This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] Disable type demotion for sanitizer (PR sanitizer/82072)
- From: Jeff Law <law at redhat dot com>
- To: Marek Polacek <polacek at redhat dot com>, GCC Patches <gcc-patches at gcc dot gnu dot org>, Jakub Jelinek <jakub at redhat dot com>
- Date: Mon, 4 Sep 2017 00:08:43 -0600
- Subject: Re: [PATCH] Disable type demotion for sanitizer (PR sanitizer/82072)
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=law at redhat dot com
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com C2CDB83F3F
- References: <20170901174714.GB20631@redhat.com>
On 09/01/2017 11:47 AM, Marek Polacek wrote:
> Here, do_narrow and convert_to_integer_1 is demoting signed types to unsigned,
> e.g. for
> i = i - lmin
> where i is int and lmin is long int, so what we should produce is
> i = (int) ((long int) i - lmin)
> but instead it produces
> i = (int) ((unsigned int) i - (unsigned int) lmin);
> which hides the overflow. Similarly for NEGATE_EXPR. This patch prevents
> such demoting when the sanitizer is on.
>
> There still might be a similar issue with division or shifting, but I couldn't
> trigger that.
>
> Bootstrapped/regtested on x86_64-linux, ok for trunk?
>
> 2017-09-01 Marek Polacek <polacek@redhat.com>
>
> PR sanitizer/82072
> * convert.c (do_narrow): When sanitizing signed integer overflows,
> bail out for signed types.
> (convert_to_integer_1) <case NEGATE_EXPR>: Likewise.
>
> * c-c++-common/ubsan/pr82072.c: New test.
OK. There's probably other places that may need similar treatment. You
might want to peek at shorten_binary_op and shorten_compare to see if
they suffer from similar problems. We really want them to go away, but
we haven't gotten back to that project since Kai left.
Jeff