From ab4194daa89047e2eacb66ef8d5d702418905bb0 Mon Sep 17 00:00:00 2001
From: Joseph Myers <joseph@codesourcery.com>
Date: Thu, 19 Feb 2009 13:56:00 +0000
Subject: [PATCH] re PR c/38483 (generated aborts lose previous side-effects)

	PR c/38483
	* builtins.c (gimplify_va_arg_expr): Evaluate the va_list
	expression before any __builtin_trap call.
	* c-typeck.c (build_function_call): Convert and check function
	arguments before generating a call to a trap.  Evaluate the
	function arguments before the trap.

testsuite:
	* gcc.c-torture/execute/call-trap-1.c,
	gcc.c-torture/execute/va-arg-trap-1.c, gcc.dg/call-diag-1.c: New
	tests.

From-SVN: r144296
---
 gcc/ChangeLog                                 |  9 +++++
 gcc/builtins.c                                |  3 ++
 gcc/c-typeck.c                                | 25 +++++++------
 gcc/testsuite/ChangeLog                       |  7 ++++
 .../gcc.c-torture/execute/call-trap-1.c       | 26 ++++++++++++++
 .../gcc.c-torture/execute/va-arg-trap-1.c     | 36 +++++++++++++++++++
 gcc/testsuite/gcc.dg/call-diag-1.c            |  9 +++++
 7 files changed, 105 insertions(+), 10 deletions(-)
 create mode 100644 gcc/testsuite/gcc.c-torture/execute/call-trap-1.c
 create mode 100644 gcc/testsuite/gcc.c-torture/execute/va-arg-trap-1.c
 create mode 100644 gcc/testsuite/gcc.dg/call-diag-1.c

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 8ca48493c4db..da214e8deea2 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,12 @@
+2009-02-19  Joseph Myers  <joseph@codesourcery.com>
+
+	PR c/38483
+	* builtins.c (gimplify_va_arg_expr): Evaluate the va_list
+	expression before any __builtin_trap call.
+	* c-typeck.c (build_function_call): Convert and check function
+	arguments before generating a call to a trap.  Evaluate the
+	function arguments before the trap.
+
 2009-02-19  Uros Bizjak  <ubizjak@gmail.com>
 
 	PR target/39228
diff --git a/gcc/builtins.c b/gcc/builtins.c
index 57cce08abe53..55639cde7280 100644
--- a/gcc/builtins.c
+++ b/gcc/builtins.c
@@ -4999,6 +4999,9 @@ gimplify_va_arg_expr (tree *expr_p, gimple_seq *pre_p, gimple_seq *post_p)
 	 Call abort to encourage the user to fix the program.  */
       if (warned)
 	inform (input_location, "if this code is reached, the program will abort");
+      /* Before the abort, allow the evaluation of the va_list
+	 expression to exit or longjmp.  */
+      gimplify_and_add (valist, pre_p);
       t = build_call_expr (implicit_built_in_decls[BUILT_IN_TRAP], 0);
       gimplify_and_add (t, pre_p);
 
diff --git a/gcc/c-typeck.c b/gcc/c-typeck.c
index 9ce60cdc9ca4..f1d83f3c20cd 100644
--- a/gcc/c-typeck.c
+++ b/gcc/c-typeck.c
@@ -2417,6 +2417,16 @@ build_function_call (tree function, tree params)
   /* fntype now gets the type of function pointed to.  */
   fntype = TREE_TYPE (fntype);
 
+  /* Convert the parameters to the types declared in the
+     function prototype, or apply default promotions.  */
+
+  nargs = list_length (params);
+  argarray = (tree *) alloca (nargs * sizeof (tree));
+  nargs = convert_arguments (nargs, argarray, TYPE_ARG_TYPES (fntype), 
+			     params, function, fundecl);
+  if (nargs < 0)
+    return error_mark_node;
+
   /* Check that the function is called through a compatible prototype.
      If it is not, replace the call by a trap, wrapped up in a compound
      expression if necessary.  This has the nice side-effect to prevent
@@ -2430,6 +2440,7 @@ build_function_call (tree function, tree params)
       tree return_type = TREE_TYPE (fntype);
       tree trap = build_function_call (built_in_decls[BUILT_IN_TRAP],
 				       NULL_TREE);
+      int i;
 
       /* This situation leads to run-time undefined behavior.  We can't,
 	 therefore, simply error unless we can prove that all possible
@@ -2438,6 +2449,10 @@ build_function_call (tree function, tree params)
 	/* We can, however, treat "undefined" any way we please.
 	   Call abort to encourage the user to fix the program.  */
 	inform (input_location, "if this code is reached, the program will abort");
+      /* Before the abort, allow the function arguments to exit or
+	 call longjmp.  */
+      for (i = 0; i < nargs; i++)
+	trap = build2 (COMPOUND_EXPR, void_type_node, argarray[i], trap);
 
       if (VOID_TYPE_P (return_type))
 	return trap;
@@ -2455,16 +2470,6 @@ build_function_call (tree function, tree params)
 	}
     }
 
-  /* Convert the parameters to the types declared in the
-     function prototype, or apply default promotions.  */
-
-  nargs = list_length (params);
-  argarray = (tree *) alloca (nargs * sizeof (tree));
-  nargs = convert_arguments (nargs, argarray, TYPE_ARG_TYPES (fntype), 
-			     params, function, fundecl);
-  if (nargs < 0)
-    return error_mark_node;
-
   /* Check that arguments to builtin functions match the expectations.  */
   if (fundecl
       && DECL_BUILT_IN (fundecl)
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index a01fa1fd0189..2a4bad1693ec 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,10 @@
+2009-02-19  Joseph Myers  <joseph@codesourcery.com>
+
+	PR c/38483
+	* gcc.c-torture/execute/call-trap-1.c,
+	gcc.c-torture/execute/va-arg-trap-1.c, gcc.dg/call-diag-1.c: New
+	tests.
+
 2009-02-19  Uros Bizjak  <ubizjak@gmail.com>
 
 	PR target/39228
diff --git a/gcc/testsuite/gcc.c-torture/execute/call-trap-1.c b/gcc/testsuite/gcc.c-torture/execute/call-trap-1.c
new file mode 100644
index 000000000000..aa226e745d6e
--- /dev/null
+++ b/gcc/testsuite/gcc.c-torture/execute/call-trap-1.c
@@ -0,0 +1,26 @@
+/* Undefined behavior from a call to a function cast to a different
+   type does not appear until after the function designator and
+   arguments have been evaluated.  PR 38483.  */
+/* Origin: Joseph Myers <joseph@codesourcery.com> */
+
+extern void exit (int);
+extern void abort (void);
+
+int
+foo (void)
+{
+  exit (0);
+  return 0;
+}
+
+void
+bar (void)
+{
+}
+
+int
+main (void)
+{
+  ((long (*)(int))bar) (foo ());
+  abort ();
+}
diff --git a/gcc/testsuite/gcc.c-torture/execute/va-arg-trap-1.c b/gcc/testsuite/gcc.c-torture/execute/va-arg-trap-1.c
new file mode 100644
index 000000000000..1e1dae8e8aaa
--- /dev/null
+++ b/gcc/testsuite/gcc.c-torture/execute/va-arg-trap-1.c
@@ -0,0 +1,36 @@
+/* Undefined behavior from a call to va_arg with a type other than
+   that of the argument passed (in particular, with a type such as
+   "float" that can never be the type of an argument passed through
+   "...") does not appear until after the va_list expression is
+   evaluated.  PR 38483.  */
+/* Origin: Joseph Myers <joseph@codesourcery.com> */
+
+#include <stdarg.h>
+
+extern void exit (int);
+extern void abort (void);
+
+va_list ap;
+float f;
+
+va_list *
+foo (void)
+{
+  exit (0);
+  return &ap;
+}
+
+void
+bar (int i, ...)
+{
+  va_start (ap, i);
+  f = va_arg (*foo (), float);
+  va_end (ap);
+}
+
+int
+main (void)
+{
+  bar (1, 0);
+  abort ();
+}
diff --git a/gcc/testsuite/gcc.dg/call-diag-1.c b/gcc/testsuite/gcc.dg/call-diag-1.c
new file mode 100644
index 000000000000..884baa0d4379
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/call-diag-1.c
@@ -0,0 +1,9 @@
+/* The warning for calling through a non-compatible type must not
+   disable the normal diagnostics from comparing the argument list
+   against the type of the called expression.  */
+/* Origin: Joseph Myers <joseph@codesourcery.com> */
+/* { dg-do compile } */
+/* { dg-options "" } */
+
+void foo (void);
+void bar (void) { ((long (*)(int))foo) (); } /* { dg-error "too few arguments to function" } */
-- 
2.47.2