From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by sourceware.org (Postfix) with ESMTPS id 5F6563858D37 for ; Thu, 27 Apr 2023 12:10:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5F6563858D37 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 8EA7121B01; Thu, 27 Apr 2023 12:10:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1682597440; h=from:from:reply-to:date:date:to:to:cc:cc:mime-version:mime-version: content-type:content-type; bh=z0/4TOlDpc6qFE0xmd1ojQJK8PGLj75XK4xKaTJ0/4I=; b=nJtv88h1a8vPdjgdwBKBBH9DDmhTx1PlnYEJAFugq3wpNQIbVyCfRJaMtDUdOx4JE+En2V /4d9drXdKRE8PAFQS8y/iFkYAJOB/5hDBs6EzW4iDLV1hxYO+boMuHV5Q/fwWQ90znmgZ1 p8Qv0TZYLLPuyDnvxJJ0uN9s2PA5t/I= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1682597440; h=from:from:reply-to:date:date:to:to:cc:cc:mime-version:mime-version: content-type:content-type; bh=z0/4TOlDpc6qFE0xmd1ojQJK8PGLj75XK4xKaTJ0/4I=; b=nKfI5rSlRe3d3eftirzKTIZsJnqm8vcpUS+akm8SIb3GK3M5MEuJCD5FOhI4k8URR3pcWR MRmMrLQwytfsOQDA== Received: from wotan.suse.de (wotan.suse.de [10.160.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 83FA82C141; Thu, 27 Apr 2023 12:10:40 +0000 (UTC) Date: Thu, 27 Apr 2023 12:10:40 +0000 (UTC) From: Richard Biener To: gcc-patches@gcc.gnu.org cc: Jakub Jelinek Subject: [PATCH] tree-optimization/109170 - bogus use-after-free with __builtin_expect User-Agent: Alpine 2.22 (LSU 394 2020-01-19) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-10.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,MISSING_MID,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Message-ID: <20230427121040._6H9H4awHnnzvCwe7dL7feFwcqinshnkPxSZUj4VsZQ@z> The following generalizes the range-op for __builtin_expect by using the fnspec machinery. We've defered this to stage1 - bootstrapped and tested on x86_64-unknown-linux-gnu. OK? Thanks, Richard. PR tree-optimization/109170 * gimple-range-op.cc (gimple_range_op_handler::maybe_builtin_call): Handle __builtin_expect and similar via cfn_pass_through_arg1 and inspecting the calls fnspec. * builtins.cc (builtin_fnspec): Handle BUILT_IN_EXPECT and BUILT_IN_EXPECT_WITH_PROBABILITY. --- gcc/builtins.cc | 2 ++ gcc/gimple-range-op.cc | 19 +++++++++++-------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/gcc/builtins.cc b/gcc/builtins.cc index 878596c240a..bd07873a80e 100644 --- a/gcc/builtins.cc +++ b/gcc/builtins.cc @@ -11718,6 +11718,8 @@ builtin_fnspec (tree callee) case BUILT_IN_RETURN_ADDRESS: return ".c"; case BUILT_IN_ASSUME_ALIGNED: + case BUILT_IN_EXPECT: + case BUILT_IN_EXPECT_WITH_PROBABILITY: return "1cX "; /* But posix_memalign stores a pointer into the memory pointed to by its first argument. */ diff --git a/gcc/gimple-range-op.cc b/gcc/gimple-range-op.cc index f7409e35a99..04e27d6aa05 100644 --- a/gcc/gimple-range-op.cc +++ b/gcc/gimple-range-op.cc @@ -43,6 +43,7 @@ along with GCC; see the file COPYING3. If not see #include "range.h" #include "value-query.h" #include "gimple-range.h" +#include "attr-fnspec.h" // Given stmt S, fill VEC, up to VEC_SIZE elements, with relevant ssa-names // on the statement. For efficiency, it is an error to not pass in enough @@ -984,14 +985,16 @@ gimple_range_op_handler::maybe_builtin_call () m_int = &op_cfn_parity; break; - case CFN_BUILT_IN_EXPECT: - case CFN_BUILT_IN_EXPECT_WITH_PROBABILITY: - m_valid = true; - m_op1 = gimple_call_arg (call, 0); - m_int = &op_cfn_pass_through_arg1; - break; - default: - break; + { + unsigned arg; + if (gimple_call_fnspec (call).returns_arg (&arg) && arg == 0) + { + m_valid = true; + m_op1 = gimple_call_arg (call, 0); + m_int = &op_cfn_pass_through_arg1; + } + break; + } } } -- 2.35.3