public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug target/100236] New: arm: UB in arm_compute_save_core_reg_mask (shift exponent 4294967295 is too large for 32-bit type 'int')
@ 2021-04-23 17:12 acoplan at gcc dot gnu.org
2021-04-23 17:22 ` [Bug target/100236] " acoplan at gcc dot gnu.org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: acoplan at gcc dot gnu.org @ 2021-04-23 17:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100236
Bug ID: 100236
Summary: arm: UB in arm_compute_save_core_reg_mask (shift
exponent 4294967295 is too large for 32-bit type
'int')
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: acoplan at gcc dot gnu.org
Target Milestone: ---
$ cat test.c
void a() {
void b() {}
b();
}
$ ./arm-eabi-gcc -c -fpic test.c
/data_sdb/toolchain/src/gcc/gcc/config/arm/arm.c:21008:27: runtime error: shift
exponent 4294967295 is too large for 32-bit type 'int'
#0 0x2a07eee in arm_compute_save_core_reg_mask
/data_sdb/toolchain/src/gcc/gcc/config/arm/arm.c:21008
#1 0x2a07eee in arm_compute_frame_layout
/data_sdb/toolchain/src/gcc/gcc/config/arm/arm.c:22629
#2 0x1a9b56e in set_initial_elim_offsets
/data_sdb/toolchain/src/gcc/gcc/reload1.c:3766
#3 0x1abe973 in calculate_elim_costs_all_insns()
/data_sdb/toolchain/src/gcc/gcc/reload1.c:1559
#4 0x158e870 in ira_costs()
/data_sdb/toolchain/src/gcc/gcc/ira-costs.c:2296
#5 0x157369e in ira_build()
/data_sdb/toolchain/src/gcc/gcc/ira-build.c:3426
#6 0x155714d in ira /data_sdb/toolchain/src/gcc/gcc/ira.c:5655
#7 0x155714d in execute /data_sdb/toolchain/src/gcc/gcc/ira.c:5978
#8 0x192438e in execute_one_pass(opt_pass*)
/data_sdb/toolchain/src/gcc/gcc/passes.c:2567
#9 0x1926e3a in execute_pass_list_1
/data_sdb/toolchain/src/gcc/gcc/passes.c:2656
#10 0x1926df8 in execute_pass_list_1
/data_sdb/toolchain/src/gcc/gcc/passes.c:2657
#11 0x1926e95 in execute_pass_list(function*, opt_pass*)
/data_sdb/toolchain/src/gcc/gcc/passes.c:2667
#12 0xc22f30 in cgraph_node::expand()
/data_sdb/toolchain/src/gcc/gcc/cgraphunit.c:1830
#13 0xc23e50 in cgraph_order_sort::process()
/data_sdb/toolchain/src/gcc/gcc/cgraphunit.c:2069
#14 0xc2979a in output_in_order
/data_sdb/toolchain/src/gcc/gcc/cgraphunit.c:2137
#15 0xc2979a in symbol_table::compile()
/data_sdb/toolchain/src/gcc/gcc/cgraphunit.c:2355
#16 0xc3433a in symbol_table::finalize_compilation_unit()
/data_sdb/toolchain/src/gcc/gcc/cgraphunit.c:2539
#17 0x1cc8e7f in compile_file /data_sdb/toolchain/src/gcc/gcc/toplev.c:482
#18 0x1ccf7bf in do_compile /data_sdb/toolchain/src/gcc/gcc/toplev.c:2201
#19 0x1ccf7bf in toplev::main(int, char**)
/data_sdb/toolchain/src/gcc/gcc/toplev.c:2340
#20 0x432625c in main /data_sdb/toolchain/src/gcc/gcc/main.c:39
#21 0x7ffff6740bf6 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
#22 0x645e69 in _start
(/data_sdb/toolchain/build-arm-eabi-armv8.1-m.main+mve/install/libexec/gcc/arm-eabi/11.0.1/cc1+0x645e69)
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/100236] arm: UB in arm_compute_save_core_reg_mask (shift exponent 4294967295 is too large for 32-bit type 'int')
2021-04-23 17:12 [Bug target/100236] New: arm: UB in arm_compute_save_core_reg_mask (shift exponent 4294967295 is too large for 32-bit type 'int') acoplan at gcc dot gnu.org
@ 2021-04-23 17:22 ` acoplan at gcc dot gnu.org
2021-04-26 14:30 ` rearnsha at gcc dot gnu.org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: acoplan at gcc dot gnu.org @ 2021-04-23 17:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100236
--- Comment #1 from Alex Coplan <acoplan at gcc dot gnu.org> ---
GCC compiled with UBSan here. I should have mentioned it needs
-march=armv8.1-m.main.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/100236] arm: UB in arm_compute_save_core_reg_mask (shift exponent 4294967295 is too large for 32-bit type 'int')
2021-04-23 17:12 [Bug target/100236] New: arm: UB in arm_compute_save_core_reg_mask (shift exponent 4294967295 is too large for 32-bit type 'int') acoplan at gcc dot gnu.org
2021-04-23 17:22 ` [Bug target/100236] " acoplan at gcc dot gnu.org
@ 2021-04-26 14:30 ` rearnsha at gcc dot gnu.org
2021-04-27 11:29 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: rearnsha at gcc dot gnu.org @ 2021-04-26 14:30 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100236
Richard Earnshaw <rearnsha at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2021-04-26
Status|UNCONFIRMED |NEW
--- Comment #2 from Richard Earnshaw <rearnsha at gcc dot gnu.org> ---
Confirmed. The macro THUMB2_WORK_REGS expands to
(0xff & ~( (1 << THUMB_HARD_FRAME_POINTER_REGNUM) \
| (1 << SP_REGNUM) | (1 << PC_REGNUM) \
| (1 << PIC_OFFSET_TABLE_REGNUM)))
But PIC_OFFSET_TABLE_REGNUM in turn expands to
arm_pic_register
which may be INVALID_REGNUM (~0) in some circumstances.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/100236] arm: UB in arm_compute_save_core_reg_mask (shift exponent 4294967295 is too large for 32-bit type 'int')
2021-04-23 17:12 [Bug target/100236] New: arm: UB in arm_compute_save_core_reg_mask (shift exponent 4294967295 is too large for 32-bit type 'int') acoplan at gcc dot gnu.org
2021-04-23 17:22 ` [Bug target/100236] " acoplan at gcc dot gnu.org
2021-04-26 14:30 ` rearnsha at gcc dot gnu.org
@ 2021-04-27 11:29 ` cvs-commit at gcc dot gnu.org
2021-04-27 11:42 ` rearnsha at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-04-27 11:29 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100236
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Richard Earnshaw <rearnsha@gcc.gnu.org>:
https://gcc.gnu.org/g:01d0bda8bdf3cd804e1e00915d432ad0cdc49399
commit r12-148-g01d0bda8bdf3cd804e1e00915d432ad0cdc49399
Author: Richard Earnshaw <rearnsha@arm.com>
Date: Tue Apr 27 12:25:30 2021 +0100
arm: fix UB when compiling thumb2 with PIC [PR100236]
arm_compute_save_core_reg_mask contains UB in that the saved PIC
register number is used to create a bit mask. However, for some target
options this register is undefined and we end up with a shift of ~0.
On native compilations this is benign since the shift will still be
large enough to move the bit outside of the range of the mask, but if
cross compiling from a system that truncates out-of-range shifts to
zero (or worse, raises a trap for such values) we'll get potentially
wrong code (or a fault).
gcc:
PR target/100236
* config/arm/arm.c (THUMB2_WORK_REGS): Check
PIC_OFFSET_TABLE_REGNUM
is valid before including it in the mask.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/100236] arm: UB in arm_compute_save_core_reg_mask (shift exponent 4294967295 is too large for 32-bit type 'int')
2021-04-23 17:12 [Bug target/100236] New: arm: UB in arm_compute_save_core_reg_mask (shift exponent 4294967295 is too large for 32-bit type 'int') acoplan at gcc dot gnu.org
` (2 preceding siblings ...)
2021-04-27 11:29 ` cvs-commit at gcc dot gnu.org
@ 2021-04-27 11:42 ` rearnsha at gcc dot gnu.org
2021-04-28 11:09 ` cvs-commit at gcc dot gnu.org
2021-05-04 12:32 ` rguenth at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: rearnsha at gcc dot gnu.org @ 2021-04-27 11:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100236
--- Comment #4 from Richard Earnshaw <rearnsha at gcc dot gnu.org> ---
Fixed on master so far.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/100236] arm: UB in arm_compute_save_core_reg_mask (shift exponent 4294967295 is too large for 32-bit type 'int')
2021-04-23 17:12 [Bug target/100236] New: arm: UB in arm_compute_save_core_reg_mask (shift exponent 4294967295 is too large for 32-bit type 'int') acoplan at gcc dot gnu.org
` (3 preceding siblings ...)
2021-04-27 11:42 ` rearnsha at gcc dot gnu.org
@ 2021-04-28 11:09 ` cvs-commit at gcc dot gnu.org
2021-05-04 12:32 ` rguenth at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-04-28 11:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100236
--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-11 branch has been updated by Richard Earnshaw
<rearnsha@gcc.gnu.org>:
https://gcc.gnu.org/g:100cc845cda3843e87f152f845b11b70fee3d7bc
commit r11-8315-g100cc845cda3843e87f152f845b11b70fee3d7bc
Author: Richard Earnshaw <rearnsha@arm.com>
Date: Tue Apr 27 12:25:30 2021 +0100
arm: fix UB when compiling thumb2 with PIC [PR100236]
arm_compute_save_core_reg_mask contains UB in that the saved PIC
register number is used to create a bit mask. However, for some target
options this register is undefined and we end up with a shift of ~0.
On native compilations this is benign since the shift will still be
large enough to move the bit outside of the range of the mask, but if
cross compiling from a system that truncates out-of-range shifts to
zero (or worse, raises a trap for such values) we'll get potentially
wrong code (or a fault).
gcc:
PR target/100236
* config/arm/arm.c (THUMB2_WORK_REGS): Check
PIC_OFFSET_TABLE_REGNUM
is valid before including it in the mask.
(cherry picked from commit 01d0bda8bdf3cd804e1e00915d432ad0cdc49399)
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/100236] arm: UB in arm_compute_save_core_reg_mask (shift exponent 4294967295 is too large for 32-bit type 'int')
2021-04-23 17:12 [Bug target/100236] New: arm: UB in arm_compute_save_core_reg_mask (shift exponent 4294967295 is too large for 32-bit type 'int') acoplan at gcc dot gnu.org
` (4 preceding siblings ...)
2021-04-28 11:09 ` cvs-commit at gcc dot gnu.org
@ 2021-05-04 12:32 ` rguenth at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu.org @ 2021-05-04 12:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100236
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-05-04 12:32 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-23 17:12 [Bug target/100236] New: arm: UB in arm_compute_save_core_reg_mask (shift exponent 4294967295 is too large for 32-bit type 'int') acoplan at gcc dot gnu.org
2021-04-23 17:22 ` [Bug target/100236] " acoplan at gcc dot gnu.org
2021-04-26 14:30 ` rearnsha at gcc dot gnu.org
2021-04-27 11:29 ` cvs-commit at gcc dot gnu.org
2021-04-27 11:42 ` rearnsha at gcc dot gnu.org
2021-04-28 11:09 ` cvs-commit at gcc dot gnu.org
2021-05-04 12:32 ` rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).