5 files changed, 170 insertions, 11 deletions

diff --git a/lib/compiler/src/beam_block.erl b/lib/compiler/src/beam_block.erl
index 2def3de7f3..0321b1c07b 100644
--- a/lib/compiler/src/beam_block.erl
+++ b/lib/compiler/src/beam_block.erl
@@ -251,7 +251,9 @@ opt([{set,_,_,{line,_}}=Line1,
      {set,[D2],[{integer,Idx2},Reg],{bif,element,{f,0}}}=I2|Is])
   when Idx1 < Idx2, D1 =/= D2, D1 =/= Reg, D2 =/= Reg ->
     opt([Line2,I2,Line1,I1|Is]);
-opt([{set,Ds0,Ss,Op}|Is0]) ->	
+opt([{set,[_|_],_Ss,{get_map_elements,_F}}=I|Is]) ->
+    [I|opt(Is)];
+opt([{set,Ds0,Ss,Op}|Is0]) ->
     {Ds,Is} = opt_moves(Ds0, Is0),
     [{set,Ds,Ss,Op}|opt(Is)];
 opt([{'%live',_,_}=I|Is]) ->
diff --git a/lib/compiler/src/beam_validator.erl b/lib/compiler/src/beam_validator.erl
index 942d69a756..6004f1974e 100644
--- a/lib/compiler/src/beam_validator.erl
+++ b/lib/compiler/src/beam_validator.erl
@@ -758,10 +758,20 @@ valfun_4(_, _) ->
 
 verify_get_map(Fail, Src, List, Vst0) ->
     assert_type(map, Src, Vst0),
-    Vst1 = branch_state(Fail, Vst0),
+    Vst1 = foldl(fun(D, Vsti) ->
+                         case is_reg_defined(D,Vsti) of
+                             true -> set_type_reg(term,D,Vsti);
+                             false -> Vsti
+                         end
+                 end, Vst0, extract_map_vals(List)),
+    Vst2 = branch_state(Fail, Vst1),
     Keys = extract_map_keys(List),
     assert_unique_map_keys(Keys),
-    verify_get_map_pair(List,Vst0,Vst1).
+    verify_get_map_pair(List,Vst0,Vst2).
+
+extract_map_vals([_Key,Val|T]) ->
+    [Val|extract_map_vals(T)];
+extract_map_vals([]) -> [].
 
 extract_map_keys([Key,_Val|T]) ->
     [Key|extract_map_keys(T)];
@@ -1093,6 +1103,17 @@ set_catch_end({y,Y}, #vst{current=#st{y=Ys0}=St}=Vst) ->
     Ys = gb_trees:update(Y, initialized, Ys0),
     Vst#vst{current=St#st{y=Ys}}.
 
+
+is_reg_defined({x,_}=Reg, Vst) -> is_type_defined_x(Reg, Vst);
+is_reg_defined({y,_}=Reg, Vst) -> is_type_defined_y(Reg, Vst);
+is_reg_defined(V, #vst{}) -> error({not_a_register, V}).
+
+is_type_defined_x({x,X}, #vst{current=#st{x=Xs}}) ->
+    gb_trees:is_defined(X,Xs).
+
+is_type_defined_y({y,Y}, #vst{current=#st{y=Ys}}) ->
+    gb_trees:is_defined(Y,Ys).
+
 assert_term(Src, Vst) ->
     get_term_type(Src, Vst),
     ok.
diff --git a/lib/compiler/test/map_SUITE.erl b/lib/compiler/test/map_SUITE.erl
index abc12a359d..411b15eebe 100644
--- a/lib/compiler/test/map_SUITE.erl
+++ b/lib/compiler/test/map_SUITE.erl
@@ -63,7 +63,10 @@
 	%% errors in 17.0-rc1
 	t_update_values/1,
         t_expand_map_update/1,
-        t_export/1
+        t_export/1,
+
+	%% errors in 18
+        t_register_corruption/1
     ]).
 
 suite() -> [].
@@ -108,11 +111,13 @@ all() ->
 	t_build_and_match_nil,
 	t_build_and_match_structure,
 
-
 	%% errors in 17.0-rc1
 	t_update_values,
         t_expand_map_update,
-        t_export
+        t_export,
+
+	%% errors in 18
+        t_register_corruption
     ].
 
 groups() -> [].
@@ -1827,6 +1832,53 @@ map_guard_sequence_mixed(K1,K2,M) ->
 	#{ K1 := 1, c := 6, K2 := 8, h := 3} -> 6
     end.
 
+%% register corruption discovered in 18 due to
+%% get_map_elements might destroys registers when fail-label is taken.
+%% Only seen when patterns have two targets,
+%% specifically: we copy one register, and then jump.
+%%    {test,is_map,{f,5},[{x,1}]}.
+%%
+%%    {get_map_elements,{f,7},{x,1},{list,[{atom,a},{x,1},{atom,b},{x,2}]}}.
+%%    %% if 'a' exists but not 'b' {x,1} is overwritten, jump {f,7}
+%%
+%%    {move,{integer,1},{x,0}}.
+%%    {call_only,3,{f,10}}.
+%%
+%%  {label,7}.
+%%    {get_map_elements,{f,8},{x,1},{list,[{atom,b},{x,2}]}}.
+%%    %% {x,1} (src) is now corrupt
+%%
+%%    {move,{x,0},{x,1}}.
+%%    {move,{integer,2},{x,0}}.
+%%    {call_only,3,{f,10}}.
+%%
+%% Only happens in beam_block opt_move pass with two destinations.
+
+t_register_corruption(Config) when is_list(Config) ->
+    M = #{a=> <<"value">>, c=>3},
+    {3,wanted,<<"value">>} = register_corruption_bar(M,wanted),
+    {3,wanted,<<"value">>} = register_corruption_foo(wanted,M),
+    ok.
+
+register_corruption_foo(A,#{a := V1, b := V2}) ->
+    register_corruption_dummy_call(1,V1,V2);
+register_corruption_foo(A,#{b := V}) ->
+    register_corruption_dummy_call(2,A,V);
+register_corruption_foo(A,#{a := V}) ->
+    register_corruption_dummy_call(3,A,V).
+
+register_corruption_bar(M,A) ->
+    case M of
+        #{a := V1, b := V2} ->
+            register_corruption_dummy_call(1,V1,V2);
+        #{b := V} ->
+            register_corruption_dummy_call(2,A,V);
+        #{a := V} ->
+            register_corruption_dummy_call(3,A,V)
+    end.
+
+
+register_corruption_dummy_call(A,B,C) -> {A,B,C}.
 
 
 t_frequency_table(Config) when is_list(Config) ->
diff --git a/lib/crypto/src/crypto_ec_curves.erl b/lib/crypto/src/crypto_ec_curves.erl
index fe17643d96..002b03b80c 100644
--- a/lib/crypto/src/crypto_ec_curves.erl
+++ b/lib/crypto/src/crypto_ec_curves.erl
@@ -4,11 +4,13 @@
 
 curves() ->
     CryptoSupport = crypto:supports(),
-    HasGF2m = proplists:get_bool(ec_gf2m,  proplists:get_value(public_keys, CryptoSupport)),
-    prime_curves() ++ characteristic_two_curves(HasGF2m).
+    PubKeys = proplists:get_value(public_keys, CryptoSupport),
+    HasEC   = proplists:get_bool(ecdh, PubKeys),
+    HasGF2m = proplists:get_bool(ec_gf2m, PubKeys),
+    prime_curves(HasEC) ++ characteristic_two_curves(HasGF2m).
 
 
-prime_curves() ->
+prime_curves(true) ->
     [secp112r1,secp112r2,secp128r1,secp128r2,secp160k1,secp160r1,secp160r2,
      secp192r1,secp192k1,secp224k1,secp224r1,secp256k1,secp256r1,secp384r1,
      secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,
@@ -16,7 +18,9 @@ prime_curves() ->
      brainpoolP160r1,brainpoolP160t1,brainpoolP192r1,brainpoolP192t1,
      brainpoolP224r1,brainpoolP224t1,brainpoolP256r1,brainpoolP256t1,
      brainpoolP320r1,brainpoolP320t1,brainpoolP384r1,brainpoolP384t1,
-     brainpoolP512r1,brainpoolP512t1].
+     brainpoolP512r1,brainpoolP512t1];
+prime_curves(_) ->
+    [].
 
 characteristic_two_curves(true) ->
     [sect113r1,sect113r2,sect131r1,sect131r2,sect163k1,sect163r1,
diff --git a/lib/hipe/cerl/erl_types.erl b/lib/hipe/cerl/erl_types.erl
index 56ec757dbf..cd2d2fe207 100644
--- a/lib/hipe/cerl/erl_types.erl
+++ b/lib/hipe/cerl/erl_types.erl
@@ -2712,7 +2712,87 @@ is_compat_args([], []) -> true;
 is_compat_args(_, _) -> false.
 
 is_compat_arg(A, A) -> true;
-is_compat_arg(A1, A2) -> t_is_any(A1) orelse t_is_any(A2).
+is_compat_arg(A1, A2) ->
+  is_specialization(A1, A2) orelse is_specialization(A2, A1).
+
+-spec is_specialization(erl_type(), erl_type()) -> boolean().
+
+%% Returns true if the first argument is a specialization of the
+%% second argument in the sense that every type is a specialization of
+%% any(). For example, {_,_} is a specialization of any(), but not of
+%% tuple(). Does not handle variables, but any() and unions (sort of).
+
+is_specialization(_, ?any) -> true;
+is_specialization(?any, _) -> false;
+is_specialization(?function(Domain1, Range1), ?function(Domain2, Range2)) ->
+  (is_specialization(Domain1, Domain2) andalso
+   is_specialization(Range1, Range2));
+is_specialization(?list(Contents1, Termination1, Size1),
+                  ?list(Contents2, Termination2, Size2)) ->
+  (Size1 =:= Size2 andalso
+   is_specialization(Contents1, Contents2) andalso
+   is_specialization(Termination1, Termination2));
+is_specialization(?product(Types1), ?product(Types2)) ->
+  specialization_list(Types1, Types2);
+is_specialization(?tuple(?any, ?any, ?any), ?tuple(_, _, _)) -> false;
+is_specialization(?tuple(_, _, _), ?tuple(?any, ?any, ?any)) -> false;
+is_specialization(?tuple(Elements1, Arity, _), 
+                  ?tuple(Elements2, Arity, _)) when Arity =/= ?any ->
+  specialization_list(Elements1, Elements2);
+is_specialization(?tuple_set([{Arity, List}]), 
+                  ?tuple(Elements2, Arity, _)) when Arity =/= ?any ->
+  specialization_list(sup_tuple_elements(List), Elements2);
+is_specialization(?tuple(Elements1, Arity, _),
+                  ?tuple_set([{Arity, List}])) when Arity =/= ?any ->
+  specialization_list(Elements1, sup_tuple_elements(List));
+is_specialization(?tuple_set(List1), ?tuple_set(List2)) ->
+  try
+    specialization_list(lists:append([T || {_Arity, T} <- List1]),
+                        lists:append([T || {_Arity, T} <- List2]))
+  catch _:_ -> false
+  end;
+is_specialization(?union(List1)=T1, ?union(List2)=T2) ->
+  case specialization_union2(T1, T2) of
+    {yes, Type1, Type2} -> is_specialization(Type1, Type2);
+    no -> specialization_list(List1, List2)
+  end;
+is_specialization(?union(List), T2) ->
+  case unify_union(List) of
+      {yes, Type} -> is_specialization(Type, T2);
+      no -> false
+  end;
+is_specialization(T1, ?union(List)) ->
+  case unify_union(List) of
+      {yes, Type} -> is_specialization(T1, Type);
+      no -> false
+  end;
+is_specialization(?opaque(_) = T1, T2) ->
+  is_specialization(t_opaque_structure(T1), T2);
+is_specialization(T1, ?opaque(_) = T2) ->
+  is_specialization(T1, t_opaque_structure(T2));
+is_specialization(?var(_), _) -> exit(error);
+is_specialization(_, ?var(_)) -> exit(error);
+is_specialization(T, T) -> true;
+is_specialization(?none, _) -> false;
+is_specialization(_, ?none) -> false;
+is_specialization(?unit, _) -> false;
+is_specialization(_, ?unit) -> false;
+is_specialization(#c{}, #c{}) -> false.
+
+specialization_list(L1, L2) ->
+  length(L1) =:= length(L2) andalso specialization_list1(L1, L2).
+
+specialization_list1([], []) -> true;
+specialization_list1([T1|L1], [T2|L2]) ->
+  is_specialization(T1, T2) andalso specialization_list1(L1, L2).
+
+specialization_union2(?union(List1)=T1, ?union(List2)=T2) ->
+  case {unify_union(List1), unify_union(List2)} of
+    {{yes, Type1}, {yes, Type2}} -> {yes, Type1, Type2};
+    {{yes, Type1}, no} -> {yes, Type1, T2};
+    {no, {yes, Type2}} -> {yes, T1, Type2};
+    {no, no} -> no
+  end.
 
 -spec t_inf_lists([erl_type()], [erl_type()]) -> [erl_type()].