[gcc r11-7906] tree-optimization/99824 - avoid excessive integer type precision in VN

public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed

* [gcc r11-7906] tree-optimization/99824 - avoid excessive integer type precision in VN
@ 2021-03-30 12:01 Richard Biener
  0 siblings, 0 replies; only message in thread
From: Richard Biener @ 2021-03-30 12:01 UTC (permalink / raw)
  To: gcc-cvs

https://gcc.gnu.org/g:bd3d919b58466a9837e423c1255b88215f89bc9d

commit r11-7906-gbd3d919b58466a9837e423c1255b88215f89bc9d
Author: Richard Biener <rguenther@suse.de>
Date:   Tue Mar 30 11:22:52 2021 +0200

    tree-optimization/99824 - avoid excessive integer type precision in VN
    
    VN sometimes builds new integer types to handle accesss where precision
    of the access type does not match the access size.  The way
    ao_ref_init_from_vn_reference is computing the access size ignores
    the access type in case the ref operands have an outermost
    COMPONENT_REF which, in case it is an array for example, can be
    way larger than the access size.  This can cause us to try
    building an integer type with precision larger than WIDE_INT_MAX_PRECISION
    eventually leading to memory corruption.
    
    The following adjusts ao_ref_init_from_vn_reference to only lower
    access sizes via the outermost COMPONENT_REF but otherwise honor
    the access size as specified by the access type.
    
    It also places an assert in integer type building that we remain
    in the limits of WIDE_INT_MAX_PRECISION.  I chose the shared code
    where we set TYPE_MIN/MAX_VALUE because that will immediately
    cross the wide_ints capacity otherwise.
    
    2021-03-30  Richard Biener  <rguenther@suse.de>
    
            PR tree-optimization/99824
            * stor-layout.c (set_min_and_max_values_for_integral_type):
            Assert the precision is within the bounds of
            WIDE_INT_MAX_PRECISION.
            * tree-ssa-sccvn.c (ao_ref_init_from_vn_reference): Use
            the outermost component ref only to lower the access size
            and initialize that from the access type.
    
            * gcc.dg/torture/pr99824.c: New testcase.

Diff:
---
 gcc/stor-layout.c                      |  2 ++
 gcc/testsuite/gcc.dg/torture/pr99824.c | 33 +++++++++++++++++++++++++++++++++
 gcc/tree-ssa-sccvn.c                   | 24 ++++++++++++++----------
 3 files changed, 49 insertions(+), 10 deletions(-)

diff --git a/gcc/stor-layout.c b/gcc/stor-layout.c
index 784f131ebb8..94b8b21c7a8 100644
--- a/gcc/stor-layout.c
+++ b/gcc/stor-layout.c
@@ -2838,6 +2838,8 @@ set_min_and_max_values_for_integral_type (tree type,
   if (precision < 1)
     return;
 
+  gcc_assert (precision <= WIDE_INT_MAX_PRECISION);
+
   TYPE_MIN_VALUE (type)
     = wide_int_to_tree (type, wi::min_value (precision, sgn));
   TYPE_MAX_VALUE (type)
diff --git a/gcc/testsuite/gcc.dg/torture/pr99824.c b/gcc/testsuite/gcc.dg/torture/pr99824.c
new file mode 100644
index 00000000000..9022d4a4b8e
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/torture/pr99824.c
@@ -0,0 +1,33 @@
+/* { dg-do compile } */
+
+unsigned int
+strlenx(char *s)
+{
+  char *orig_s = s;
+  for (; *s; ++s)
+    ;
+  return s - orig_s;
+}
+
+struct i2c_adapter {
+    char name[48];
+};
+
+struct {
+    int instance;
+    struct i2c_adapter i2c_adap[];
+} * init_cx18_i2c_cx;
+
+const struct i2c_adapter cx18_i2c_adap_template = {""};
+int init_cx18_i2c___trans_tmp_1;
+
+void
+init_cx18_i2c()
+{
+  int i = 0;
+  for (;; i++) {
+      init_cx18_i2c_cx->i2c_adap[i] = cx18_i2c_adap_template;
+      init_cx18_i2c___trans_tmp_1
+	= strlenx(init_cx18_i2c_cx->i2c_adap[i].name);
+  }
+}
diff --git a/gcc/tree-ssa-sccvn.c b/gcc/tree-ssa-sccvn.c
index 1c0500ce61e..0567a2e9ff5 100644
--- a/gcc/tree-ssa-sccvn.c
+++ b/gcc/tree-ssa-sccvn.c
@@ -1002,22 +1002,26 @@ ao_ref_init_from_vn_reference (ao_ref *ref,
   poly_offset_int size = -1;
   tree size_tree = NULL_TREE;
 
-  /* First get the final access size from just the outermost expression.  */
+  machine_mode mode = TYPE_MODE (type);
+  if (mode == BLKmode)
+    size_tree = TYPE_SIZE (type);
+  else
+    size = GET_MODE_BITSIZE (mode);
+  if (size_tree != NULL_TREE
+      && poly_int_tree_p (size_tree))
+    size = wi::to_poly_offset (size_tree);
+
+  /* Lower the final access size from the outermost expression.  */
   op = &ops[0];
+  size_tree = NULL_TREE;
   if (op->opcode == COMPONENT_REF)
     size_tree = DECL_SIZE (op->op0);
   else if (op->opcode == BIT_FIELD_REF)
     size_tree = op->op0;
-  else
-    {
-      machine_mode mode = TYPE_MODE (type);
-      if (mode == BLKmode)
-	size_tree = TYPE_SIZE (type);
-      else
-	size = GET_MODE_BITSIZE (mode);
-    }
   if (size_tree != NULL_TREE
-      && poly_int_tree_p (size_tree))
+      && poly_int_tree_p (size_tree)
+      && (!known_size_p (size)
+	  || known_lt (wi::to_poly_offset (size_tree), size)))
     size = wi::to_poly_offset (size_tree);
 
   /* Initially, maxsize is the same as the accessed element size.


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-03-30 12:01 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-30 12:01 [gcc r11-7906] tree-optimization/99824 - avoid excessive integer type precision in VN Richard Biener

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).