Bug 78598 - tree-ssa-loop-prefetch.c:835:16: runtime error: signed integer overflow
Summary: tree-ssa-loop-prefetch.c:835:16: runtime error: signed integer overflow
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 7.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-29 19:29 UTC by Markus Trippelsdorf
Modified: 2016-12-01 15:01 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Markus Trippelsdorf 2016-11-29 19:29:50 UTC 
markus@x4 mplayer % cat subassconvert.i
struct bstr {
  long len;
} fn1();
struct microdvd_tag {
  int key;
  int data1;
  struct bstr data_string;
} fn2() {
  struct microdvd_tag *a;
  int i = sizeof "cfshyYpo";
  for (;; i--)
    switch (a[i].key)
    case 'y':
      if (a[i].data1)
        fn1();
}

markus@x4 mplayer % UBSAN_OPTIONS=print_stacktrace=1 /var/tmp/gcc_ubsan/usr/local/bin/gcc  -O3 -march=amdfam10 -c subassconvert.i
../../gcc/gcc/tree-ssa-loop-prefetch.c:835:16: runtime error: signed integer overflow: 288230376151711743 * 64 cannot be represented in type 'long int'
    #0 0x232e7bd in prune_ref_by_group_reuse ../../gcc/gcc/tree-ssa-loop-prefetch.c:835
    #1 0x232e7bd in prune_ref_by_reuse ../../gcc/gcc/tree-ssa-loop-prefetch.c:923
    #2 0x232e7bd in prune_group_by_reuse ../../gcc/gcc/tree-ssa-loop-prefetch.c:936
    #3 0x232e7bd in prune_by_reuse ../../gcc/gcc/tree-ssa-loop-prefetch.c:975
    #4 0x232e7bd in loop_prefetch_arrays ../../gcc/gcc/tree-ssa-loop-prefetch.c:1879
    #5 0x232e7bd in tree_ssa_prefetch_arrays() ../../gcc/gcc/tree-ssa-loop-prefetch.c:1989
    #6 0x195ad78 in execute_one_pass(opt_pass*) ../../gcc/gcc/passes.c:2370
    #7 0x195cc0b in execute_pass_list_1 ../../gcc/gcc/passes.c:2459
    #8 0x195cc34 in execute_pass_list_1 ../../gcc/gcc/passes.c:2460
    #9 0x195cc34 in execute_pass_list_1 ../../gcc/gcc/passes.c:2460
    #10 0x195ccc4 in execute_pass_list(function*, opt_pass*) ../../gcc/gcc/passes.c:2470
    #11 0xc75e4b in cgraph_node::expand() ../../gcc/gcc/cgraphunit.c:2001
    #12 0xc7b35a in expand_all_functions ../../gcc/gcc/cgraphunit.c:2137
    #13 0xc7b35a in symbol_table::compile() ../../gcc/gcc/cgraphunit.c:2494
    #14 0xc85517 in symbol_table::compile() ../../gcc/gcc/cgraphunit.c:2587
    #15 0xc85517 in symbol_table::finalize_compilation_unit() ../../gcc/gcc/cgraphunit.c:2584
    #16 0x1d3ead0 in compile_file ../../gcc/gcc/toplev.c:488
    #17 0x629a34 in do_compile ../../gcc/gcc/toplev.c:1983
    #18 0x629a34 in toplev::main(int, char**) ../../gcc/gcc/toplev.c:2117
    #19 0x62c066 in main ../../gcc/gcc/main.c:39
    #20 0x7f60d01cf310 in __libc_start_main ../csu/libc-start.c:286
    #21 0x62c489 in _start (/var/tmp/gcc_ubsan/usr/local/libexec/gcc/x86_64-pc-linux-gnu/7.0.0/cc1+0x62c489)
Comment 1 Markus Trippelsdorf 2016-12-01 14:59:35 UTC 
Author: trippels
Date: Thu Dec  1 14:59:03 2016
New Revision: 243113

URL: https://gcc.gnu.org/viewcvs?rev=243113&root=gcc&view=rev
Log:
Fix PR tree-optimization/78598 - tree-ssa-loop-prefetch.c:835:16: runtime error: signed integer overflow

Using bootstrap-ubsan gcc to build mplayer shows:

tree-ssa-loop-prefetch.c:835:16: runtime error: signed integer overflow:
288230376151711743 * 64 cannot be represented in type 'long int'

Here signed und unsigned integers are mixed in a division resulting in
bogus values: (-83 + 64ULL -1) / 64ULL) == 288230376151711743

Fixed by casting the unsigned parameter to signed.

	PR tree-optimization/78598
	* tree-ssa-loop-prefetch.c (ddown): Cast to signed to avoid
	overflows.

Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/tree-ssa-loop-prefetch.c
Comment 2 Markus Trippelsdorf 2016-12-01 15:01:08 UTC 
Fixed.