11-23
 Ever confirmed|0   |1

--- Comment #4 from Oleg Endo  ---
Thanks for reporting and tracking this down.
It seems there more such traps.  Can you please try the following:

Index: gcc/config/sh/sh.md
===
--- gcc/config/sh/sh.md (revision 251045)
+++ gcc/config/sh/sh.md (working copy)
@@ -2277,8 +2277,8 @@
   ""
 {
   rtx last;
+  rtx func_ptr = gen_reg_rtx (Pmode);

-  operands[3] = gen_reg_rtx (Pmode);
   /* Emit the move of the address to a pseudo outside of the libcall.  */
   if (TARGET_DIVIDE_CALL_TABLE)
 {
@@ -2298,16 +2298,16 @@
  emit_move_insn (operands[0], operands[2]);
  DONE;
}
-  function_symbol (operands[3], "__udivsi3_i4i", SFUNC_GOT);
-  last = gen_udivsi3_i4_int (operands[0], operands[3]);
+  function_symbol (func_ptr, "__udivsi3_i4i", SFUNC_GOT);
+  last = gen_udivsi3_i4_int (operands[0], func_ptr);
 }
   else if (TARGET_DIVIDE_CALL_FP)
 {
-  rtx lab = function_symbol (operands[3], "__udivsi3_i4",
SFUNC_STATIC).lab;
+  rtx lab = function_symbol (func_ptr, "__udivsi3_i4", SFUNC_STATIC).lab;
   if (TARGET_FPU_SINGLE)
-   last = gen_udivsi3_i4_single (operands[0], operands[3], lab);
+   last = gen_udivsi3_i4_single (operands[0], func_ptr, lab);
   else
-   last = gen_udivsi3_i4 (operands[0], operands[3], lab);
+   last = gen_udivsi3_i4 (operands[0], func_ptr, lab);
 }
   else if (TARGET_SH2A)
 {
@@ -2318,8 +2318,8 @@
 }
   else
 {
-  rtx lab = function_symbol (operands[3], "__udivsi3", SFUNC_STATIC).lab;
-  last = gen_udivsi3_i1 (operands[0], operands[3], lab);
+  rtx lab = function_symbol (func_ptr, "__udivsi3", SFUNC_STATIC).lab;
+  last = gen_udivsi3_i1 (operands[0], func_ptr, lab);
 }
   emit_move_insn (gen_rtx_REG (SImode, 4), operands[1]);
   emit_move_insn (gen_rtx_REG (SImode, 5), operands[2]);
@@ -2405,22 +2405,22 @@
   ""
 {
   rtx last;
+  rtx func_ptr = gen_reg_rtx (Pmode);

-  operands[3] = gen_reg_rtx (Pmode);
   /* Emit the move of the address to a pseudo outside of the libcall.  */
   if (TARGET_DIVIDE_CALL_TABLE)
 {
-  function_symbol (operands[3], sh_divsi3_libfunc, SFUNC_GOT);
-  last = gen_divsi3_i4_int (operands[0], operands[3]);
+  function_symbol (func_ptr, sh_divsi3_libfunc, SFUNC_GOT);
+  last = gen_divsi3_i4_int (operands[0], func_ptr);
 }
   else if (TARGET_DIVIDE_CALL_FP)
 {
-  rtx lab = function_symbol (operands[3], sh_divsi3_libfunc,
+  rtx lab = function_symbol (func_ptr, sh_divsi3_libfunc,
 SFUNC_STATIC).lab;
   if (TARGET_FPU_SINGLE)
-   last = gen_divsi3_i4_single (operands[0], operands[3], lab);
+   last = gen_divsi3_i4_single (operands[0], func_ptr, lab);
   else
-   last = gen_divsi3_i4 (operands[0], operands[3], lab);
+   last = gen_divsi3_i4 (operands[0], func_ptr, lab);
 }
   else if (TARGET_SH2A)
 {
@@ -2431,8 +2431,8 @@
 }
   else
 {
-  function_symbol (operands[3], sh_divsi3_libfunc, SFUNC_GOT);
-  last = gen_divsi3_i1 (operands[0], operands[3]);
+  function_symbol (func_ptr, sh_divsi3_libfunc, SFUNC_GOT);
+  last = gen_divsi3_i1 (operands[0], func_ptr);
 }
   emit_move_insn (gen_rtx_REG (SImode, 4), operands[1]);
   emit_move_insn (gen_rtx_REG (SImode, 5), operands[2]);
@@ -6519,6 +6519,7 @@
   [(call (mem (match_operand:SI 0 "symbol_ref_operand" ""))
 (match_operand 1 "" ""))
(use (reg:SI FPSCR_MODES_REG))
+   (use (match_scratch 2))
(clobber (reg:SI PR_REG))]
   "TARGET_SH2A && sh2a_is_function_vector_call (operands[0])"
 {
@@ -6629,6 +6630,7 @@
(call (mem:SI (match_operand:SI 1 "symbol_ref_operand" ""))
  (match_operand 2 "" "")))
(use (reg:SI FPSCR_MODES_REG))
+   (use (match_scratch 3))
(clobber (reg:SI PR_REG))]
   "TARGET_SH2A && sh2a_is_function_vector_call (operands[1])"
 {
@@ -7044,13 +7046,11 @@
   [(const_int 0)]
 {
   rtx lab = PATTERN (gen_call_site ());
-  rtx call_insn;
+  rtx tmp =  gen_rtx_REG (SImode, R1_REG);

-  operands[3] =  gen_rtx_REG (SImode, R1_REG);
-
-  sh_expand_sym_label2reg (operands[3], operands[1], lab, true);
-  call_insn = emit_call_insn (gen_sibcall_valuei_pcrel (operands[0],
-   operands[3],
+  sh_expand_sym_label2reg (tmp, operands[1], lab, true);
+  rtx call_insn = emit_call_insn (gen_sibcall_valuei_pcrel (operands[0],
+   tmp,
operands[2],

[Bug target/83111] [sh] stack smashing detected in gen_udivsi3

2017-11-22 Thread vries at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83111

--- Comment #3 from Tom de Vries  ---
By reverting the patch, I was able to finish the build.

[Bug target/83111] [sh] stack smashing detected in gen_udivsi3

2017-11-22 Thread vries at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83111

Tom de Vries  changed:

   What|Removed |Added

 CC||olegendo at gcc dot gnu.org

--- Comment #2 from Tom de Vries  ---
This looks like the offending commit:
...
commit 0e3876bfd55e2888a012d3e304196eb2d4231ecf
Author: olegendo 
Date:   Tue May 3 06:47:34 2016 +

gcc/
* config/sh/sh.md (udivsi3, divsi3, mulsi3): Simplify.
(mulhisi3, umulhisi3, (smulsi3_highpart, umulsi3_highpart): Convert to
define_insn_and_split.
(mulsi3_i): New define_insn_and_split.
(mulsi3_call): Convert to define_insn.
(mulsidi3, mulsidi3_compact, umulsidi3, umulsidi3_compact):
Remove constraints.
...

which contains this change:
...
diff --git a/gcc/config/sh/sh.md b/gcc/config/sh/sh.md
index da1dfe9..2d9502b 100644
--- a/gcc/config/sh/sh.md
+++ b/gcc/config/sh/sh.md
@@ -2244,16 +2244,9 @@


 (define_expand "udivsi3"
-  [(set (match_dup 3) (symbol_ref:SI "__udivsi3"))
-   (set (reg:SI R4_REG) (match_operand:SI 1 "general_operand" ""))
-   (set (reg:SI R5_REG) (match_operand:SI 2 "general_operand" ""))
-   (parallel [(set (match_operand:SI 0 "register_operand" "")
-  (udiv:SI (reg:SI R4_REG)
-   (reg:SI R5_REG)))
- (clobber (reg:SI T_REG))
- (clobber (reg:SI PR_REG))
- (clobber (reg:SI R4_REG))
- (use (match_dup 3))])]
+  [(set (match_operand:SI 0 "register_operand")
+   (udiv:SI (match_operand:SI 1 "general_operand")
+(match_operand:SI 2 "general_operand")))]
   ""
 {
   rtx last;
...

The "operands[3]" refers to the "(match_dup 3)" that was removed here.

[Bug target/83111] [sh] stack smashing detected in gen_udivsi3

2017-11-22 Thread vries at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83111

Tom de Vries  changed:

   What|Removed |Added

 Target||sh

--- Comment #1 from Tom de Vries  ---
Looking at insn-emit.c, we see:
...
/* src/gcc/config/sh/sh.md:2273 */
rtx
gen_udivsi3 (rtx operand0,
rtx operand1,
rtx operand2)
{
  rtx_insn *_val = 0;
  start_sequence ();
  {
rtx operands[3];
operands[0] = operand0;
operands[1] = operand1;
operands[2] = operand2;
#define FAIL return (end_sequence (), _val)
#define DONE return (_val = get_insns (),end_sequence (), _val)
// #line 2278 "src/gcc/config/sh/sh.md"
{
  rtx last;

  operands[3] = gen_reg_rtx (Pmode);
...

In other words, we declare an array with size 3: "rtx operands[3]", and then
write the 4th element: "operands[3] = gen_reg_rtx (Pmode)".