From: Jakub Jelinek <jakub@redhat.com>
To: "Martin Liška" <mliska@suse.cz>
Cc: gcc-patches@gcc.gnu.org
Subject: Re: [PATCH] Fix UBSAN errors in dse.c (PR rtl-optimization/82044).
Date: Wed, 20 Sep 2017 08:15:00 -0000 [thread overview]
Message-ID: <20170920081519.GU1701@tucnak> (raw)
In-Reply-To: <d430e94b-5ea6-0c5c-0dfc-a09e62e0fcbd@suse.cz>
On Wed, Sep 20, 2017 at 09:50:32AM +0200, Martin Liška wrote:
> Hello.
>
> Following patch handles UBSAN (overflow) in dce.c.
dse.c ;)
> --- a/gcc/dse.c
> +++ b/gcc/dse.c
> @@ -929,7 +929,9 @@ set_usage_bits (group_info *group, HOST_WIDE_INT offset, HOST_WIDE_INT width,
> {
> HOST_WIDE_INT i;
> bool expr_escapes = can_escape (expr);
> - if (offset > -MAX_OFFSET && offset + width < MAX_OFFSET)
> + if (offset > -MAX_OFFSET
> + && offset < MAX_OFFSET
> + && offset + width < MAX_OFFSET)
This can still overflow if width is close to HOST_WIDE_INT_MAX.
Anyway, I don't remember this code too much, but wonder if either offset or
width or their sum is outside of the -MAX_OFFSET, MAX_OFFSET range if we
still don't want to record usage bits at least in the intersection of
-MAX_OFFSET, MAX_OFFSET and offset, offset + width (the latter performed
with infinite precision; though, if record_store is changed as suggested
below, offset + width shouldn't overflow).
> for (i=offset; i<offset+width; i++)
> {
> bitmap store1;
> @@ -1536,7 +1538,11 @@ record_store (rtx body, bb_info_t bb_info)
> }
> store_info->group_id = group_id;
> store_info->begin = offset;
> - store_info->end = offset + width;
> + if (offset > HOST_WIDE_INT_MAX - width)
> + store_info->end = HOST_WIDE_INT_MAX;
> + else
> + store_info->end = offset + width;
If offset + width overflows, I think we risk wrong-code by doing this, plus
there are 3 other offset + width computations earlier in record_store
before we reach this. I think instead we should treat such cases as wild
stores early, i.e.:
if (!canon_address (mem, &group_id, &offset, &base))
{
clear_rhs_from_active_local_stores ();
return 0;
}
if (GET_MODE (mem) == BLKmode)
width = MEM_SIZE (mem);
else
width = GET_MODE_SIZE (GET_MODE (mem));
+ if (offset > HOST_WIDE_INT_MAX - width)
+ {
+ clear_rhs_from_active_local_stores ();
+ return 0;
+ }
or so.
> +
> store_info->is_set = GET_CODE (body) == SET;
> store_info->rhs = rhs;
> store_info->const_rhs = const_rhs;
> @@ -1976,6 +1982,14 @@ check_mem_read_rtx (rtx *loc, bb_info_t bb_info)
> return;
> }
>
> + if (offset > MAX_OFFSET)
> + {
> + if (dump_file && (dump_flags & TDF_DETAILS))
> + fprintf (dump_file, " reaches MAX_OFFSET.\n");
> + add_wild_read (bb_info);
> + return;
> + }
> +
Is offset > MAX_OFFSET really problematic (and not just the width != -1 &&
offset + width overflowing case)?
> if (GET_MODE (mem) == BLKmode)
> width = -1;
> else
>
Jakub
next prev parent reply other threads:[~2017-09-20 8:15 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-20 7:51 Martin Liška
2017-09-20 8:15 ` Jakub Jelinek [this message]
2017-10-19 11:58 ` Martin Liška
2017-11-02 13:15 ` Martin Liška
2017-11-08 16:42 ` Jeff Law
2017-11-15 7:34 ` Martin Liška
2017-11-17 0:57 ` Jeff Law
2017-11-22 0:27 ` [PATCH] Fix i?86 bootstrap " Jakub Jelinek
2017-11-22 8:01 ` Jakub Jelinek
2017-11-22 9:00 ` Richard Biener
2017-11-22 9:11 ` Richard Biener
2017-12-19 11:26 ` Martin Liška
2017-11-22 9:45 ` Eric Botcazou
2017-11-22 9:52 ` Jakub Jelinek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170920081519.GU1701@tucnak \
--to=jakub@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=mliska@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).