public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug tree-optimization/103435] New: gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int'
@ 2021-11-26 8:13 marxin at gcc dot gnu.org
2021-11-26 8:23 ` [Bug tree-optimization/103435] [12 Regression] " marxin at gcc dot gnu.org
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-11-26 8:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103435
Bug ID: 103435
Summary: gcc/gimple-ssa-store-merging.c:879:13: runtime error:
shift exponent 64 is too large for 64-bit type 'long
unsigned int'
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: marxin at gcc dot gnu.org
CC: jakub at gcc dot gnu.org
Blocks: 63426
Target Milestone: ---
The following triggers an UBSAN:
$ ./xgcc -B.
/home/marxin/Programming/gcc/gcc/testsuite/gcc.c-torture/execute/pr103376.c -c
-O2
/home/marxin/Programming/gcc/gcc/gimple-ssa-store-merging.c:879:13: runtime
error: shift exponent 64 is too large for 64-bit type 'long unsigned int'
#0 0x6bd87c2 in find_bswap_or_nop_finalize
/home/marxin/Programming/gcc/gcc/gimple-ssa-store-merging.c:879
#1 0x6bd96aa in find_bswap_or_nop
/home/marxin/Programming/gcc/gcc/gimple-ssa-store-merging.c:981
#2 0x6bdde47 in execute
/home/marxin/Programming/gcc/gcc/gimple-ssa-store-merging.c:1538
#3 0x22d26de in execute_one_pass(opt_pass*)
/home/marxin/Programming/gcc/gcc/passes.c:2567
#4 0x22d31da in execute_pass_list_1
/home/marxin/Programming/gcc/gcc/passes.c:2656
#5 0x22d32a3 in execute_pass_list_1
/home/marxin/Programming/gcc/gcc/passes.c:2657
#6 0x22d335d in execute_pass_list(function*, opt_pass*)
/home/marxin/Programming/gcc/gcc/passes.c:2667
#7 0x1228bba in cgraph_node::expand()
/home/marxin/Programming/gcc/gcc/cgraphunit.c:1834
#8 0x122a7a2 in expand_all_functions
/home/marxin/Programming/gcc/gcc/cgraphunit.c:1998
#9 0x122cce6 in symbol_table::compile()
/home/marxin/Programming/gcc/gcc/cgraphunit.c:2348
#10 0x122d824 in symbol_table::finalize_compilation_unit()
/home/marxin/Programming/gcc/gcc/cgraphunit.c:2529
#11 0x27bc935 in compile_file /home/marxin/Programming/gcc/gcc/toplev.c:479
#12 0x27c6da6 in do_compile /home/marxin/Programming/gcc/gcc/toplev.c:2156
#13 0x27c7821 in toplev::main(int, char**)
/home/marxin/Programming/gcc/gcc/toplev.c:2308
#14 0x7332fb1 in main /home/marxin/Programming/gcc/gcc/main.c:39
#15 0x7ffff6ef85bf in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
#16 0x7ffff6ef867b in __libc_start_main_impl ../csu/libc-start.c:409
#17 0xabf1e4 in _start (/dev/shm/objdir2/gcc/cc1+0xabf1e4)
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63426
[Bug 63426] [meta-bug] Issues found with -fsanitize=undefined
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug tree-optimization/103435] [12 Regression] gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int'
2021-11-26 8:13 [Bug tree-optimization/103435] New: gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int' marxin at gcc dot gnu.org
@ 2021-11-26 8:23 ` marxin at gcc dot gnu.org
2021-11-26 10:05 ` jakub at gcc dot gnu.org
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-11-26 8:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103435
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|gcc/gimple-ssa-store-mergin |[12 Regression]
|g.c:879:13: runtime error: |gcc/gimple-ssa-store-mergin
|shift exponent 64 is too |g.c:879:13: runtime error:
|large for 64-bit type 'long |shift exponent 64 is too
|unsigned int' |large for 64-bit type 'long
| |unsigned int'
Target Milestone|--- |12.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug tree-optimization/103435] [12 Regression] gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int'
2021-11-26 8:13 [Bug tree-optimization/103435] New: gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int' marxin at gcc dot gnu.org
2021-11-26 8:23 ` [Bug tree-optimization/103435] [12 Regression] " marxin at gcc dot gnu.org
@ 2021-11-26 10:05 ` jakub at gcc dot gnu.org
2021-11-27 12:01 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: jakub at gcc dot gnu.org @ 2021-11-26 10:05 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103435
--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Untested fix:
2021-11-26 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/103435
* gimple-ssa-store-merging.c (find_bswap_or_nop_finalize): Avoid UB if
n->range - rsize == 8, just clear both *cmpnop and *cmpxchg in that
case.
--- gcc/gimple-ssa-store-merging.c.jj 2021-11-25 10:47:07.000000000 +0100
+++ gcc/gimple-ssa-store-merging.c 2021-11-26 10:54:11.959800560 +0100
@@ -871,12 +871,18 @@ find_bswap_or_nop_finalize (struct symbo
{
mask = ((uint64_t) 1 << (rsize * BITS_PER_MARKER)) - 1;
*cmpxchg &= mask;
- *cmpnop >>= (n->range - rsize) * BITS_PER_MARKER;
+ if (n->range - rsize == sizeof (int64_t))
+ *cmpnop = 0;
+ else
+ *cmpnop >>= (n->range - rsize) * BITS_PER_MARKER;
}
else
{
mask = ((uint64_t) 1 << (rsize * BITS_PER_MARKER)) - 1;
- *cmpxchg >>= (n->range - rsize) * BITS_PER_MARKER;
+ if (n->range - rsize == sizeof (int64_t))
+ *cmpxchg = 0;
+ else
+ *cmpxchg >>= (n->range - rsize) * BITS_PER_MARKER;
*cmpnop &= mask;
}
n->range = rsize;
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug tree-optimization/103435] [12 Regression] gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int'
2021-11-26 8:13 [Bug tree-optimization/103435] New: gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int' marxin at gcc dot gnu.org
2021-11-26 8:23 ` [Bug tree-optimization/103435] [12 Regression] " marxin at gcc dot gnu.org
2021-11-26 10:05 ` jakub at gcc dot gnu.org
@ 2021-11-27 12:01 ` cvs-commit at gcc dot gnu.org
2021-11-27 12:03 ` jakub at gcc dot gnu.org
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-11-27 12:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103435
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jakub Jelinek <jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:567d5f3d62fba2a23a9e975f7e7c7b61bb67cf24
commit r12-5557-g567d5f3d62fba2a23a9e975f7e7c7b61bb67cf24
Author: Jakub Jelinek <jakub@redhat.com>
Date: Sat Nov 27 13:00:55 2021 +0100
bswap: Fix UB in find_bswap_or_nop_finalize [PR103435]
On gcc.c-torture/execute/pr103376.c in the following code we trigger UB
in the compiler. n->range is 8 because it is 64-bit load and rsize is 0
because it is a bswap sequence with load and known to be 0:
/* Find real size of result (highest non-zero byte). */
if (n->base_addr)
for (tmpn = n->n, rsize = 0; tmpn; tmpn >>= BITS_PER_MARKER, rsize++);
else
rsize = n->range;
The shifts then shift uint64_t by 64 bits. For this case mask is 0
and we want both *cmpxchg and *cmpnop as 0, the operation can be done as
both nop and bswap and callers will prefer nop.
2021-11-27 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/103435
* gimple-ssa-store-merging.c (find_bswap_or_nop_finalize): Avoid UB
if
n->range - rsize == 8, just clear both *cmpnop and *cmpxchg in that
case.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug tree-optimization/103435] [12 Regression] gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int'
2021-11-26 8:13 [Bug tree-optimization/103435] New: gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int' marxin at gcc dot gnu.org
` (2 preceding siblings ...)
2021-11-27 12:01 ` cvs-commit at gcc dot gnu.org
@ 2021-11-27 12:03 ` jakub at gcc dot gnu.org
2021-11-29 8:50 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: jakub at gcc dot gnu.org @ 2021-11-27 12:03 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103435
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|UNCONFIRMED |RESOLVED
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug tree-optimization/103435] [12 Regression] gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int'
2021-11-26 8:13 [Bug tree-optimization/103435] New: gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int' marxin at gcc dot gnu.org
` (3 preceding siblings ...)
2021-11-27 12:03 ` jakub at gcc dot gnu.org
@ 2021-11-29 8:50 ` cvs-commit at gcc dot gnu.org
2022-05-10 8:22 ` cvs-commit at gcc dot gnu.org
2022-05-11 6:23 ` cvs-commit at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-11-29 8:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103435
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-11 branch has been updated by Jakub Jelinek
<jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:3479e49be805b077b215a1547aad20409e69af35
commit r11-9339-g3479e49be805b077b215a1547aad20409e69af35
Author: Jakub Jelinek <jakub@redhat.com>
Date: Sat Nov 27 13:00:55 2021 +0100
bswap: Fix UB in find_bswap_or_nop_finalize [PR103435]
On gcc.c-torture/execute/pr103376.c in the following code we trigger UB
in the compiler. n->range is 8 because it is 64-bit load and rsize is 0
because it is a bswap sequence with load and known to be 0:
/* Find real size of result (highest non-zero byte). */
if (n->base_addr)
for (tmpn = n->n, rsize = 0; tmpn; tmpn >>= BITS_PER_MARKER, rsize++);
else
rsize = n->range;
The shifts then shift uint64_t by 64 bits. For this case mask is 0
and we want both *cmpxchg and *cmpnop as 0, the operation can be done as
both nop and bswap and callers will prefer nop.
2021-11-27 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/103435
* gimple-ssa-store-merging.c (find_bswap_or_nop_finalize): Avoid UB
if
n->range - rsize == 8, just clear both *cmpnop and *cmpxchg in that
case.
(cherry picked from commit 567d5f3d62fba2a23a9e975f7e7c7b61bb67cf24)
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug tree-optimization/103435] [12 Regression] gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int'
2021-11-26 8:13 [Bug tree-optimization/103435] New: gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int' marxin at gcc dot gnu.org
` (4 preceding siblings ...)
2021-11-29 8:50 ` cvs-commit at gcc dot gnu.org
@ 2022-05-10 8:22 ` cvs-commit at gcc dot gnu.org
2022-05-11 6:23 ` cvs-commit at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-05-10 8:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103435
--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-10 branch has been updated by Jakub Jelinek
<jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:9a0152509234c514dcdb34468155459dfd7afacf
commit r10-10659-g9a0152509234c514dcdb34468155459dfd7afacf
Author: Jakub Jelinek <jakub@redhat.com>
Date: Sat Nov 27 13:00:55 2021 +0100
bswap: Fix UB in find_bswap_or_nop_finalize [PR103435]
On gcc.c-torture/execute/pr103376.c in the following code we trigger UB
in the compiler. n->range is 8 because it is 64-bit load and rsize is 0
because it is a bswap sequence with load and known to be 0:
/* Find real size of result (highest non-zero byte). */
if (n->base_addr)
for (tmpn = n->n, rsize = 0; tmpn; tmpn >>= BITS_PER_MARKER, rsize++);
else
rsize = n->range;
The shifts then shift uint64_t by 64 bits. For this case mask is 0
and we want both *cmpxchg and *cmpnop as 0, the operation can be done as
both nop and bswap and callers will prefer nop.
2021-11-27 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/103435
* gimple-ssa-store-merging.c (find_bswap_or_nop_finalize): Avoid UB
if
n->range - rsize == 8, just clear both *cmpnop and *cmpxchg in that
case.
(cherry picked from commit 567d5f3d62fba2a23a9e975f7e7c7b61bb67cf24)
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug tree-optimization/103435] [12 Regression] gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int'
2021-11-26 8:13 [Bug tree-optimization/103435] New: gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int' marxin at gcc dot gnu.org
` (5 preceding siblings ...)
2022-05-10 8:22 ` cvs-commit at gcc dot gnu.org
@ 2022-05-11 6:23 ` cvs-commit at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-05-11 6:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103435
--- Comment #6 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-9 branch has been updated by Jakub Jelinek
<jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:790b8d49ebf7c0827c9aeaad3c8c5bf7168ed17b
commit r9-10113-g790b8d49ebf7c0827c9aeaad3c8c5bf7168ed17b
Author: Jakub Jelinek <jakub@redhat.com>
Date: Sat Nov 27 13:00:55 2021 +0100
bswap: Fix UB in find_bswap_or_nop_finalize [PR103435]
On gcc.c-torture/execute/pr103376.c in the following code we trigger UB
in the compiler. n->range is 8 because it is 64-bit load and rsize is 0
because it is a bswap sequence with load and known to be 0:
/* Find real size of result (highest non-zero byte). */
if (n->base_addr)
for (tmpn = n->n, rsize = 0; tmpn; tmpn >>= BITS_PER_MARKER, rsize++);
else
rsize = n->range;
The shifts then shift uint64_t by 64 bits. For this case mask is 0
and we want both *cmpxchg and *cmpnop as 0, the operation can be done as
both nop and bswap and callers will prefer nop.
2021-11-27 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/103435
* gimple-ssa-store-merging.c (find_bswap_or_nop_finalize): Avoid UB
if
n->range - rsize == 8, just clear both *cmpnop and *cmpxchg in that
case.
(cherry picked from commit 567d5f3d62fba2a23a9e975f7e7c7b61bb67cf24)
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-05-11 6:23 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-26 8:13 [Bug tree-optimization/103435] New: gcc/gimple-ssa-store-merging.c:879:13: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int' marxin at gcc dot gnu.org
2021-11-26 8:23 ` [Bug tree-optimization/103435] [12 Regression] " marxin at gcc dot gnu.org
2021-11-26 10:05 ` jakub at gcc dot gnu.org
2021-11-27 12:01 ` cvs-commit at gcc dot gnu.org
2021-11-27 12:03 ` jakub at gcc dot gnu.org
2021-11-29 8:50 ` cvs-commit at gcc dot gnu.org
2022-05-10 8:22 ` cvs-commit at gcc dot gnu.org
2022-05-11 6:23 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).