From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) by sourceware.org (Postfix) with ESMTPS id CBB2E3858D1E for ; Wed, 4 Jan 2023 09:19:22 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CBB2E3858D1E Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id A4CA73E7D8; Wed, 4 Jan 2023 09:19:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1672823959; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YBJYtsO8weQBFi60jhcCUhhKe9E2begpNInaNp8Hxow=; b=qAbQALG+lNJb74zBO71TPVsasBL8fep855xRXvrgOufq+Zt/1LCQSaIl06eZHu+8xB/8++ yNMYA+8PYdMmwz38sbXQ1DAISp4AxgAv/QHA5jZFf2bZkysWtEnRof65EO9YHAWOlneu2K mLCRiXEgSETAq/aFyAXGsE5XQ0h9P1U= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1672823959; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YBJYtsO8weQBFi60jhcCUhhKe9E2begpNInaNp8Hxow=; b=TwQa8xcJSN3UqDi2ER+LUM7HRIpNyZubbUt+QCsYTcP/kXa4iZXzNdT3IG15Y/hbCsCCMb YmCX8hSwA6SR1sCA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 91D951342C; Wed, 4 Jan 2023 09:19:19 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 0yePI5dEtWNANAAAMHmgww (envelope-from ); Wed, 04 Jan 2023 09:19:19 +0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Richard Biener Mime-Version: 1.0 (1.0) Subject: Re: [PATCH] ubsan: Avoid narrowing of multiply for -fsanitize=signed-integer-overflow [PR108256] Date: Wed, 4 Jan 2023 10:19:08 +0100 Message-Id: References: Cc: gcc-patches@gcc.gnu.org In-Reply-To: To: Jakub Jelinek X-Mailer: iPhone Mail (20C65) X-Spam-Status: No, score=-5.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: > Am 04.01.2023 um 10:09 schrieb Jakub Jelinek via Gcc-patches : >=20 > =EF=BB=BFHi! >=20 > We shouldn't narrow multiplications originally done in signed types, > because the original multiplication might overflow but the narrowed > one will be done in unsigned arithmetics and will never overflow. >=20 > Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk? Ok. Richard=20 > 2023-01-04 Jakub Jelinek >=20 > PR sanitizer/108256 > * convert.cc (do_narrow): Punt for MULT_EXPR if original > type doesn't wrap around and -fsanitize=3Dsigned-integer-overflow > is on. > * fold-const.cc (fold_unary_loc) : Likewise. >=20 > * c-c++-common/ubsan/pr108256.c: New test. >=20 > --- gcc/convert.cc.jj 2023-01-02 09:32:25.123245723 +0100 > +++ gcc/convert.cc 2023-01-03 10:02:36.309706050 +0100 > @@ -384,6 +384,14 @@ do_narrow (location_t loc, > && sanitize_flags_p (SANITIZE_SI_OVERFLOW)) > return NULL_TREE; >=20 > + /* Similarly for multiplication, but in that case it can be > + problematic even if typex is unsigned type - 0xffff * 0xffff > + overflows in int. */ > + if (ex_form =3D=3D MULT_EXPR > + && !TYPE_OVERFLOW_WRAPS (TREE_TYPE (expr)) > + && sanitize_flags_p (SANITIZE_SI_OVERFLOW)) > + return NULL_TREE; > + > /* But now perhaps TYPEX is as wide as INPREC. > In that case, do nothing special here. > (Otherwise would recurse infinitely in convert. */ > --- gcc/fold-const.cc.jj 2023-01-02 09:32:32.756135438 +0100 > +++ gcc/fold-const.cc 2023-01-03 10:30:05.492239455 +0100 > @@ -9574,7 +9574,9 @@ fold_unary_loc (location_t loc, enum tre > if (INTEGRAL_TYPE_P (type) > && TREE_CODE (op0) =3D=3D MULT_EXPR > && INTEGRAL_TYPE_P (TREE_TYPE (op0)) > - && TYPE_PRECISION (type) < TYPE_PRECISION (TREE_TYPE (op0))) > + && TYPE_PRECISION (type) < TYPE_PRECISION (TREE_TYPE (op0)) > + && (TYPE_OVERFLOW_WRAPS (TREE_TYPE (op0)) > + || !sanitize_flags_p (SANITIZE_SI_OVERFLOW))) > { > /* Be careful not to introduce new overflows. */ > tree mult_type; > --- gcc/testsuite/c-c++-common/ubsan/pr108256.c.jj 2023-01-03 10:14:49.= 064284638 +0100 > +++ gcc/testsuite/c-c++-common/ubsan/pr108256.c 2023-01-03 10:43:58.838= 326443 +0100 > @@ -0,0 +1,27 @@ > +/* PR sanitizer/108256 */ > +/* { dg-do run { target { lp64 || ilp32 } } } */ > +/* { dg-options "-fsanitize=3Dsigned-integer-overflow" } */ > + > +unsigned short > +foo (unsigned short x, unsigned short y) > +{ > + return x * y; > +} > + > +unsigned short > +bar (unsigned short x, unsigned short y) > +{ > + int r =3D x * y; > + return r; > +} > + > +int > +main () > +{ > + volatile unsigned short a =3D foo (0xffff, 0xffff); > + volatile unsigned short b =3D bar (0xfffe, 0xfffe); > + return 0; > +} > + > +/* { dg-output "signed integer overflow: 65535 \\\* 65535 cannot be repre= sented in type 'int'\[^\n\r]*(\n|\r\n|\r)" } */ > +/* { dg-output "\[^\n\r]*signed integer overflow: 65534 \\\* 65534 cannot= be represented in type 'int'" } */ >=20 > Jakub >=20