From d63ed4c9c3f1b86813d81d310f812e73d327e536 Mon Sep 17 00:00:00 2001
From: Clark Coleman <clc@zephyr-software.com>
Date: Mon, 24 Aug 2020 16:53:16 -0400
Subject: [PATCH] Fix firefox crash on SPARK output.

---
 src/base/SMPFunction.cpp | 14 ++++++++++++++
 src/base/SMPInstr.cpp    | 12 ++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/src/base/SMPFunction.cpp b/src/base/SMPFunction.cpp
index ec8cd7bf..15ff7959 100644
--- a/src/base/SMPFunction.cpp
+++ b/src/base/SMPFunction.cpp
@@ -7722,6 +7722,13 @@ void SMPFunction::DetectLoopInductionVars(void) {
 									FoundBIV = false;
 									SMP_msg("ERROR: Non-matching BIV candidates in loop %d in func %s\n",
 										LoopIndex, this->GetFuncName());
+									SMP_msg("Current BIV candidate: ");
+									DumpInductionVar(BIVTriple);
+									SMP_msg("\nExisting BIV candidate: ");
+									DumpInductionVar(CurrentFamily.BasicInductionVar);
+									SMP_msg("\n");
+									if (VerboseOutput)
+										this->Dump();
 									break;
 								}
 							}
@@ -8172,6 +8179,13 @@ void SMPFunction::DetectLoopInductionVars2(void) {
 										FoundBIV = false;
 										SMP_msg("ERROR: Non-matching BIV candidates in loop %d in func %s\n",
 											LoopIndex, this->GetFuncName());
+										SMP_msg("Current BIV candidate: ");
+										DumpInductionVar(BIVTriple);
+										SMP_msg("\nExisting BIV candidate: ");
+										DumpInductionVar(CurrentFamily.BasicInductionVar);
+										SMP_msg("\n");
+										if (VerboseOutput)
+											this->Dump();
 										break;
 									}
 								}
diff --git a/src/base/SMPInstr.cpp b/src/base/SMPInstr.cpp
index 2be8188a..4e70da61 100644
--- a/src/base/SMPInstr.cpp
+++ b/src/base/SMPInstr.cpp
@@ -2911,10 +2911,13 @@ void STARSExpression::EmitSPARKAdaString(std::string &OutString, bool Processing
 			if (IsSymbolicReadMem)
 				OutString.append("(");
 		}
+		// If not a prefix operator, hold in OperatorString until we emit the left operand, then
+		//  emit as an infix operator.
 	}
 
 	// Left operand or subtree
 	if (this->HasLeftSubTree()) {
+		// Recurse into left subtree, surround with parentheses.
 		OutString.append("(");
 		this->GetLeftTree()->EmitSPARKAdaString(OutString, ProcessingLoop, OldSuffix, false, HasLoopArgs, UseSavedStackPtr, NoLHSArgs);
 		OutString.append(")");
@@ -2924,7 +2927,16 @@ void STARSExpression::EmitSPARKAdaString(std::string &OutString, bool Processing
 		bool OmitTrailingSpace = IsRegOp && (ProcessingLoop || OldSuffix);
 		STARSOpndTypePtr LeftOp = CloneIfNecessary(this->GetConstLeftOperand(), UseFP);
 		if (MDIsDirectStackAccessOpnd(LeftOp, UseFP)) {
+			// Crash observed using ParentInst to unnormalize the stack op.
+			//  Problem was [rdx+rdx] expression, where RCX traced back to before
+			//  stack allocation instruction, while RDX traced back to after 
+			//  the stack allocation instruction. Unnormalizing RDX's [RSP+40]
+			//  expression at the RCX init point produced stack location above the frame.
+#if 0
 			this->GetParentInst()->MDGetUnnormalizedOp(LeftOp);
+#else
+			this->GetOriginalParentInst()->MDGetUnnormalizedOp(LeftOp);
+#endif
 		}
 
 		bool InArgOp = false;
-- 
GitLab