From: Paolo Bonzini <bonzini@gnu.org>
To: Jeff Law <law@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>
Cc: gcc-patches@gcc.gnu.org, joseph@codesourcery.com,
jakub@redhat.com, mpolacek@redhat.com
Subject: Re: [PATCH] Do not sanitize left shifts for -fwrapv (PR68418)
Date: Wed, 09 Dec 2015 13:31:00 -0000 [thread overview]
Message-ID: <56682D3F.4050408@gnu.org> (raw)
In-Reply-To: <56621824.50306@redhat.com>
On 04/12/2015 23:48, Jeff Law wrote:
>>
>> Why would pointer types be shifted at all (at the ubsan level,
>> which is basically the AST)?
> BTW, if you argument is that we can never get into this code with a
> shift of a pointer object, I'd like to see some kind of analysis to back
> up that assertion -- which could be as simple as pointing to FE code
> that issues an error if the user tried to do something like shift a
> pointer object.
You're right, I should have qualified that better. And actually there
is an issue with this patch, though it is not pointers.
There are only two call sites for ubsan_instrument_shift.
In c/c-typeck.c:
/* Remember whether we're doing << or >>. */
bool doing_shift = false;
/* The expression codes of the data types of the arguments tell us
whether the arguments are integers, floating, pointers, etc. */
code0 = TREE_CODE (type0);
code1 = TREE_CODE (type1);
switch (code)
{
...
case RSHIFT_EXPR:
...
else if ((code0 == INTEGER_TYPE || code0 == FIXED_POINT_TYPE)
&& code1 == INTEGER_TYPE)
{
doing_shift = true;
...
}
...
case LSHIFT_EXPR:
...
else if ((code0 == INTEGER_TYPE || code0 == FIXED_POINT_TYPE)
&& code1 == INTEGER_TYPE)
{
doing_shift = true;
...
}
...
}
...
if ((flag_sanitize & (SANITIZE_SHIFT | SANITIZE_DIVIDE
| SANITIZE_FLOAT_DIVIDE))
&& do_ubsan_in_current_function ()
&& (doing_div_or_mod || doing_shift)
&& !require_constant_value)
{
/* OP0 and/or OP1 might have side-effects. */
op0 = c_save_expr (op0);
op1 = c_save_expr (op1);
op0 = c_fully_fold (op0, false, NULL);
op1 = c_fully_fold (op1, false, NULL);
...
else if (doing_shift && (flag_sanitize & SANITIZE_SHIFT))
instrument_expr = ubsan_instrument_shift (location, code, op0, op1);
}
cp/typeck.c is the same but it doesn't handle code0 == FIXED_POINT_TYPE.
But FIXED_POINT_TYPE is not an integral type, and thus it would fail the
TYPE_OVERFLOW_WRAPS check with my patch. I'll post an updated patch that
also removes all instrumentation in the case of fixed point types, similar
to instrument_si_overflow.
Thanks for the careful review!
Paolo
prev parent reply other threads:[~2015-12-09 13:31 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-25 14:09 Paolo Bonzini
2015-12-04 17:51 ` Paolo Bonzini
2015-12-04 18:57 ` Jeff Law
2015-12-04 20:48 ` Paolo Bonzini
2015-12-04 22:46 ` Jeff Law
2015-12-04 22:48 ` Jeff Law
2015-12-09 13:31 ` Paolo Bonzini [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56682D3F.4050408@gnu.org \
--to=bonzini@gnu.org \
--cc=gcc-patches@gcc.gnu.org \
--cc=jakub@redhat.com \
--cc=joseph@codesourcery.com \
--cc=law@redhat.com \
--cc=mpolacek@redhat.com \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).