From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 19211 invoked by alias); 26 Jan 2012 10:02:19 -0000 Received: (qmail 19198 invoked by uid 22791); 26 Jan 2012 10:02:18 -0000 X-SWARE-Spam-Status: No, hits=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 X-Spam-Check-By: sourceware.org Received: from localhost (HELO gcc.gnu.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 26 Jan 2012 10:02:05 +0000 From: "rguenth at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/51994] [4.6/4.7 Regression] git-1.7.8.3 miscompiled due to negative bitpos from get_inner_reference Date: Thu, 26 Jan 2012 10:29:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: middle-end X-Bugzilla-Keywords: wrong-code X-Bugzilla-Severity: normal X-Bugzilla-Who: rguenth at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 4.6.3 X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org X-SW-Source: 2012-01/txt/msg03017.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51994 --- Comment #19 from Richard Guenther 2012-01-26 10:01:23 UTC --- I agree, all callers of get_inner_reference need to cope with a negative bitpos. Those that forward it unchecked to functions that expect an unsigned bitpos are broken. Thus I think fixing the prototypes is correct. If that exposes other issues we have to fix them. The issue in extract_split_bit_field is obviously the same - unsigned prototype and unsigned offset in while (bitsdone < bitsize) { unsigned HOST_WIDE_INT thissize; rtx part, word; unsigned HOST_WIDE_INT thispos; unsigned HOST_WIDE_INT offset; offset = (bitpos + bitsdone) / unit; also thispos = (bitpos + bitsdone) % unit; might not be correct with a negative (bitpos + bitsdone). extract_fixed_bit_field has the same prototype issue, so eventually we want to simply account for them in the callers (if there are less). Only memory operands may have a negative bitpos and those we should be able to adjust via adjust_address (but by what amount?) to make bitpos positive. So you could say already the routines called from the get_inner_reference callers should do that. Eric, you should know this area the best - what do you recommend here? [we could assert in the unsigned bitpos taking functions that the MSB is not set on bitpos]