public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed
From: Jakub Jelinek <jakub@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc r11-9339] bswap: Fix UB in find_bswap_or_nop_finalize [PR103435]
Date: Mon, 29 Nov 2021 08:50:29 +0000 (GMT) [thread overview]
Message-ID: <20211129085029.9D3EF389366C@sourceware.org> (raw)
https://gcc.gnu.org/g:3479e49be805b077b215a1547aad20409e69af35
commit r11-9339-g3479e49be805b077b215a1547aad20409e69af35
Author: Jakub Jelinek <jakub@redhat.com>
Date: Sat Nov 27 13:00:55 2021 +0100
bswap: Fix UB in find_bswap_or_nop_finalize [PR103435]
On gcc.c-torture/execute/pr103376.c in the following code we trigger UB
in the compiler. n->range is 8 because it is 64-bit load and rsize is 0
because it is a bswap sequence with load and known to be 0:
/* Find real size of result (highest non-zero byte). */
if (n->base_addr)
for (tmpn = n->n, rsize = 0; tmpn; tmpn >>= BITS_PER_MARKER, rsize++);
else
rsize = n->range;
The shifts then shift uint64_t by 64 bits. For this case mask is 0
and we want both *cmpxchg and *cmpnop as 0, the operation can be done as
both nop and bswap and callers will prefer nop.
2021-11-27 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/103435
* gimple-ssa-store-merging.c (find_bswap_or_nop_finalize): Avoid UB if
n->range - rsize == 8, just clear both *cmpnop and *cmpxchg in that
case.
(cherry picked from commit 567d5f3d62fba2a23a9e975f7e7c7b61bb67cf24)
Diff:
---
gcc/gimple-ssa-store-merging.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/gcc/gimple-ssa-store-merging.c b/gcc/gimple-ssa-store-merging.c
index 7eb50d65a20..0bd5cab3c54 100644
--- a/gcc/gimple-ssa-store-merging.c
+++ b/gcc/gimple-ssa-store-merging.c
@@ -826,12 +826,18 @@ find_bswap_or_nop_finalize (struct symbolic_number *n, uint64_t *cmpxchg,
{
mask = ((uint64_t) 1 << (rsize * BITS_PER_MARKER)) - 1;
*cmpxchg &= mask;
- *cmpnop >>= (n->range - rsize) * BITS_PER_MARKER;
+ if (n->range - rsize == sizeof (int64_t))
+ *cmpnop = 0;
+ else
+ *cmpnop >>= (n->range - rsize) * BITS_PER_MARKER;
}
else
{
mask = ((uint64_t) 1 << (rsize * BITS_PER_MARKER)) - 1;
- *cmpxchg >>= (n->range - rsize) * BITS_PER_MARKER;
+ if (n->range - rsize == sizeof (int64_t))
+ *cmpxchg = 0;
+ else
+ *cmpxchg >>= (n->range - rsize) * BITS_PER_MARKER;
*cmpnop &= mask;
}
n->range = rsize;
reply other threads:[~2021-11-29 8:50 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211129085029.9D3EF389366C@sourceware.org \
--to=jakub@gcc.gnu.org \
--cc=gcc-cvs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).