From: "Bin Cheng" <bin.cheng@arm.com>
To: <gcc-patches@gcc.gnu.org>
Subject: [PATCH PR67921]Use sizetype for CHREC_RIGHT when building pointer type CHREC
Date: Wed, 21 Oct 2015 04:58:00 -0000 [thread overview]
Message-ID: <000001d10bbb$765ef6e0$631ce4a0$@arm.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1119 bytes --]
Hi,
As analyzed in PR67921, I think the issue is caused by fold_binary_loc which
folds:
4 - (sizetype) &c - (sizetype) ((int *) p1_8(D) + ((sizetype) a_23 * 24 +
4))
into below form:
((sizetype) -((int *) p1_8(D) + ((sizetype) a_23 * 24 + 4)) - (sizetype)
&c) + 4
Look the minus sizetype expression is folded as negative pointer expression,
which seems incorrect. Apart from this, The direct reason of this ICE is in
CHREC because of an overlook. In general CHREC supports NEGATE_EXPR for
CHREC, the only problem is it uses pointer type for CHREC_RIGHT, rather than
sizetype, when building pointer type CHREC.
This simple patch fixes the ICE issue. Bootstrap and test on x86 & x86_64.
Is it OK?
Note, I do think the associate logic in fold_binary_loc needs fix, but that
should be another patch.
2015-10-20 Bin Cheng <bin.cheng@arm.com>
PR tree-optimization/67921
* tree-chrec.c (chrec_fold_multiply): Use sizetype for CHREC_RIGHT
if
type is pointer type.
2015-10-20 Bin Cheng <bin.cheng@arm.com>
PR tree-optimization/67921
* gcc.dg/ubsan/pr67921.c: New test.
[-- Attachment #2: pr67921-20151020.txt --]
[-- Type: text/plain, Size: 1467 bytes --]
diff --git a/gcc/tree-chrec.c b/gcc/tree-chrec.c
index 649c9fe..ef7b70b 100644
--- a/gcc/tree-chrec.c
+++ b/gcc/tree-chrec.c
@@ -436,7 +436,8 @@ chrec_fold_multiply (tree type,
return build_polynomial_chrec
(CHREC_VARIABLE (op0),
chrec_fold_multiply (type, CHREC_LEFT (op0), op1),
- chrec_fold_multiply (type, CHREC_RIGHT (op0), op1));
+ chrec_fold_multiply (POINTER_TYPE_P (type) ? sizetype : type,
+ CHREC_RIGHT (op0), op1));
}
CASE_CONVERT:
@@ -459,7 +460,8 @@ chrec_fold_multiply (tree type,
return build_polynomial_chrec
(CHREC_VARIABLE (op1),
chrec_fold_multiply (type, CHREC_LEFT (op1), op0),
- chrec_fold_multiply (type, CHREC_RIGHT (op1), op0));
+ chrec_fold_multiply (POINTER_TYPE_P (type) ? sizetype : type,
+ CHREC_RIGHT (op1), op0));
CASE_CONVERT:
if (tree_contains_chrecs (op1, NULL))
diff --git a/gcc/testsuite/gcc.dg/ubsan/pr67921.c b/gcc/testsuite/gcc.dg/ubsan/pr67921.c
new file mode 100644
index 0000000..5e7d707
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/ubsan/pr67921.c
@@ -0,0 +1,22 @@
+/* { dg-do compile } */
+/* { dg-options "-fsanitize=undefined" } */
+
+typedef struct {
+ int a;
+ int arr[][6];
+}st;
+
+void bar (int);
+void foo (st *p)
+{
+ int a;
+ for (; a < 2; a++)
+ for (; p->a;)
+ {
+ int *b = p->arr[a];
+ int c[66];
+ int j = 0;
+ for (; j < 56; j++)
+ bar (b[j] - c[j]);
+ }
+}
next reply other threads:[~2015-10-21 4:46 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-21 4:58 Bin Cheng [this message]
2015-10-21 9:16 ` Richard Biener
2015-10-21 9:43 ` Bin.Cheng
2015-10-21 12:45 ` Richard Biener
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000001d10bbb$765ef6e0$631ce4a0$@arm.com' \
--to=bin.cheng@arm.com \
--cc=gcc-patches@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).