gcc/ipa-const-prop-buffer-overflow-bugfix.patch

This patch is to solve issue409, which merge following 3 commits with some style fix

commit 9505acd8501e6c79bc4fa9ed9f1ee174462601d1
Author: Richard Biener <rguenther@suse.de>
Date:   Wed Jul 17 09:35:04 2019 +0000

    re PR tree-optimization/91180 (wrong code at -O and above with __builtin_memset())

    2019-07-17  Richard Biener  <rguenther@suse.de>

            PR tree-optimization/91180
            * tree-ssa-sccvn.c (vn_reference_lookup_3): Fix offset
            computation for memset partial defs.

            * gcc.dg/torture/pr91180.c: New testcase.

    From-SVN: r273548

commit 6b68f00d4c2b375dad66bd6e72c01c309b4085c5
Author: Richard Biener <rguenther@suse.de>
Date:   Fri Jul 19 16:19:39 2019 +0000

    re PR tree-optimization/91211 (wrong code with __builtin_memset() and __builtin_memcpy() at -O1 and above)
    
    2019-07-19  Richard Biener  <rguenther@suse.de>
    
            PR tree-optimization/91211
            * tree-ssa-sccvn.c (vn_walk_cb_data::push_partial_def): Fix
            memset encoding size.
    
            * gcc.dg/torture/pr91211.c: New testcase.
    
    From-SVN: r273605

commit 599331c858294dec6ac94400e63d275c4836607f
Author: Richard Biener <rguenther@suse.de>
Date:   Thu Jul 25 06:57:46 2019 +0000

    re PR tree-optimization/91236 (ICE in walk_non_aliased_vuses at gcc/tree-ssa-alias.c:3395 on aarch64)
    
    2019-07-25  Richard Biener  <rguenther@suse.de>
    
            PR tree-optimization/91236
            * tree-ssa-sccvn.c (vn_walk_cb_data::push_partial_def): Fix
            size of CONSTRUCTOR write.  Fix buffer size we pass to
            native_encode_expr.
    
    From-SVN: r273787

diff -Nurp a/gcc/testsuite/gcc.dg/torture/pr91180.c b/gcc/testsuite/gcc.dg/torture/pr91180.c
--- a/gcc/testsuite/gcc.dg/torture/pr91180.c	1970-01-01 08:00:00.000000000 +0800
+++ b/gcc/testsuite/gcc.dg/torture/pr91180.c	2020-09-15 20:52:58.796000000 +0800
@@ -0,0 +1,13 @@
+/* { dg-do run } */
+
+int
+main ()
+{
+#if __SIZEOF_INT__ == 4
+  unsigned x = 0xffffffff;
+  __builtin_memset (1 + (char *) &x, 0, 2);
+  if (x != 0xff0000ff)
+    __builtin_abort ();
+#endif
+  return 0;
+}
diff -Nurp a/gcc/testsuite/gcc.dg/torture/pr91211.c b/gcc/testsuite/gcc.dg/torture/pr91211.c
--- a/gcc/testsuite/gcc.dg/torture/pr91211.c	1970-01-01 08:00:00.000000000 +0800
+++ b/gcc/testsuite/gcc.dg/torture/pr91211.c	2020-09-15 20:52:43.932000000 +0800
@@ -0,0 +1,19 @@
+/* { dg-do run } */
+
+typedef __UINT32_TYPE__ u32;
+
+int
+main (void)
+{
+  u32 b = 0x027C5902;
+  u32 a = 0;
+  __builtin_memset (1 + (char *) &b, 0, 2);
+  __builtin_memcpy (&a, 2 + (char *) &b, 2);
+#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+  if (a != 0x00000200)
+#else
+  if (a != 0x00020000)
+#endif
+    __builtin_abort();
+  return 0;
+}
diff -Nurp a/gcc/tree-ssa-sccvn.c b/gcc/tree-ssa-sccvn.c
--- a/gcc/tree-ssa-sccvn.c	2020-09-14 16:44:05.476000000 +0800
+++ b/gcc/tree-ssa-sccvn.c	2020-09-16 09:29:22.520000000 +0800
@@ -1840,12 +1840,15 @@ vn_walk_cb_data::push_partial_def (const
 		  if (TREE_CODE (pd.rhs) == CONSTRUCTOR)
 		    /* Empty CONSTRUCTOR.  */
 		    memset (buffer + MAX (0, pd.offset),
-			    0, MIN ((HOST_WIDE_INT)sizeof (buffer), pd.size));
+			    0, MIN ((HOST_WIDE_INT)sizeof (buffer)
+				     - MAX (0, pd.offset),
+				    pd.size + MIN (0, pd.offset)));
 		  else
 		    {
 		      len = native_encode_expr (pd.rhs,
 						buffer + MAX (0, pd.offset),
-						sizeof (buffer - MAX (0, pd.offset)),
+						sizeof (buffer)
+						- MAX (0, pd.offset),
 						MAX (0, -pd.offset));
 		      if (len <= 0
 			  || len < (pd.size - MAX (0, -pd.offset)))
@@ -2461,7 +2464,7 @@ vn_reference_lookup_3 (ao_ref *ref, tree
 	{
 	  pd_data pd;
 	  pd.rhs = build_constructor (NULL_TREE, NULL);
-	  pd.offset = offset2i - offseti;
+	  pd.offset = (offset2i - offseti) / BITS_PER_UNIT;
 	  pd.size = leni;
 	  return data->push_partial_def (pd, vuse, maxsizei);
 	}