From 47a0556a16e197246df78e341b820012b885d0bd Mon Sep 17 00:00:00 2001
From: Quentin Carbonneaux <quentin.carbonneaux@yale.edu>
Date: Sun, 17 Apr 2016 21:01:49 -0400
Subject: compute dead phi args correctly in fold

The code computing if "the" edge of a phi
argument is live or dead was wrong. AFL
found that.
---
 fold.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/fold.c b/fold.c
index 06b8b12..dde3114 100644
--- a/fold.c
+++ b/fold.c
@@ -74,12 +74,11 @@ visitphi(Phi *p, int n, Fn *fn)
 	v = Top;
 	for (a=0; a<p->narg; a++) {
 		m = p->blk[a]->id;
+		dead = 1;
 		if (edge[m][0].dest == n)
-			dead = edge[m][0].dead;
-		else if (edge[m][1].dest == n)
-			dead = edge[m][1].dead;
-		else
-			die("invalid phi argument");
+			dead &= edge[m][0].dead;
+		if (edge[m][1].dest == n)
+			dead &= edge[m][1].dead;
 		if (!dead)
 			v = latmerge(v, latval(p->arg[a]));
 	}
@@ -121,7 +120,8 @@ visitjmp(Blk *b, int n, Fn *fn)
 	switch (b->jmp.type) {
 	case JJnz:
 		l = latval(b->jmp.arg);
-		if (l == Top || l == Bot) {
+		assert(l != Top);
+		if (l == Bot) {
 			edge[n][1].work = flowrk;
 			edge[n][0].work = &edge[n][1];
 			flowrk = &edge[n][0];
-- 
cgit 1.4.1