[PATCH] Fix -fsanitize=undefined vs. x + y

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

* [PATCH] Fix -fsanitize=undefined vs. x + y < x (PR sanitizer/87837)
@ 2018-11-05  9:33 Jakub Jelinek
  2018-11-05 10:03 ` Richard Biener
  0 siblings, 1 reply; 3+ messages in thread
From: Jakub Jelinek @ 2018-11-05  9:33 UTC (permalink / raw)
  To: Richard Biener; +Cc: gcc-patches

Hi!

I wish I had a better fix, but I don't, trying to sanitize signed integer
arithmetics in the FEs already before any folding there is complicated by
that arithmetics being created just in way too many spots.

Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

2018-11-05  Jakub Jelinek  <jakub@redhat.com>

	PR sanitizer/87837
	* match.pd (X + Y < X): Don't optimize if TYPE_OVERFLOW_SANITIZED.

	* c-c++-common/ubsan/pr87837.c: New test.

--- gcc/match.pd.jj	2018-10-31 10:33:07.438686055 +0100
+++ gcc/match.pd	2018-11-01 10:26:44.251883633 +0100
@@ -1572,6 +1572,7 @@ (define_operator_list COND_TERNARY
   (op:c (plus:c@2 @0 @1) @1)
   (if (ANY_INTEGRAL_TYPE_P (TREE_TYPE (@0))
        && TYPE_OVERFLOW_UNDEFINED (TREE_TYPE (@0))
+       && !TYPE_OVERFLOW_SANITIZED (TREE_TYPE (@0))
        && (CONSTANT_CLASS_P (@0) || single_use (@2)))
    (op @0 { build_zero_cst (TREE_TYPE (@0)); }))))
 /* For equality, this is also true with wrapping overflow.  */
--- gcc/testsuite/c-c++-common/ubsan/pr87837.c.jj	2018-11-01 10:37:35.159186004 +0100
+++ gcc/testsuite/c-c++-common/ubsan/pr87837.c	2018-11-01 10:39:56.162868607 +0100
@@ -0,0 +1,18 @@
+/* PR sanitizer/87837 */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=signed-integer-overflow -Wno-unused-variable" } */
+
+int
+foo (int n)
+{
+  return n + __INT_MAX__ < n;
+}
+
+int
+main ()
+{
+  volatile int a = foo (1);
+  return 0;
+}
+
+/* { dg-output "signed integer overflow: 1 \\+ 2147483647 cannot be represented in type 'int'" } */

	Jakub

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] Fix -fsanitize=undefined vs. x + y < x (PR sanitizer/87837)
  2018-11-05  9:33 [PATCH] Fix -fsanitize=undefined vs. x + y < x (PR sanitizer/87837) Jakub Jelinek
@ 2018-11-05 10:03 ` Richard Biener
  2018-11-05 10:05   ` Jakub Jelinek
  0 siblings, 1 reply; 3+ messages in thread
From: Richard Biener @ 2018-11-05 10:03 UTC (permalink / raw)
  To: Jakub Jelinek; +Cc: gcc-patches

On Mon, 5 Nov 2018, Jakub Jelinek wrote:

> Hi!
> 
> I wish I had a better fix, but I don't, trying to sanitize signed integer
> arithmetics in the FEs already before any folding there is complicated by
> that arithmetics being created just in way too many spots.

I suppose we could play some tricks and "unset" TYPE_OVERFLOW_SANITIZED
after instrumentation finished?

> Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

OK.

Richard.

> 2018-11-05  Jakub Jelinek  <jakub@redhat.com>
> 
> 	PR sanitizer/87837
> 	* match.pd (X + Y < X): Don't optimize if TYPE_OVERFLOW_SANITIZED.
> 
> 	* c-c++-common/ubsan/pr87837.c: New test.
> 
> --- gcc/match.pd.jj	2018-10-31 10:33:07.438686055 +0100
> +++ gcc/match.pd	2018-11-01 10:26:44.251883633 +0100
> @@ -1572,6 +1572,7 @@ (define_operator_list COND_TERNARY
>    (op:c (plus:c@2 @0 @1) @1)
>    (if (ANY_INTEGRAL_TYPE_P (TREE_TYPE (@0))
>         && TYPE_OVERFLOW_UNDEFINED (TREE_TYPE (@0))
> +       && !TYPE_OVERFLOW_SANITIZED (TREE_TYPE (@0))
>         && (CONSTANT_CLASS_P (@0) || single_use (@2)))
>     (op @0 { build_zero_cst (TREE_TYPE (@0)); }))))
>  /* For equality, this is also true with wrapping overflow.  */
> --- gcc/testsuite/c-c++-common/ubsan/pr87837.c.jj	2018-11-01 10:37:35.159186004 +0100
> +++ gcc/testsuite/c-c++-common/ubsan/pr87837.c	2018-11-01 10:39:56.162868607 +0100
> @@ -0,0 +1,18 @@
> +/* PR sanitizer/87837 */
> +/* { dg-do run } */
> +/* { dg-options "-fsanitize=signed-integer-overflow -Wno-unused-variable" } */
> +
> +int
> +foo (int n)
> +{
> +  return n + __INT_MAX__ < n;
> +}
> +
> +int
> +main ()
> +{
> +  volatile int a = foo (1);
> +  return 0;
> +}
> +
> +/* { dg-output "signed integer overflow: 1 \\+ 2147483647 cannot be represented in type 'int'" } */
> 
> 	Jakub
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] Fix -fsanitize=undefined vs. x + y < x (PR sanitizer/87837)
  2018-11-05 10:03 ` Richard Biener
@ 2018-11-05 10:05   ` Jakub Jelinek
  0 siblings, 0 replies; 3+ messages in thread
From: Jakub Jelinek @ 2018-11-05 10:05 UTC (permalink / raw)
  To: Richard Biener; +Cc: gcc-patches

On Mon, Nov 05, 2018 at 11:03:28AM +0100, Richard Biener wrote:
> On Mon, 5 Nov 2018, Jakub Jelinek wrote:
> 
> > Hi!
> > 
> > I wish I had a better fix, but I don't, trying to sanitize signed integer
> > arithmetics in the FEs already before any folding there is complicated by
> > that arithmetics being created just in way too many spots.
> 
> I suppose we could play some tricks and "unset" TYPE_OVERFLOW_SANITIZED
> after instrumentation finished?

Yes, e.g. have some cfun-> flag or property that would be cleared during the
ubsan pass (and clear from the beginning if not sanitizing integer
overflows).

	Jakub

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2018-11-05 10:05 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-05  9:33 [PATCH] Fix -fsanitize=undefined vs. x + y < x (PR sanitizer/87837) Jakub Jelinek
2018-11-05 10:03 ` Richard Biener
2018-11-05 10:05   ` Jakub Jelinek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).