From patchwork Thu Mar 7 07:55:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Jelinek X-Patchwork-Id: 86913 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 106F13858D39 for ; Thu, 7 Mar 2024 07:55:53 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id 6C3993858D35 for ; Thu, 7 Mar 2024 07:55:26 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6C3993858D35 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6C3993858D35 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1709798128; cv=none; b=Jr2tQe4Q3Sb6lObx/ym6j0oE4n2V8oWx8c13LT58FwFeYGN47JQWLMgXbhY5rtp96USqtAbzkdGdu5NP2a5OinAK7VWP3iRkEnRNfJqajfbnn+nI0Ye6EyCD9PwPlPO8+y9rg7v0d2CNaRlYkyw8UmBQr413+0XYuluicIS0qoQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1709798128; c=relaxed/simple; bh=A/XeRuZtmVtQuED5uhfBSrlJ36SEhTGrr58Re2cVpvM=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=q/p4zbO6G2S77uDm5l62zxueIMXa4i/nPGTUTWtacIDV/Jua21qlFV4Qa4fWVtRXYkKlVH2TnlSad9DgkTUcHJEmeQc4ZWtamBOvMthoao/9uzxXDEJOmU9i8nVSL3RGIDq8rG+Ki08s8lA/g1KR2VCRz4Yo57yLm0yeokezT5o= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709798126; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type; bh=My4GXWI2CxiMI9nKUYs7awlhI/evWyqg45o5Evu/+a4=; b=S9njGEJFXENpBGv71AfSH2QYWN4zC8cziH31B3RPu9qpdrZaTatVfuDPPWfyttph8sqNFb wfLE3Pmof1/qgnk+hggT2k/RSs64J1CDYZUmExnKJUEC8y2K0oDRT12m98cQLVHYluOd1+ 3Xb/3/hEYop7lJC2K2JTcedSyYpnqBE= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-492-tN0t81KONeu6elVXRJrUog-1; Thu, 07 Mar 2024 02:55:22 -0500 X-MC-Unique: tN0t81KONeu6elVXRJrUog-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3EEED3830086; Thu, 7 Mar 2024 07:55:22 +0000 (UTC) Received: from tucnak.zalov.cz (unknown [10.45.226.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 04796492BFC; Thu, 7 Mar 2024 07:55:21 +0000 (UTC) Received: from tucnak.zalov.cz (localhost [127.0.0.1]) by tucnak.zalov.cz (8.17.1/8.17.1) with ESMTPS id 4277tJJn2806061 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Thu, 7 Mar 2024 08:55:20 +0100 Received: (from jakub@localhost) by tucnak.zalov.cz (8.17.1/8.17.1/Submit) id 4277tJpE2806060; Thu, 7 Mar 2024 08:55:19 +0100 Date: Thu, 7 Mar 2024 08:55:19 +0100 From: Jakub Jelinek To: Richard Biener Cc: gcc-patches@gcc.gnu.org Subject: [PATCH] sccvn: Avoid UB in ao_ref_init_from_vn_reference [PR105533] Message-ID: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline X-Spam-Status: No, score=-3.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Jakub Jelinek Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org Hi! When compiling libgcc or on e.g. int a[64]; int p; void foo (void) { int s = 1; while (p) { s -= 11; a[s] != 0; } } sccvn invokes UB in the compiler as detected by ubsan: ../../gcc/poly-int.h:1089:5: runtime error: left shift of negative value -40 The problem is that we still use C++11..C++17 as the implementation language and in those C++ versions shifting negative values left is UB (well defined since C++20) and above in offset += op->off << LOG2_BITS_PER_UNIT; op->off is poly_int64 with -40 value (in libgcc with -8). I understand the offset_int << LOG2_BITS_PER_UNIT shifts but it is then well defined during underlying implementation which is done on the uhwi limbs, but for poly_int64 we use offset += pop->off * BITS_PER_UNIT; a few lines earlier and I think that is both more readable in what it actually does and triggers UB only if there would be signed multiply overflow. In the end, the compiler will treat them the same at least at the RTL level (at least, if not and they aren't the same cost, it should). Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk? 2024-03-07 Jakub Jelinek PR middle-end/105533 * tree-ssa-sccvn.cc (ao_ref_init_from_vn_reference) : Multiple op->off by BITS_PER_UNIT instead of shifting it left by LOG2_BITS_PER_UNIT. Jakub --- gcc/tree-ssa-sccvn.cc.jj 2024-02-28 22:57:18.318658827 +0100 +++ gcc/tree-ssa-sccvn.cc 2024-03-06 14:52:16.819229719 +0100 @@ -1221,7 +1221,7 @@ ao_ref_init_from_vn_reference (ao_ref *r if (maybe_eq (op->off, -1)) max_size = -1; else - offset += op->off << LOG2_BITS_PER_UNIT; + offset += op->off * BITS_PER_UNIT; break; case REALPART_EXPR: