Re: [RFC PATCH] Fix pointer diff (was: -fsanitize=pointer-overflow support (PR sanitizer/80998))

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

From: Marc Glisse <marc.glisse@inria.fr>
To: Richard Biener <rguenther@suse.de>
Cc: gcc-patches@gcc.gnu.org, "Jakub Jelinek" <jakub@redhat.com>,
	"Martin Liška" <mliska@suse.cz>
Subject: Re: [RFC PATCH] Fix pointer diff (was: -fsanitize=pointer-overflow support (PR sanitizer/80998))
Date: Thu, 22 Jun 2017 09:29:00 -0000	[thread overview]
Message-ID: <alpine.DEB.2.20.1706221105340.2158@stedding.saclay.inria.fr> (raw)
In-Reply-To: <alpine.LSU.2.20.1706221022200.23185@zhemvz.fhfr.qr>

On Thu, 22 Jun 2017, Richard Biener wrote:

>> If we consider pointers as unsigned, with a subtraction that has a signed
>> result with the constraint that overflow is undefined, we cannot model that
>> optimally with just the usual signed/unsigned operations, so I am in favor of
>> POINTER_DIFF, at least in the long run (together with having a signed second
>> argument for POINTER_PLUS, etc). For 64-bit platforms it might have been
>> easier to declare that the upper half (3/4 ?) of the address space doesn't
>> exist...
>
> I repeatedly thought of POINTER_DIFF_EXPR but adding such a basic tree
> code is quite a big job.

Yes :-(
It is probably not realistic to introduce it just to avoid a couple 
regressions while fixing a bug.

> So we'd have POINTER_DIFF_EXPR take two pointer typed args and produce
> ptrdiff_t.  What's the advantage of having this?

It represents q-p with one statement instead of 3 (long)q-(long)p or 4 
(long)((ulong)q-(ulong)p). It allows us to stay in the pointer world, so 
(q-p)>0 is equivalent to p<q, not just (long)p<(long)q. It properly models 
what (undefined) overflow means for pointers.

Of course it is hard to know in advance if that's significant or
negligible, maybe size_t finds its way in too many places anyway.

> And yes, I agree that POINTER_PLUS_EXPR should take
> ptrdiff_t rather than sizetype offset -- changing one without the
> other will lead to awkwardness in required patterns involving
> both like (p - q) + q.
>
> As said, it's a big job with likely all sorts of (testsuite) fallout.
>
>>> The third one is
>>>        if (&a[b] - &a[c] != b - c)
>>>                link_error();
>>> where fold already during generic folding used to be able to cope with it,
>>> but now we have:
>>> (long int) (((long unsigned int) b - (long unsigned int) c) * 4) /[ex] 4 !=
>>> b - c
>>> which we don't fold.
>>
>> Once we have this last expression, we have lost, we need to know that the
>> multiplication cannot overflow for this. When the size multiplications are
>> done in a signed type in the future (?), it might help.
>
> Not sure where the unsigned multiply comes from -- I guess we fold
> it inside the cast ...

We usually do those multiplications in an unsigned type. I experimented
with changing one such place in
https://gcc.gnu.org/ml/gcc-patches/2017-05/msg01641.html , there is
probably at least another one in the middle-end.

-- 
Marc Glisse

next prev parent reply	other threads:[~2017-06-22  9:29 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-19 18:25 [RFC PATCH] -fsanitize=pointer-overflow support (PR sanitizer/80998) Jakub Jelinek
2017-06-20  7:41 ` Richard Biener
2017-06-20  8:14   ` Jakub Jelinek
2017-06-20  8:18     ` Richard Biener
2017-06-21  7:58       ` Jakub Jelinek
2017-06-21  8:04         ` Richard Biener
2017-06-21 14:40       ` [RFC PATCH] Fix pointer diff (was: -fsanitize=pointer-overflow support (PR sanitizer/80998)) Jakub Jelinek
2017-06-21 15:17         ` Jakub Jelinek
2017-06-21 16:27         ` Marc Glisse
2017-06-22  8:31           ` Richard Biener
2017-06-22  9:29             ` Marc Glisse [this message]
2017-06-22  9:46               ` Richard Biener
2017-07-01 16:41                 ` Marc Glisse
2017-07-03 12:37                   ` Richard Biener
2017-10-09 11:01                     ` Marc Glisse
2017-10-19 15:11                       ` Richard Biener
2017-10-28 13:04                         ` Marc Glisse
2017-10-28 17:13                           ` Richard Biener
2017-07-04  8:53       ` [RFC PATCH] -fsanitize=pointer-overflow support (PR sanitizer/80998) Jakub Jelinek
2017-06-21  8:00   ` Jakub Jelinek
2017-06-21  8:05     ` Richard Biener

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.DEB.2.20.1706221105340.2158@stedding.saclay.inria.fr \
    --to=marc.glisse@inria.fr \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=jakub@redhat.com \
    --cc=mliska@suse.cz \
    --cc=rguenther@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).