From: Marc Glisse <marc.glisse@inria.fr>
To: Richard Biener <rguenther@suse.de>
Cc: gcc-patches@gcc.gnu.org, "Jakub Jelinek" <jakub@redhat.com>,
"Martin Liška" <mliska@suse.cz>
Subject: Re: [RFC PATCH] Fix pointer diff (was: -fsanitize=pointer-overflow support (PR sanitizer/80998))
Date: Thu, 22 Jun 2017 09:29:00 -0000 [thread overview]
Message-ID: <alpine.DEB.2.20.1706221105340.2158@stedding.saclay.inria.fr> (raw)
In-Reply-To: <alpine.LSU.2.20.1706221022200.23185@zhemvz.fhfr.qr>
On Thu, 22 Jun 2017, Richard Biener wrote:
>> If we consider pointers as unsigned, with a subtraction that has a signed
>> result with the constraint that overflow is undefined, we cannot model that
>> optimally with just the usual signed/unsigned operations, so I am in favor of
>> POINTER_DIFF, at least in the long run (together with having a signed second
>> argument for POINTER_PLUS, etc). For 64-bit platforms it might have been
>> easier to declare that the upper half (3/4 ?) of the address space doesn't
>> exist...
>
> I repeatedly thought of POINTER_DIFF_EXPR but adding such a basic tree
> code is quite a big job.
Yes :-(
It is probably not realistic to introduce it just to avoid a couple
regressions while fixing a bug.
> So we'd have POINTER_DIFF_EXPR take two pointer typed args and produce
> ptrdiff_t. What's the advantage of having this?
It represents q-p with one statement instead of 3 (long)q-(long)p or 4
(long)((ulong)q-(ulong)p). It allows us to stay in the pointer world, so
(q-p)>0 is equivalent to p<q, not just (long)p<(long)q. It properly models
what (undefined) overflow means for pointers.
Of course it is hard to know in advance if that's significant or
negligible, maybe size_t finds its way in too many places anyway.
> And yes, I agree that POINTER_PLUS_EXPR should take
> ptrdiff_t rather than sizetype offset -- changing one without the
> other will lead to awkwardness in required patterns involving
> both like (p - q) + q.
>
> As said, it's a big job with likely all sorts of (testsuite) fallout.
>
>>> The third one is
>>> if (&a[b] - &a[c] != b - c)
>>> link_error();
>>> where fold already during generic folding used to be able to cope with it,
>>> but now we have:
>>> (long int) (((long unsigned int) b - (long unsigned int) c) * 4) /[ex] 4 !=
>>> b - c
>>> which we don't fold.
>>
>> Once we have this last expression, we have lost, we need to know that the
>> multiplication cannot overflow for this. When the size multiplications are
>> done in a signed type in the future (?), it might help.
>
> Not sure where the unsigned multiply comes from -- I guess we fold
> it inside the cast ...
We usually do those multiplications in an unsigned type. I experimented
with changing one such place in
https://gcc.gnu.org/ml/gcc-patches/2017-05/msg01641.html , there is
probably at least another one in the middle-end.
--
Marc Glisse
next prev parent reply other threads:[~2017-06-22 9:29 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-19 18:25 [RFC PATCH] -fsanitize=pointer-overflow support (PR sanitizer/80998) Jakub Jelinek
2017-06-20 7:41 ` Richard Biener
2017-06-20 8:14 ` Jakub Jelinek
2017-06-20 8:18 ` Richard Biener
2017-06-21 7:58 ` Jakub Jelinek
2017-06-21 8:04 ` Richard Biener
2017-06-21 14:40 ` [RFC PATCH] Fix pointer diff (was: -fsanitize=pointer-overflow support (PR sanitizer/80998)) Jakub Jelinek
2017-06-21 15:17 ` Jakub Jelinek
2017-06-21 16:27 ` Marc Glisse
2017-06-22 8:31 ` Richard Biener
2017-06-22 9:29 ` Marc Glisse [this message]
2017-06-22 9:46 ` Richard Biener
2017-07-01 16:41 ` Marc Glisse
2017-07-03 12:37 ` Richard Biener
2017-10-09 11:01 ` Marc Glisse
2017-10-19 15:11 ` Richard Biener
2017-10-28 13:04 ` Marc Glisse
2017-10-28 17:13 ` Richard Biener
2017-07-04 8:53 ` [RFC PATCH] -fsanitize=pointer-overflow support (PR sanitizer/80998) Jakub Jelinek
2017-06-21 8:00 ` Jakub Jelinek
2017-06-21 8:05 ` Richard Biener
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.20.1706221105340.2158@stedding.saclay.inria.fr \
--to=marc.glisse@inria.fr \
--cc=gcc-patches@gcc.gnu.org \
--cc=jakub@redhat.com \
--cc=mliska@suse.cz \
--cc=rguenther@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).