diff mbox series

[C/C++] Reject __builtin_{add,sub,mul}_overflow with pointer to const integer as last arg (PR c/90628)

Message ID 20190527212014.GB19695@tucnak
State New
Headers show
Series [C/C++] Reject __builtin_{add,sub,mul}_overflow with pointer to const integer as last arg (PR c/90628) | expand

Commit Message

Jakub Jelinek May 27, 2019, 9:20 p.m. UTC 
Hi!

As the testcase shows, we are silently accepting writes into const
variables, because the type generic builtins don't have a prototype.

Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux, ok for
trunk?

2019-05-27  Jakub Jelinek  <jakub@redhat.com>

	PR c/90628
	* c-common.c (check_builtin_function_arguments)
	<case BUILTIN_*_OVERFLOW>: Diagnose pointer to const qualified integer
	as last argument.

	* c-c++-common/builtin-arith-overflow-3.c: New test.


	Jakub

Comments

Jason Merrill May 28, 2019, 12:59 p.m. UTC | #1 
On 5/27/19 5:20 PM, Jakub Jelinek wrote:
> Hi!
> 
> As the testcase shows, we are silently accepting writes into const
> variables, because the type generic builtins don't have a prototype.
> 
> Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux, ok for
> trunk?
> 
> 2019-05-27  Jakub Jelinek  <jakub@redhat.com>
> 
> 	PR c/90628
> 	* c-common.c (check_builtin_function_arguments)
> 	<case BUILTIN_*_OVERFLOW>: Diagnose pointer to const qualified integer
> 	as last argument.
> 
> 	* c-c++-common/builtin-arith-overflow-3.c: New test.
> 
> --- gcc/c-family/c-common.c.jj	2019-05-21 16:16:48.068973678 +0200
> +++ gcc/c-family/c-common.c	2019-05-27 10:46:25.525968739 +0200
> @@ -5995,6 +5995,13 @@ check_builtin_function_arguments (locati
>   			"has pointer to boolean type", fndecl);
>   	      return false;
>   	    }
> +	  else if (TYPE_READONLY (TREE_TYPE (TREE_TYPE (args[2]))))
> +	    {
> +	      error_at (ARG_LOCATION (2), "argument 3 in call to function %qE "
> +			"has pointer type to %<const%> qualified integer",
> +			fndecl);

Is there a reason not to also print the type with %qT?

Jason
Jakub Jelinek May 28, 2019, 1:11 p.m. UTC | #2 
On Tue, May 28, 2019 at 08:59:57AM -0400, Jason Merrill wrote:
> On 5/27/19 5:20 PM, Jakub Jelinek wrote:
> > As the testcase shows, we are silently accepting writes into const
> > variables, because the type generic builtins don't have a prototype.
> > 
> > Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux, ok for
> > trunk?
> > 
> > 2019-05-27  Jakub Jelinek  <jakub@redhat.com>
> > 
> > 	PR c/90628
> > 	* c-common.c (check_builtin_function_arguments)
> > 	<case BUILTIN_*_OVERFLOW>: Diagnose pointer to const qualified integer
> > 	as last argument.
> > 
> > 	* c-c++-common/builtin-arith-overflow-3.c: New test.
> > 
> > --- gcc/c-family/c-common.c.jj	2019-05-21 16:16:48.068973678 +0200
> > +++ gcc/c-family/c-common.c	2019-05-27 10:46:25.525968739 +0200
> > @@ -5995,6 +5995,13 @@ check_builtin_function_arguments (locati
> >   			"has pointer to boolean type", fndecl);
> >   	      return false;
> >   	    }
> > +	  else if (TYPE_READONLY (TREE_TYPE (TREE_TYPE (args[2]))))
> > +	    {
> > +	      error_at (ARG_LOCATION (2), "argument 3 in call to function %qE "
> > +			"has pointer type to %<const%> qualified integer",
> > +			fndecl);
> 
> Is there a reason not to also print the type with %qT?

So like:
+	      error_at (ARG_LOCATION (2), "argument 3 in call to function %qE "
+			"has pointer type to %<const%> qualified integer "
+			"(%qT)", fndecl, TREE_TYPE (args[2]));
or some other wording?

I didn't want to say
"argument 3 in call to function %qE has type %qT" because then
users wouldn't know what the actual problem is.

	Jakub
Jason Merrill May 28, 2019, 1:50 p.m. UTC | #3 
On 5/28/19 9:11 AM, Jakub Jelinek wrote:
> On Tue, May 28, 2019 at 08:59:57AM -0400, Jason Merrill wrote:
>> On 5/27/19 5:20 PM, Jakub Jelinek wrote:
>>> As the testcase shows, we are silently accepting writes into const
>>> variables, because the type generic builtins don't have a prototype.
>>>
>>> Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux, ok for
>>> trunk?
>>>
>>> 2019-05-27  Jakub Jelinek  <jakub@redhat.com>
>>>
>>> 	PR c/90628
>>> 	* c-common.c (check_builtin_function_arguments)
>>> 	<case BUILTIN_*_OVERFLOW>: Diagnose pointer to const qualified integer
>>> 	as last argument.
>>>
>>> 	* c-c++-common/builtin-arith-overflow-3.c: New test.
>>>
>>> --- gcc/c-family/c-common.c.jj	2019-05-21 16:16:48.068973678 +0200
>>> +++ gcc/c-family/c-common.c	2019-05-27 10:46:25.525968739 +0200
>>> @@ -5995,6 +5995,13 @@ check_builtin_function_arguments (locati
>>>    			"has pointer to boolean type", fndecl);
>>>    	      return false;
>>>    	    }
>>> +	  else if (TYPE_READONLY (TREE_TYPE (TREE_TYPE (args[2]))))
>>> +	    {
>>> +	      error_at (ARG_LOCATION (2), "argument 3 in call to function %qE "
>>> +			"has pointer type to %<const%> qualified integer",
>>> +			fndecl);
>>
>> Is there a reason not to also print the type with %qT?
> 
> So like:
> +	      error_at (ARG_LOCATION (2), "argument 3 in call to function %qE "
> +			"has pointer type to %<const%> qualified integer "
> +			"(%qT)", fndecl, TREE_TYPE (args[2]));
> or some other wording?

> I didn't want to say
> "argument 3 in call to function %qE has type %qT" because then
> users wouldn't know what the actual problem is.

Sure.  Or "has pointer to %<const%> type (%qT)" as a terser alternative. 
  OK either way.

Jason
diff mbox series

Patch

--- gcc/c-family/c-common.c.jj	2019-05-21 16:16:48.068973678 +0200
+++ gcc/c-family/c-common.c	2019-05-27 10:46:25.525968739 +0200
@@ -5995,6 +5995,13 @@  check_builtin_function_arguments (locati
 			"has pointer to boolean type", fndecl);
 	      return false;
 	    }
+	  else if (TYPE_READONLY (TREE_TYPE (TREE_TYPE (args[2]))))
+	    {
+	      error_at (ARG_LOCATION (2), "argument 3 in call to function %qE "
+			"has pointer type to %<const%> qualified integer",
+			fndecl);
+	      return false;
+	    }
 	  return true;
 	}
       return false;
--- gcc/testsuite/c-c++-common/builtin-arith-overflow-3.c.jj	2019-05-27 10:51:46.829710217 +0200
+++ gcc/testsuite/c-c++-common/builtin-arith-overflow-3.c	2019-05-27 10:53:10.972330933 +0200
@@ -0,0 +1,42 @@ 
+/* PR c/90628 */
+/* { dg-do compile } */
+
+const int a = 1, b = 2, c = 3;
+const long d = 4, e = 5, f = 6;
+const long long g = 7, h = 8, i = 9;
+
+void
+f1 ()
+{
+  __builtin_add_overflow (a, b, &c);	/* { dg-error "argument 3 in call to function '__builtin_add_overflow' has pointer type to 'const' qualified integer" } */
+}
+
+void
+f2 ()
+{
+  __builtin_sub_overflow (d, e, &f);	/* { dg-error "argument 3 in call to function '__builtin_sub_overflow' has pointer type to 'const' qualified integer" } */
+}
+
+void
+f3 ()
+{
+  __builtin_mul_overflow (g, h, &i);	/* { dg-error "argument 3 in call to function '__builtin_mul_overflow' has pointer type to 'const' qualified integer" } */
+}
+
+void
+f4 ()
+{
+  __builtin_sadd_overflow (a, b, &c);	/* { dg-warning "passing argument 3 of '__builtin_sadd_overflow' discards 'const' qualifier from pointer target type" "" { target c } } */
+}	/* { dg-error "invalid conversion from 'const int\\*' to 'int\\*'" "" { target c++ } .-1 } */
+
+void
+f5 ()
+{
+  __builtin_ssubl_overflow (d, e, &f);	/* { dg-warning "passing argument 3 of '__builtin_ssubl_overflow' discards 'const' qualifier from pointer target type" "" { target c } } */
+}	/* { dg-error "invalid conversion from 'const long int\\*' to 'long int\\*'" "" { target c++ } .-1 } */
+
+void
+f6 ()
+{
+  __builtin_smulll_overflow (g, h, &i);	/* { dg-warning "passing argument 3 of '__builtin_smulll_overflow' discards 'const' qualifier from pointer target type" "" { target c } } */
+}	/* { dg-error "invalid conversion from 'const long long int\\*' to 'long long int\\*'" "" { target c++ } .-1 } */