From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <xry111@mengyan1223.wang>
Received: from mengyan1223.wang (mengyan1223.wang [89.208.246.23])
 by sourceware.org (Postfix) with ESMTPS id 95A833858408
 for <gcc-patches@gcc.gnu.org>; Wed,  9 Mar 2022 16:12:41 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 95A833858408
Received: from localhost.localdomain (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-256) server-signature ECDSA (P-384) server-digest
 SHA384) (Client did not present a certificate)
 (Authenticated sender: xry111@mengyan1223.wang)
 by mengyan1223.wang (Postfix) with ESMTPSA id 159D065C24;
 Wed,  9 Mar 2022 11:12:38 -0500 (EST)
Message-ID: <b278df38f01b823d8a3915f67321affc9a8ca05b.camel@mengyan1223.wang>
Subject: [PATCH v2] cse: avoid signed overflow in compute_const_anchors [PR
 104843]
From: Xi Ruoyao <xry111@mengyan1223.wang>
To: Richard Biener <richard.guenther@gmail.com>
Cc: GCC Patches <gcc-patches@gcc.gnu.org>, Richard Sandiford
 <richard.sandiford@arm.com>, Jeff Law <law@redhat.com>
Date: Thu, 10 Mar 2022 00:12:36 +0800
In-Reply-To: <CAFiYyc3KbQDJby=enT53p9=yrmFT5iBDbgstXY1tAZv6vpEc3w@mail.gmail.com>
References: <a2561b832ad3ffc1a5c3a50762f916aa60068815.camel@mengyan1223.wang>
 <CAFiYyc3KbQDJby=enT53p9=yrmFT5iBDbgstXY1tAZv6vpEc3w@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.42.4 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-3037.9 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, JMQ_SPF_NEUTRAL,
 SPF_HELO_PASS, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2022 16:12:44 -0000

On Wed, 2022-03-09 at 15:55 +0100, Richard Biener wrote:

> isn't it better to make targetm.const_anchor unsigned?
> The & and ~ are not subject to overflow rules.

It's not enough: if n is the minimum value of HOST_WIDE_INT and
const_anchor = 0x8000 (the value for MIPS), we'll have a signed 0x7fff
in *upper_base.  Then the next line, "*upper_offs = n - *upper_base;"
will be a signed overflow again.

How about the following?

-- >8 --

With a non-zero const_anchor, the behavior of this function relied on
signed overflow.

gcc/

	PR rtl-optimization/104843
	* cse.cc (compute_const_anchors): Use unsigned HOST_WIDE_INT for
	n to perform overflow arithmetics safely.
---
 gcc/cse.cc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gcc/cse.cc b/gcc/cse.cc
index a18b599d324..052fa0c3490 100644
--- a/gcc/cse.cc
+++ b/gcc/cse.cc
@@ -1169,12 +1169,12 @@ compute_const_anchors (rtx cst,
 		       HOST_WIDE_INT *lower_base, HOST_WIDE_INT *lower_offs,
 		       HOST_WIDE_INT *upper_base, HOST_WIDE_INT *upper_offs)
 {
-  HOST_WIDE_INT n = INTVAL (cst);
-
-  *lower_base = n & ~(targetm.const_anchor - 1);
-  if (*lower_base == n)
+  unsigned HOST_WIDE_INT n = UINTVAL (cst);
+  unsigned HOST_WIDE_INT lb = n & ~(targetm.const_anchor - 1);
+  if (lb == n)
     return false;
 
+  *lower_base = lb;
   *upper_base =
     (n + (targetm.const_anchor - 1)) & ~(targetm.const_anchor - 1);
   *upper_offs = n - *upper_base;
-- 
2.35.1


>