* [PATCH] Fix PR56344 @ 2013-02-26 18:27 Marek Polacek 2013-02-26 23:17 ` Joseph S. Myers 0 siblings, 1 reply; 12+ messages in thread From: Marek Polacek @ 2013-02-26 18:27 UTC (permalink / raw) To: GCC Patches This "fixes" PR56344 by prohibiting passing arguments by value of size >= 2^30 bytes. Probably no sane programmer would want to do that, but it's better to issue an error than to segfault. This would be a good opportunity to use __builtin_expect, but we don't use that much in the codebase... Regtested/bootstrapped on x86_64-linux, ok for trunk? Do we need a testcase for this (compiling it is quite slow)? 2013-02-26 Marek Polacek <polacek@redhat.com> PR middle-end/56344 * calls.c (expand_call): Disallow passing huge arguments by value. --- gcc/calls.c.mp 2013-02-26 17:04:33.159555349 +0100 +++ gcc/calls.c 2013-02-26 18:50:54.864084545 +0100 @@ -3037,6 +3037,14 @@ expand_call (tree exp, rtx target, int i { rtx before_arg = get_last_insn (); + /* We don't allow passing huge (> 2^30 B) arguments + by value. It would cause an overflow later on. */ + if (adjusted_args_size.constant >= (1 << 30)) + { + error ("passing too large argument on stack"); + continue; + } + if (store_one_arg (&args[i], argblock, flags, adjusted_args_size.var != 0, reg_parm_stack_space) Marek ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] Fix PR56344 2013-02-26 18:27 [PATCH] Fix PR56344 Marek Polacek @ 2013-02-26 23:17 ` Joseph S. Myers 2013-02-27 9:56 ` Marek Polacek 0 siblings, 1 reply; 12+ messages in thread From: Joseph S. Myers @ 2013-02-26 23:17 UTC (permalink / raw) To: Marek Polacek; +Cc: GCC Patches On Tue, 26 Feb 2013, Marek Polacek wrote: > + /* We don't allow passing huge (> 2^30 B) arguments > + by value. It would cause an overflow later on. */ > + if (adjusted_args_size.constant >= (1 << 30)) > + { > + error ("passing too large argument on stack"); > + continue; This should be sorry () not error (), as a compiler limitation rather than a defect in the user's program. (And is input_location set to something useful here so the diagnostic points to the argument in question rather than e.g. to the end of the function containing the problem call?) -- Joseph S. Myers joseph@codesourcery.com ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] Fix PR56344 2013-02-26 23:17 ` Joseph S. Myers @ 2013-02-27 9:56 ` Marek Polacek 2013-02-27 11:33 ` Richard Biener 0 siblings, 1 reply; 12+ messages in thread From: Marek Polacek @ 2013-02-27 9:56 UTC (permalink / raw) To: Joseph S. Myers; +Cc: GCC Patches On Tue, Feb 26, 2013 at 11:17:22PM +0000, Joseph S. Myers wrote: > On Tue, 26 Feb 2013, Marek Polacek wrote: > > > + /* We don't allow passing huge (> 2^30 B) arguments > > + by value. It would cause an overflow later on. */ > > + if (adjusted_args_size.constant >= (1 << 30)) > > + { > > + error ("passing too large argument on stack"); > > + continue; > > This should be sorry () not error (), as a compiler limitation rather than > a defect in the user's program. (And is input_location set to something > useful here so the diagnostic points to the argument in question rather > than e.g. to the end of the function containing the problem call?) Okay, changed back to sorry (). I'd think that input_location is fine here, for e.g. struct S { unsigned char s[1 << 30]; } s; extern void foo (struct S); void bar (void) { foo (s); } we get: pr56344.c: In function âbarâ: pr56344.c:7:7: sorry, unimplemented: passing too large argument on stack foo (s); ^ Ok now? 2013-02-27 Marek Polacek <polacek@redhat.com> PR middle-end/56344 * calls.c (expand_call): Disallow passing huge arguments by value. --- gcc/calls.c.mp 2013-02-26 17:04:33.159555349 +0100 +++ gcc/calls.c 2013-02-27 10:44:02.254461200 +0100 @@ -3037,6 +3037,14 @@ expand_call (tree exp, rtx target, int i { rtx before_arg = get_last_insn (); + /* We don't allow passing huge (> 2^30 B) arguments + by value. It would cause an overflow later on. */ + if (adjusted_args_size.constant >= (1 << 30)) + { + sorry ("passing too large argument on stack"); + continue; + } + if (store_one_arg (&args[i], argblock, flags, adjusted_args_size.var != 0, reg_parm_stack_space) Marek ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] Fix PR56344 2013-02-27 9:56 ` Marek Polacek @ 2013-02-27 11:33 ` Richard Biener 2013-02-27 17:38 ` Joseph S. Myers 0 siblings, 1 reply; 12+ messages in thread From: Richard Biener @ 2013-02-27 11:33 UTC (permalink / raw) To: Marek Polacek; +Cc: Joseph S. Myers, GCC Patches On Wed, Feb 27, 2013 at 10:56 AM, Marek Polacek <polacek@redhat.com> wrote: > On Tue, Feb 26, 2013 at 11:17:22PM +0000, Joseph S. Myers wrote: >> On Tue, 26 Feb 2013, Marek Polacek wrote: >> >> > + /* We don't allow passing huge (> 2^30 B) arguments >> > + by value. It would cause an overflow later on. */ >> > + if (adjusted_args_size.constant >= (1 << 30)) >> > + { >> > + error ("passing too large argument on stack"); >> > + continue; >> >> This should be sorry () not error (), as a compiler limitation rather than >> a defect in the user's program. (And is input_location set to something >> useful here so the diagnostic points to the argument in question rather >> than e.g. to the end of the function containing the problem call?) > > Okay, changed back to sorry (). I'd think that input_location is fine > here, for e.g. > > struct S { unsigned char s[1 << 30]; } s; > extern void foo (struct S); > > void > bar (void) > { > foo (s); > } > > we get: > pr56344.c: In function ‘bar’: > pr56344.c:7:7: sorry, unimplemented: passing too large argument on stack > foo (s); > ^ > > Ok now? Wouldn't it be better to simply pass this using the variable size handling code? Thus, initialize args_size.var for too large constant size instead? Also args_size.constant is HOST_WIDE_INT, so I'm not sure where you derive the magic number 1<<30 from. I'd expect it to be sth like if (!host_integer_p (bit-size, 1)) init variable-size this has the advantage to move the error to runtime instead of compile-time which is better than rejecting valid C code that will work when it is not executed at runtime. Richard. > 2013-02-27 Marek Polacek <polacek@redhat.com> > > PR middle-end/56344 > * calls.c (expand_call): Disallow passing huge arguments > by value. > > --- gcc/calls.c.mp 2013-02-26 17:04:33.159555349 +0100 > +++ gcc/calls.c 2013-02-27 10:44:02.254461200 +0100 > @@ -3037,6 +3037,14 @@ expand_call (tree exp, rtx target, int i > { > rtx before_arg = get_last_insn (); > > + /* We don't allow passing huge (> 2^30 B) arguments > + by value. It would cause an overflow later on. */ > + if (adjusted_args_size.constant >= (1 << 30)) > + { > + sorry ("passing too large argument on stack"); > + continue; > + } > + > if (store_one_arg (&args[i], argblock, flags, > adjusted_args_size.var != 0, > reg_parm_stack_space) > > Marek ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] Fix PR56344 2013-02-27 11:33 ` Richard Biener @ 2013-02-27 17:38 ` Joseph S. Myers 2013-03-01 8:41 ` Richard Biener 0 siblings, 1 reply; 12+ messages in thread From: Joseph S. Myers @ 2013-02-27 17:38 UTC (permalink / raw) To: Richard Biener; +Cc: Marek Polacek, GCC Patches On Wed, 27 Feb 2013, Richard Biener wrote: > Wouldn't it be better to simply pass this using the variable size handling > code? Thus, initialize args_size.var for too large constant size instead? Would that be compatible with the ABI definition of how a large (constant size) argument should be passed? -- Joseph S. Myers joseph@codesourcery.com ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] Fix PR56344 2013-02-27 17:38 ` Joseph S. Myers @ 2013-03-01 8:41 ` Richard Biener 2013-03-05 16:06 ` Marek Polacek 0 siblings, 1 reply; 12+ messages in thread From: Richard Biener @ 2013-03-01 8:41 UTC (permalink / raw) To: Joseph S. Myers; +Cc: Marek Polacek, GCC Patches On Wed, Feb 27, 2013 at 6:38 PM, Joseph S. Myers <joseph@codesourcery.com> wrote: > On Wed, 27 Feb 2013, Richard Biener wrote: > >> Wouldn't it be better to simply pass this using the variable size handling >> code? Thus, initialize args_size.var for too large constant size instead? > > Would that be compatible with the ABI definition of how a large (constant > size) argument should be passed? I'm not sure. Another alternative is to expand to __builtin_trap (), but that's probably not easy at this very point. Or simply fix the size calculation to not overflow (either don't count bits or use a double-int). Richard. > -- > Joseph S. Myers > joseph@codesourcery.com ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] Fix PR56344 2013-03-01 8:41 ` Richard Biener @ 2013-03-05 16:06 ` Marek Polacek 2013-03-13 12:57 ` Marek Polacek 0 siblings, 1 reply; 12+ messages in thread From: Marek Polacek @ 2013-03-05 16:06 UTC (permalink / raw) To: Richard Biener; +Cc: Joseph S. Myers, GCC Patches On Fri, Mar 01, 2013 at 09:41:27AM +0100, Richard Biener wrote: > On Wed, Feb 27, 2013 at 6:38 PM, Joseph S. Myers > <joseph@codesourcery.com> wrote: > > On Wed, 27 Feb 2013, Richard Biener wrote: > > > >> Wouldn't it be better to simply pass this using the variable size handling > >> code? Thus, initialize args_size.var for too large constant size instead? > > > > Would that be compatible with the ABI definition of how a large (constant > > size) argument should be passed? > > I'm not sure. Another alternative is to expand to __builtin_trap (), but that's > probably not easy at this very point. > > Or simply fix the size calculation to not overflow (either don't count bits > or use a double-int). I don't think double_int will help us here. We won't detect overflow, because we overflowed here (when lower_bound is an int): lower_bound = INTVAL (XEXP (XEXP (arg->stack_slot, 0), 1)); The value from INTVAL () fits when lower_bound is a double_int, but then: i = lower_bound; ... stack_usage_map[i] the size of stack_usage_map is stored in highest_outgoing_arg_in_use, which is an int, so we're limited by an int size here. Changing the type of highest_outgoing_arg_in_use from an int to a double_int isn't worth the trouble, IMHO. Maybe the original approach, only with sorry () instead of error () and e.g. HOST_BITS_PER_INT - 1 instead of 30 would be appropriate after all. Dunno. Marek ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] Fix PR56344 2013-03-05 16:06 ` Marek Polacek @ 2013-03-13 12:57 ` Marek Polacek 2013-12-02 15:01 ` Richard Biener 0 siblings, 1 reply; 12+ messages in thread From: Marek Polacek @ 2013-03-13 12:57 UTC (permalink / raw) To: Richard Biener; +Cc: Joseph S. Myers, GCC Patches Ping. On Tue, Mar 05, 2013 at 05:06:21PM +0100, Marek Polacek wrote: > On Fri, Mar 01, 2013 at 09:41:27AM +0100, Richard Biener wrote: > > On Wed, Feb 27, 2013 at 6:38 PM, Joseph S. Myers > > <joseph@codesourcery.com> wrote: > > > On Wed, 27 Feb 2013, Richard Biener wrote: > > > > > >> Wouldn't it be better to simply pass this using the variable size handling > > >> code? Thus, initialize args_size.var for too large constant size instead? > > > > > > Would that be compatible with the ABI definition of how a large (constant > > > size) argument should be passed? > > > > I'm not sure. Another alternative is to expand to __builtin_trap (), but that's > > probably not easy at this very point. > > > > Or simply fix the size calculation to not overflow (either don't count bits > > or use a double-int). > > I don't think double_int will help us here. We won't detect overflow, > because we overflowed here (when lower_bound is an int): > lower_bound = INTVAL (XEXP (XEXP (arg->stack_slot, 0), 1)); > The value from INTVAL () fits when lower_bound is a double_int, but > then: > i = lower_bound; > ... > stack_usage_map[i] > the size of stack_usage_map is stored in highest_outgoing_arg_in_use, > which is an int, so we're limited by an int size here. > Changing the type of highest_outgoing_arg_in_use from an int to a > double_int isn't worth the trouble, IMHO. > > Maybe the original approach, only with sorry () instead of error () > and e.g. HOST_BITS_PER_INT - 1 instead of 30 would be appropriate > after all. Dunno. > > Marek ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] Fix PR56344 2013-03-13 12:57 ` Marek Polacek @ 2013-12-02 15:01 ` Richard Biener 2013-12-02 16:40 ` Marek Polacek 0 siblings, 1 reply; 12+ messages in thread From: Richard Biener @ 2013-12-02 15:01 UTC (permalink / raw) To: Marek Polacek; +Cc: Joseph S. Myers, GCC Patches On Wed, Mar 13, 2013 at 1:57 PM, Marek Polacek <polacek@redhat.com> wrote: > Ping. Ok. (yay, oldest patch in my review queue ...) Thanks, Richard. > On Tue, Mar 05, 2013 at 05:06:21PM +0100, Marek Polacek wrote: >> On Fri, Mar 01, 2013 at 09:41:27AM +0100, Richard Biener wrote: >> > On Wed, Feb 27, 2013 at 6:38 PM, Joseph S. Myers >> > <joseph@codesourcery.com> wrote: >> > > On Wed, 27 Feb 2013, Richard Biener wrote: >> > > >> > >> Wouldn't it be better to simply pass this using the variable size handling >> > >> code? Thus, initialize args_size.var for too large constant size instead? >> > > >> > > Would that be compatible with the ABI definition of how a large (constant >> > > size) argument should be passed? >> > >> > I'm not sure. Another alternative is to expand to __builtin_trap (), but that's >> > probably not easy at this very point. >> > >> > Or simply fix the size calculation to not overflow (either don't count bits >> > or use a double-int). >> >> I don't think double_int will help us here. We won't detect overflow, >> because we overflowed here (when lower_bound is an int): >> lower_bound = INTVAL (XEXP (XEXP (arg->stack_slot, 0), 1)); >> The value from INTVAL () fits when lower_bound is a double_int, but >> then: >> i = lower_bound; >> ... >> stack_usage_map[i] >> the size of stack_usage_map is stored in highest_outgoing_arg_in_use, >> which is an int, so we're limited by an int size here. >> Changing the type of highest_outgoing_arg_in_use from an int to a >> double_int isn't worth the trouble, IMHO. >> >> Maybe the original approach, only with sorry () instead of error () >> and e.g. HOST_BITS_PER_INT - 1 instead of 30 would be appropriate >> after all. Dunno. >> >> Marek ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] Fix PR56344 2013-12-02 15:01 ` Richard Biener @ 2013-12-02 16:40 ` Marek Polacek 2013-12-02 19:19 ` Marek Polacek 0 siblings, 1 reply; 12+ messages in thread From: Marek Polacek @ 2013-12-02 16:40 UTC (permalink / raw) To: Richard Biener; +Cc: Joseph S. Myers, GCC Patches On Mon, Dec 02, 2013 at 04:01:05PM +0100, Richard Biener wrote: > On Wed, Mar 13, 2013 at 1:57 PM, Marek Polacek <polacek@redhat.com> wrote: > > Ping. > > Ok. (yay, oldest patch in my review queue ...) ;) thanks. Just to be sure, did you mean to ok this patch (that is, the one with HOST_BITS_PER_INT)? Bootstrap/regtest in progress. 2013-12-02 Marek Polacek <polacek@redhat.com> PR middle-end/56344 * calls.c (expand_call): Disallow passing huge arguments by value. --- gcc/calls.c.mp4 2013-12-02 17:12:18.621057873 +0100 +++ gcc/calls.c 2013-12-02 17:32:35.523684716 +0100 @@ -3047,6 +3047,15 @@ expand_call (tree exp, rtx target, int i { rtx before_arg = get_last_insn (); + /* We don't allow passing huge (> 2^30 B) arguments + by value. It would cause an overflow later on. */ + if (adjusted_args_size.constant + >= (1 << (HOST_BITS_PER_INT - 1))) + { + sorry ("passing too large argument on stack"); + continue; + } + if (store_one_arg (&args[i], argblock, flags, adjusted_args_size.var != 0, reg_parm_stack_space) Marek ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] Fix PR56344 2013-12-02 16:40 ` Marek Polacek @ 2013-12-02 19:19 ` Marek Polacek 2013-12-02 20:35 ` Richard Biener 0 siblings, 1 reply; 12+ messages in thread From: Marek Polacek @ 2013-12-02 19:19 UTC (permalink / raw) To: Richard Biener; +Cc: Joseph S. Myers, GCC Patches On Mon, Dec 02, 2013 at 05:40:33PM +0100, Marek Polacek wrote: > On Mon, Dec 02, 2013 at 04:01:05PM +0100, Richard Biener wrote: > > On Wed, Mar 13, 2013 at 1:57 PM, Marek Polacek <polacek@redhat.com> wrote: > > > Ping. > > > > Ok. (yay, oldest patch in my review queue ...) > > ;) thanks. Just to be sure, did you mean to ok this patch (that is, > the one with HOST_BITS_PER_INT)? > > Bootstrap/regtest in progress. > > 2013-12-02 Marek Polacek <polacek@redhat.com> > > PR middle-end/56344 > * calls.c (expand_call): Disallow passing huge arguments > by value. > > --- gcc/calls.c.mp4 2013-12-02 17:12:18.621057873 +0100 > +++ gcc/calls.c 2013-12-02 17:32:35.523684716 +0100 > @@ -3047,6 +3047,15 @@ expand_call (tree exp, rtx target, int i > { > rtx before_arg = get_last_insn (); > > + /* We don't allow passing huge (> 2^30 B) arguments > + by value. It would cause an overflow later on. */ > + if (adjusted_args_size.constant > + >= (1 << (HOST_BITS_PER_INT - 1))) Surely I meant to use "HOST_BITS_PER_INT - 2" here. Marek ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] Fix PR56344 2013-12-02 19:19 ` Marek Polacek @ 2013-12-02 20:35 ` Richard Biener 0 siblings, 0 replies; 12+ messages in thread From: Richard Biener @ 2013-12-02 20:35 UTC (permalink / raw) To: Marek Polacek; +Cc: Joseph S. Myers, GCC Patches Marek Polacek <polacek@redhat.com> wrote: >On Mon, Dec 02, 2013 at 05:40:33PM +0100, Marek Polacek wrote: >> On Mon, Dec 02, 2013 at 04:01:05PM +0100, Richard Biener wrote: >> > On Wed, Mar 13, 2013 at 1:57 PM, Marek Polacek <polacek@redhat.com> >wrote: >> > > Ping. >> > >> > Ok. (yay, oldest patch in my review queue ...) >> >> ;) thanks. Just to be sure, did you mean to ok this patch (that is, >> the one with HOST_BITS_PER_INT)? Yes, thanks, Richard. >> Bootstrap/regtest in progress. >> >> 2013-12-02 Marek Polacek <polacek@redhat.com> >> >> PR middle-end/56344 >> * calls.c (expand_call): Disallow passing huge arguments >> by value. >> >> --- gcc/calls.c.mp4 2013-12-02 17:12:18.621057873 +0100 >> +++ gcc/calls.c 2013-12-02 17:32:35.523684716 +0100 >> @@ -3047,6 +3047,15 @@ expand_call (tree exp, rtx target, int i >> { >> rtx before_arg = get_last_insn (); >> >> + /* We don't allow passing huge (> 2^30 B) arguments >> + by value. It would cause an overflow later on. */ >> + if (adjusted_args_size.constant >> + >= (1 << (HOST_BITS_PER_INT - 1))) > >Surely I meant to use "HOST_BITS_PER_INT - 2" here. > > Marek ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2013-12-02 20:35 UTC | newest] Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2013-02-26 18:27 [PATCH] Fix PR56344 Marek Polacek 2013-02-26 23:17 ` Joseph S. Myers 2013-02-27 9:56 ` Marek Polacek 2013-02-27 11:33 ` Richard Biener 2013-02-27 17:38 ` Joseph S. Myers 2013-03-01 8:41 ` Richard Biener 2013-03-05 16:06 ` Marek Polacek 2013-03-13 12:57 ` Marek Polacek 2013-12-02 15:01 ` Richard Biener 2013-12-02 16:40 ` Marek Polacek 2013-12-02 19:19 ` Marek Polacek 2013-12-02 20:35 ` Richard Biener
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).