This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] Fix UBSAN errors in dse.c (PR rtl-optimization/82044).
- From: Martin Liška <mliska at suse dot cz>
- To: Jakub Jelinek <jakub at redhat dot com>
- Cc: gcc-patches at gcc dot gnu dot org
- Date: Thu, 19 Oct 2017 13:36:57 +0200
- Subject: Re: [PATCH] Fix UBSAN errors in dse.c (PR rtl-optimization/82044).
- Authentication-results: sourceware.org; auth=none
- References: <d430e94b-5ea6-0c5c-0dfc-a09e62e0fcbd@suse.cz> <20170920081519.GU1701@tucnak>
On 09/20/2017 10:15 AM, Jakub Jelinek wrote:
> On Wed, Sep 20, 2017 at 09:50:32AM +0200, Martin Liška wrote:
>> Hello.
>>
>> Following patch handles UBSAN (overflow) in dce.c.
>
> dse.c ;)
>
>> --- a/gcc/dse.c
>> +++ b/gcc/dse.c
>> @@ -929,7 +929,9 @@ set_usage_bits (group_info *group, HOST_WIDE_INT offset, HOST_WIDE_INT width,
>> {
>> HOST_WIDE_INT i;
>> bool expr_escapes = can_escape (expr);
>> - if (offset > -MAX_OFFSET && offset + width < MAX_OFFSET)
>> + if (offset > -MAX_OFFSET
>> + && offset < MAX_OFFSET
>> + && offset + width < MAX_OFFSET)
>
> This can still overflow if width is close to HOST_WIDE_INT_MAX.
> Anyway, I don't remember this code too much, but wonder if either offset or
> width or their sum is outside of the -MAX_OFFSET, MAX_OFFSET range if we
> still don't want to record usage bits at least in the intersection of
> -MAX_OFFSET, MAX_OFFSET and offset, offset + width (the latter performed
> with infinite precision; though, if record_store is changed as suggested
> below, offset + width shouldn't overflow).
>
>> for (i=offset; i<offset+width; i++)
>> {
>> bitmap store1;
>> @@ -1536,7 +1538,11 @@ record_store (rtx body, bb_info_t bb_info)
>> }
>> store_info->group_id = group_id;
>> store_info->begin = offset;
>> - store_info->end = offset + width;
>> + if (offset > HOST_WIDE_INT_MAX - width)
>> + store_info->end = HOST_WIDE_INT_MAX;
>> + else
>> + store_info->end = offset + width;
>
> If offset + width overflows, I think we risk wrong-code by doing this, plus
> there are 3 other offset + width computations earlier in record_store
> before we reach this. I think instead we should treat such cases as wild
> stores early, i.e.:
> if (!canon_address (mem, &group_id, &offset, &base))
> {
> clear_rhs_from_active_local_stores ();
> return 0;
> }
>
> if (GET_MODE (mem) == BLKmode)
> width = MEM_SIZE (mem);
> else
> width = GET_MODE_SIZE (GET_MODE (mem));
>
> + if (offset > HOST_WIDE_INT_MAX - width)
> + {
> + clear_rhs_from_active_local_stores ();
> + return 0;
> + }
>
> or so.
>
>> +
>> store_info->is_set = GET_CODE (body) == SET;
>> store_info->rhs = rhs;
>> store_info->const_rhs = const_rhs;
>> @@ -1976,6 +1982,14 @@ check_mem_read_rtx (rtx *loc, bb_info_t bb_info)
>> return;
>> }
>>
>> + if (offset > MAX_OFFSET)
>> + {
>> + if (dump_file && (dump_flags & TDF_DETAILS))
>> + fprintf (dump_file, " reaches MAX_OFFSET.\n");
>> + add_wild_read (bb_info);
>> + return;
>> + }
>> +
Hi.
The later one works for me. I'm going to regtest that.
Ready after it survives regression tests?
Thanks,
Martin
>
> Is offset > MAX_OFFSET really problematic (and not just the width != -1 &&
> offset + width overflowing case)?
>
>> if (GET_MODE (mem) == BLKmode)
>> width = -1;
>> else
>>
>
>
> Jakub
>