From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 62222 invoked by alias); 20 Sep 2017 08:15:34 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 62202 invoked by uid 89); 20 Sep 2017 08:15:33 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-11.9 required=5.0 tests=BAYES_00,GIT_PATCH_2,GIT_PATCH_3,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=HTo:D*cz X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 20 Sep 2017 08:15:27 +0000 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4FF82C057F91; Wed, 20 Sep 2017 08:15:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4FF82C057F91 Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=jakub@redhat.com Received: from tucnak.zalov.cz (ovpn-116-102.ams2.redhat.com [10.36.116.102]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EDA3E6017B; Wed, 20 Sep 2017 08:15:24 +0000 (UTC) Received: from tucnak.zalov.cz (localhost [127.0.0.1]) by tucnak.zalov.cz (8.15.2/8.15.2) with ESMTP id v8K8FM5I003206; Wed, 20 Sep 2017 10:15:22 +0200 Received: (from jakub@localhost) by tucnak.zalov.cz (8.15.2/8.15.2/Submit) id v8K8FJWd003205; Wed, 20 Sep 2017 10:15:19 +0200 Date: Wed, 20 Sep 2017 08:15:00 -0000 From: Jakub Jelinek To: Martin =?utf-8?B?TGnFoWth?= Cc: gcc-patches@gcc.gnu.org Subject: Re: [PATCH] Fix UBSAN errors in dse.c (PR rtl-optimization/82044). Message-ID: <20170920081519.GU1701@tucnak> Reply-To: Jakub Jelinek References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.7.1 (2016-10-04) X-IsSubscribed: yes X-SW-Source: 2017-09/txt/msg01324.txt.bz2 On Wed, Sep 20, 2017 at 09:50:32AM +0200, Martin Liška wrote: > Hello. > > Following patch handles UBSAN (overflow) in dce.c. dse.c ;) > --- a/gcc/dse.c > +++ b/gcc/dse.c > @@ -929,7 +929,9 @@ set_usage_bits (group_info *group, HOST_WIDE_INT offset, HOST_WIDE_INT width, > { > HOST_WIDE_INT i; > bool expr_escapes = can_escape (expr); > - if (offset > -MAX_OFFSET && offset + width < MAX_OFFSET) > + if (offset > -MAX_OFFSET > + && offset < MAX_OFFSET > + && offset + width < MAX_OFFSET) This can still overflow if width is close to HOST_WIDE_INT_MAX. Anyway, I don't remember this code too much, but wonder if either offset or width or their sum is outside of the -MAX_OFFSET, MAX_OFFSET range if we still don't want to record usage bits at least in the intersection of -MAX_OFFSET, MAX_OFFSET and offset, offset + width (the latter performed with infinite precision; though, if record_store is changed as suggested below, offset + width shouldn't overflow). > for (i=offset; i { > bitmap store1; > @@ -1536,7 +1538,11 @@ record_store (rtx body, bb_info_t bb_info) > } > store_info->group_id = group_id; > store_info->begin = offset; > - store_info->end = offset + width; > + if (offset > HOST_WIDE_INT_MAX - width) > + store_info->end = HOST_WIDE_INT_MAX; > + else > + store_info->end = offset + width; If offset + width overflows, I think we risk wrong-code by doing this, plus there are 3 other offset + width computations earlier in record_store before we reach this. I think instead we should treat such cases as wild stores early, i.e.: if (!canon_address (mem, &group_id, &offset, &base)) { clear_rhs_from_active_local_stores (); return 0; } if (GET_MODE (mem) == BLKmode) width = MEM_SIZE (mem); else width = GET_MODE_SIZE (GET_MODE (mem)); + if (offset > HOST_WIDE_INT_MAX - width) + { + clear_rhs_from_active_local_stores (); + return 0; + } or so. > + > store_info->is_set = GET_CODE (body) == SET; > store_info->rhs = rhs; > store_info->const_rhs = const_rhs; > @@ -1976,6 +1982,14 @@ check_mem_read_rtx (rtx *loc, bb_info_t bb_info) > return; > } > > + if (offset > MAX_OFFSET) > + { > + if (dump_file && (dump_flags & TDF_DETAILS)) > + fprintf (dump_file, " reaches MAX_OFFSET.\n"); > + add_wild_read (bb_info); > + return; > + } > + Is offset > MAX_OFFSET really problematic (and not just the width != -1 && offset + width overflowing case)? > if (GET_MODE (mem) == BLKmode) > width = -1; > else > Jakub