[backport from gcc-4.8/trunk r186590 <mikpe@it.uu.se>]

Date: Thu, 19 Apr 2012 14:14:42 +0200 (CEST)
From: Richard Guenther <rguenther at suse dot de>
Subject: [PATCH][IRA] Avoid undefined behavior in ira_allocno_object_iter_cond
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>

This gave me headaches debugging a VRP "miscompile" of ira-build.c.
Number of iteration analysis concluded that the allocno object
iterators do not iterate because it sees accesses to ->objects[n]
for a loop i = 0; i < n; ++i.  This is because 
ira_allocno_object_iter_cond was written in a very fancy way,
optimizing the number of source lines (appearantly).

Fixed as follows.

A bootstrap & regtest is currently running (together with the
alleged VRP modification).  I will commit this if it succeeds.

Richard.

gcc/

2012-04-19  Richard Guenther  <rguenther@suse.de>

	* ira-int.h (ira_allocno_object_iter_cond): Avoid out-of-bound
	array access.

--- gcc-4.7.1/gcc/ira-int.h.~1~	2012-01-19 21:46:31.000000000 +0100
+++ gcc-4.7.1/gcc/ira-int.h	2012-06-24 12:23:22.000000000 +0200
@@ -1138,8 +1138,13 @@ static inline bool
 ira_allocno_object_iter_cond (ira_allocno_object_iterator *i, ira_allocno_t a,
 			      ira_object_t *o)
 {
-  *o = ALLOCNO_OBJECT (a, i->n);
-  return i->n++ < ALLOCNO_NUM_OBJECTS (a);
+  int n = i->n++;
+  if (n < ALLOCNO_NUM_OBJECTS (a))
+    {
+      *o = ALLOCNO_OBJECT (a, n);
+      return true;
+    }
+  return false;
 }
 
 /* Loop over all objects associated with allocno A.  In each