yggdrasil/gcc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

middle-end/108995 - avoid folding when sanitizing overflow

Browse Source 
The following plugs one place in extract_muldiv where it should avoid
folding when sanitizing overflow.

	PR middle-end/108995
	* fold-const.cc (extract_muldiv_1): Avoid folding
	(CST * b) / CST2 when sanitizing overflow and we rely on
	overflow being undefined.

	* gcc.dg/ubsan/pr108995.c: New testcase.
This commit is contained in:
Richard Biener
2023-03-08 09:06:44 +01:00
parent bad177e848
commit ace65db921
2 changed files with 21 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
gcc/fold-const.cc
+3 -4
View File
@@ -7093,6 +7093,7 @@ extract_muldiv_1 (tree t, tree c, enum tree_code code, tree wide_type,
If we have an unsigned type, we cannot do this since it will change
the result if the original computation overflowed. */
if (TYPE_OVERFLOW_UNDEFINED (ctype)
&& !TYPE_OVERFLOW_SANITIZED (ctype)
&& ((code == MULT_EXPR && tcode == EXACT_DIV_EXPR)
|| (tcode == MULT_EXPR
&& code != TRUNC_MOD_EXPR && code != CEIL_MOD_EXPR
@@ -7102,8 +7103,7 @@ extract_muldiv_1 (tree t, tree c, enum tree_code code, tree wide_type,
if (wi::multiple_of_p (wi::to_wide (op1), wi::to_wide (c),
TYPE_SIGN (type)))
{
if (TYPE_OVERFLOW_UNDEFINED (ctype))
*strict_overflow_p = true;
*strict_overflow_p = true;
return fold_build2 (tcode, ctype, fold_convert (ctype, op0),
fold_convert (ctype,
const_binop (TRUNC_DIV_EXPR,
@@ -7112,8 +7112,7 @@ extract_muldiv_1 (tree t, tree c, enum tree_code code, tree wide_type,
else if (wi::multiple_of_p (wi::to_wide (c), wi::to_wide (op1),
TYPE_SIGN (type)))
{
if (TYPE_OVERFLOW_UNDEFINED (ctype))
*strict_overflow_p = true;
*strict_overflow_p = true;
return fold_build2 (code, ctype, fold_convert (ctype, op0),
fold_convert (ctype,
const_binop (TRUNC_DIV_EXPR,
gcc/testsuite/gcc.dg/ubsan/pr108995.c
+18
View File
@@ -0,0 +1,18 @@
/* { dg-do run { target int32 } } */
/* { dg-shouldfail "ubsan" } */
/* With optimization we constant fold and diagnose the overflow and do
not sanitize anything. */
/* { dg-skip-if "" { *-*-* } { "*" } { ! "-O0" } } */
/* { dg-options "-fsanitize=undefined -fno-sanitize-recover=undefined" } */
int a;
const int b = 44514;
int *c = &a;
int main ()
{
*c = 65526 * b / 6;
return 0;
}
/* { dg-output "signed integer overflow: 44514 \\* 65526 cannot be represented in type 'int'" } */