public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug tree-optimization/58736] New: IVOPTs rewrites unsigned to signed arith, exposing undefined overflow
@ 2013-10-15 11:06 rguenth at gcc dot gnu.org
2013-10-15 11:08 ` [Bug tree-optimization/58736] " rguenth at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: rguenth at gcc dot gnu.org @ 2013-10-15 11:06 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58736
Bug ID: 58736
Summary: IVOPTs rewrites unsigned to signed arith, exposing
undefined overflow
Product: gcc
Version: 4.9.0
Status: UNCONFIRMED
Keywords: wrong-code
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: rguenth at gcc dot gnu.org
Target: x86_64-*-*
Split out from PR58143,
/* { dg-do run } */
/* { dg-additional-options "-fstrict-overflow" } */
int a, b, c, d, e;
int
main ()
{
for (b = 4; b > -30; b--)
{
e = a > (int)((unsigned int) __INT_MAX__ - (unsigned int) b);
for (; c;)
for (;;)
{
if (d)
break;
}
}
return 0;
}
is compiled to an infinite loop at -O3 by IVOPTs and VRP teaming up,
rewriting (unsigned int) __INT_MAX__ - (unsigned int) b as signed arithmetic
and then removing the loop exit test.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/58736] IVOPTs rewrites unsigned to signed arith, exposing undefined overflow
2013-10-15 11:06 [Bug tree-optimization/58736] New: IVOPTs rewrites unsigned to signed arith, exposing undefined overflow rguenth at gcc dot gnu.org
@ 2013-10-15 11:08 ` rguenth at gcc dot gnu.org
2013-10-15 11:37 ` rguenth at gcc dot gnu.org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: rguenth at gcc dot gnu.org @ 2013-10-15 11:08 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58736
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |ASSIGNED
Last reconfirmed| |2013-10-15
Assignee|unassigned at gcc dot gnu.org |rguenth at gcc dot gnu.org
Ever confirmed|0 |1
--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
I will have a look.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/58736] IVOPTs rewrites unsigned to signed arith, exposing undefined overflow
2013-10-15 11:06 [Bug tree-optimization/58736] New: IVOPTs rewrites unsigned to signed arith, exposing undefined overflow rguenth at gcc dot gnu.org
2013-10-15 11:08 ` [Bug tree-optimization/58736] " rguenth at gcc dot gnu.org
@ 2013-10-15 11:37 ` rguenth at gcc dot gnu.org
2013-10-15 11:41 ` rguenth at gcc dot gnu.org
2013-10-15 11:54 ` rguenth at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: rguenth at gcc dot gnu.org @ 2013-10-15 11:37 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58736
--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
rewrite_use_compare rewrites
b.1_5 = (unsigned int) b.0_20;
_6 = 2147483647 - b.1_5;
_7 = (int) _6;
_9 = _7 < pretmp_23;
into
_13 = 2147483647 - b.0_20;
_9 = _13 < pretmp_23;
here:
/* The induction variable elimination failed; just express the original
giv. */
comp = get_computation (data->current_loop, use, cand);
using the candidate b.0_20 where already the affine form of the
computation is wrong:
{
type = int
offset = 2147483647
elements = {
[0] = b.0_20 * -1
}
}
which is because the use induction variable for _7 is wrongly determined by
simple_iv as { 2147483643, +, 1 } (but it has ->no_overflow == false but
nothing in IVOPTs ever checks that which looks like a bug).
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/58736] IVOPTs rewrites unsigned to signed arith, exposing undefined overflow
2013-10-15 11:06 [Bug tree-optimization/58736] New: IVOPTs rewrites unsigned to signed arith, exposing undefined overflow rguenth at gcc dot gnu.org
2013-10-15 11:08 ` [Bug tree-optimization/58736] " rguenth at gcc dot gnu.org
2013-10-15 11:37 ` rguenth at gcc dot gnu.org
@ 2013-10-15 11:41 ` rguenth at gcc dot gnu.org
2013-10-15 11:54 ` rguenth at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: rguenth at gcc dot gnu.org @ 2013-10-15 11:41 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58736
--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
The following patch fixes this and the testcase.
Index: gcc/tree-ssa-loop-ivopts.c
===================================================================
--- gcc/tree-ssa-loop-ivopts.c (revision 203590)
+++ gcc/tree-ssa-loop-ivopts.c (working copy)
@@ -1084,6 +1084,13 @@ find_givs_in_stmt_scev (struct ivopts_da
if (!simple_iv (loop, loop_containing_stmt (stmt), lhs, iv, true))
return false;
+
+ /* If the induction variable invokes undefined behavior when it wraps
+ make sure it does not overflow. */
+ if (TYPE_OVERFLOW_UNDEFINED (TREE_TYPE (lhs))
+ && !iv->no_overflow)
+ return false;
+
iv->base = expand_simple_operations (iv->base);
if (contains_abnormal_ssa_name_p (iv->base)
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/58736] IVOPTs rewrites unsigned to signed arith, exposing undefined overflow
2013-10-15 11:06 [Bug tree-optimization/58736] New: IVOPTs rewrites unsigned to signed arith, exposing undefined overflow rguenth at gcc dot gnu.org
` (2 preceding siblings ...)
2013-10-15 11:41 ` rguenth at gcc dot gnu.org
@ 2013-10-15 11:54 ` rguenth at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: rguenth at gcc dot gnu.org @ 2013-10-15 11:54 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58736
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |INVALID
--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
Err. Triggered by local changes in my tree.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-10-15 11:54 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-10-15 11:06 [Bug tree-optimization/58736] New: IVOPTs rewrites unsigned to signed arith, exposing undefined overflow rguenth at gcc dot gnu.org
2013-10-15 11:08 ` [Bug tree-optimization/58736] " rguenth at gcc dot gnu.org
2013-10-15 11:37 ` rguenth at gcc dot gnu.org
2013-10-15 11:41 ` rguenth at gcc dot gnu.org
2013-10-15 11:54 ` rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).