From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 33445 invoked by alias); 17 Sep 2019 08:07:06 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 31858 invoked by uid 89); 17 Sep 2019 08:06:54 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-11.1 required=5.0 tests=BAYES_00,GIT_PATCH_2,GIT_PATCH_3,SPF_NEUTRAL autolearn=ham version=3.3.1 spammy=our X-HELO: eggs.gnu.org Received: from eggs.gnu.org (HELO eggs.gnu.org) (209.51.188.92) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 17 Sep 2019 08:06:52 +0000 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iA8Vb-0003b5-Cp for gcc-patches@gcc.gnu.org; Tue, 17 Sep 2019 04:06:51 -0400 Received: from rock.gnat.com ([205.232.38.15]:48165) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iA8VY-0003Y6-Tw for gcc-patches@gcc.gnu.org; Tue, 17 Sep 2019 04:06:46 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by filtered-rock.gnat.com (Postfix) with ESMTP id EB265117C17; Tue, 17 Sep 2019 04:06:36 -0400 (EDT) Received: from rock.gnat.com ([127.0.0.1]) by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id i0pInzzPF3kG; Tue, 17 Sep 2019 04:06:36 -0400 (EDT) Received: from tron.gnat.com (tron.gnat.com [IPv6:2620:20:4000:0:46a8:42ff:fe0e:e294]) by rock.gnat.com (Postfix) with ESMTP id 14548117C25; Tue, 17 Sep 2019 04:06:34 -0400 (EDT) Received: by tron.gnat.com (Postfix, from userid 4862) id 1353D6AD; Tue, 17 Sep 2019 04:06:34 -0400 (EDT) Date: Tue, 17 Sep 2019 08:07:00 -0000 From: Pierre-Marie de Rodat To: gcc-patches@gcc.gnu.org Cc: Yannick Moy Subject: [Ada] Fix possible suppressed overflows in arithmetic run-time Message-ID: <20190917080634.GA37596@adacore.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="PNTmBPCT7hxwcZjr" Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 205.232.38.15 X-IsSubscribed: yes X-SW-Source: 2019-09/txt/msg00978.txt.bz2 --PNTmBPCT7hxwcZjr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-length: 1007 Function Double_Divide computes the division of its parameters (X / (Y*Z)) in a way that avoids overflows on signed integers, except in two specific cases, when X = -2**63, abs(Y) = abs(Z) = 1 (leading to an overflow in -To_Int(Qu)) and when X = -2**63 and Y*Z is large enough that Qu=0 and so the remainder Ru=2**63 (leading to an overflow in -To_Int(Ru)), for example with Y = Z = 2**32-1. This fix avoids the overflow by applying "-" on the unsigned value before the conversion to signed integer. The issue cannot manifest as an overflow check failure in our runtime, as overflow checks are suppressed by using pragma Suppress at the start of the file. Assuming a machine implements wraparound semantics here, the result was correct even with the suppressed overflow. As a result, there can be no test showing the difference. Tested on x86_64-pc-linux-gnu, committed on trunk 2019-09-17 Yannick Moy gcc/ada/ * libgnat/s-arit64.adb (Double_Divide): Fix two possible overflows. --PNTmBPCT7hxwcZjr Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="patch.diff" Content-length: 606 --- gcc/ada/libgnat/s-arit64.adb +++ gcc/ada/libgnat/s-arit64.adb @@ -204,9 +204,13 @@ package body System.Arith_64 is -- Case of dividend (X) sign negative + -- We perform the unary minus operation on the unsigned value + -- before conversion to signed, to avoid a possible overflow for + -- value -2**63, both for computing R and Q. + else - R := -To_Int (Ru); - Q := (if Den_Pos then -To_Int (Qu) else To_Int (Qu)); + R := To_Int (-Ru); + Q := (if Den_Pos then To_Int (-Qu) else To_Int (Qu)); end if; end Double_Divide; --PNTmBPCT7hxwcZjr--