[C++] Detect UB in shifts in constexpr functions

Message ID	20141127142652.GC15555@redhat.com
State	New
Headers	show Return-Path: <gcc-patches-return-386023-incoming=patchwork.ozlabs.org@gcc.gnu.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; q=dns; s=default; b=qAHXv3kpUommofs99 xmdt2jrcMzCNsaYJw9u9iTqVknrbXIejt5qkxoCXYxEKLEB/ARmGi0xtez8FelFC fQSwvKQBCJW5Oa99xDpP+rG7hq+acVG/rGwNajgqq/J0AUZi+6bP0s3cDaRphbmd yIzFPjoLnq79w/SYDRKyh3mX70= Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk Sender: gcc-patches-owner@gcc.gnu.org Date: Thu, 27 Nov 2014 15:26:52 +0100 From: Marek Polacek <polacek@redhat.com> To: Jason Merrill <jason@redhat.com> Cc: Jakub Jelinek <jakub@redhat.com>, GCC Patches <gcc-patches@gcc.gnu.org> Subject: Re: [C++ PATCH] Detect UB in shifts in constexpr functions Message-ID: <20141127142652.GC15555@redhat.com> References: <20141124135114.GO29446@redhat.com> <20141124154925.GI1674@tucnak.redhat.com> <20141124155822.GQ29446@redhat.com> <20141124160508.GJ1674@tucnak.redhat.com> <20141124164148.GR29446@redhat.com> <5476063A.7020200@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5476063A.7020200@redhat.com> User-Agent: Mutt/1.5.23 (2014-03-12)

Message ID

20141127142652.GC15555@redhat.com

State

New

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:date
	:from:to:cc:subject:message-id:references:mime-version
	:content-type:in-reply-to; q=dns; s=default; b=qAHXv3kpUommofs99
	xmdt2jrcMzCNsaYJw9u9iTqVknrbXIejt5qkxoCXYxEKLEB/ARmGi0xtez8FelFC
	fQSwvKQBCJW5Oa99xDpP+rG7hq+acVG/rGwNajgqq/J0AUZi+6bP0s3cDaRphbmd
	yIzFPjoLnq79w/SYDRKyh3mX70=
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
Sender: gcc-patches-owner@gcc.gnu.org
Date: Thu, 27 Nov 2014 15:26:52 +0100
From: Marek Polacek <polacek@redhat.com>
To: Jason Merrill <jason@redhat.com>
Cc: Jakub Jelinek <jakub@redhat.com>, GCC Patches <gcc-patches@gcc.gnu.org>
Subject: Re: [C++ PATCH] Detect UB in shifts in constexpr functions
Message-ID: <20141127142652.GC15555@redhat.com>
References: <20141124135114.GO29446@redhat.com>
	<20141124154925.GI1674@tucnak.redhat.com>
	<20141124155822.GQ29446@redhat.com>
	<20141124160508.GJ1674@tucnak.redhat.com>
	<20141124164148.GR29446@redhat.com> <5476063A.7020200@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5476063A.7020200@redhat.com>
User-Agent: Mutt/1.5.23 (2014-03-12)

Commit Message

Marek Polacek Nov. 27, 2014, 2:26 p.m. UTC

On Wed, Nov 26, 2014 at 11:56:26AM -0500, Jason Merrill wrote:
> Please give diagnostics explaining what's wrong with the shift rather than
> the generic "is not a constant expression".

Done.
 
> >+      tree t = build_int_cst (unsigned_type_node, uprec - 1);
> >+      t = fold_build2 (MINUS_EXPR, unsigned_type_node, t, rhs);
> >+      tree ulhs = fold_convert (unsigned_type_for (lhstype), lhs);
> >+      t = fold_build2 (RSHIFT_EXPR, TREE_TYPE (ulhs), ulhs, t);
> >+      if (tree_int_cst_lt (integer_one_node, t))
> 
> This could also use a comment explaining the logic.

Ok.

How about the following then?

Bootstrapped/regtested on ppc64-linux.

2014-11-27  Marek Polacek  <polacek@redhat.com>

	* constexpr.c (cxx_eval_check_shift_p): New function.
	(cxx_eval_binary_expression): Call it.

	* g++.dg/cpp0x/constexpr-shift1.C: New test.
	* g++.dg/cpp1y/constexpr-shift1.C: New test.


	Marek

Comments

Jason Merrill Nov. 28, 2014, 2:28 p.m. UTC | #1

On 11/27/2014 09:26 AM, Marek Polacek wrote:
> On Wed, Nov 26, 2014 at 11:56:26AM -0500, Jason Merrill wrote:
>> Please give diagnostics explaining what's wrong with the shift rather than
>> the generic "is not a constant expression".
>
> Done.

I was thinking even more detailed: one diagnostic for negative count, 
one diagnostic for count larger than the precision of the lhs, and then 
a third for overflow.

>>> +      tree t = build_int_cst (unsigned_type_node, uprec - 1);
>>> +      t = fold_build2 (MINUS_EXPR, unsigned_type_node, t, rhs);
>>> +      tree ulhs = fold_convert (unsigned_type_for (lhstype), lhs);
>>> +      t = fold_build2 (RSHIFT_EXPR, TREE_TYPE (ulhs), ulhs, t);
>>> +      if (tree_int_cst_lt (integer_one_node, t))
>>
>> This could also use a comment explaining the logic.
>
> +      /* For signed x << y the following:
> +	 (unsigned) x >> ((prec (lhs) - 1) - y)
> +	 if > 1, is undefined.  */

I meant briefly explaining where that formula comes from.

Jason

diff --git gcc/cp/constexpr.c gcc/cp/constexpr.c
index ef9ef70..d305298 100644
--- gcc/cp/constexpr.c
+++ gcc/cp/constexpr.c
@@ -1451,6 +1451,48 @@  verify_constant (tree t, bool allow_non_constant, bool *non_constant_p,
   return *non_constant_p;
 }
 
+/* Return true if the shift operation on LHS and RHS is undefined.  */
+
+static bool
+cxx_eval_check_shift_p (enum tree_code code, tree lhs, tree rhs)
+{
+  if ((code != LSHIFT_EXPR && code != RSHIFT_EXPR)
+      || TREE_CODE (lhs) != INTEGER_CST
+      || TREE_CODE (rhs) != INTEGER_CST)
+    return false;
+
+  tree lhstype = TREE_TYPE (lhs);
+  unsigned HOST_WIDE_INT uprec = TYPE_PRECISION (TREE_TYPE (lhs));
+
+  /* [expr.shift] The behavior is undefined if the right operand
+     is negative, or greater than or equal to the length in bits
+     of the promoted left operand.  */
+  if (tree_int_cst_sgn (rhs) == -1 || compare_tree_int (rhs, uprec) >= 0)
+    return true;
+
+  /* The value of E1 << E2 is E1 left-shifted E2 bit positions; [...]
+     if E1 has a signed type and non-negative value, and E1x2^E2 is
+     representable in the corresponding unsigned type of the result type,
+     then that value, converted to the result type, is the resulting value;
+     otherwise, the behavior is undefined.  */
+  if (code == LSHIFT_EXPR && !TYPE_UNSIGNED (lhstype))
+    {
+      if (tree_int_cst_sgn (lhs) == -1)
+	return true;
+      /* For signed x << y the following:
+	 (unsigned) x >> ((prec (lhs) - 1) - y)
+	 if > 1, is undefined.  */
+      tree t = build_int_cst (unsigned_type_node, uprec - 1);
+      t = fold_build2 (MINUS_EXPR, unsigned_type_node, t, rhs);
+      tree ulhs = fold_convert (unsigned_type_for (lhstype), lhs);
+      t = fold_build2 (RSHIFT_EXPR, TREE_TYPE (ulhs), ulhs, t);
+      if (tree_int_cst_lt (integer_one_node, t))
+	return true;
+    }
+
+  return false;
+}
+
 /* Subroutine of cxx_eval_constant_expression.
    Attempt to reduce the unary expression tree T to a compile time value.
    If successful, return the value.  Otherwise issue a diagnostic
@@ -1513,6 +1555,9 @@  cxx_eval_binary_expression (const constexpr_ctx *ctx, tree t,
       else
 	r = build2_loc (loc, code, type, lhs, rhs);
     }
+  else if (cxx_eval_check_shift_p (code, lhs, rhs))
+    error_at (loc, "shift expression %q+E overflows",
+	      build2_loc (loc, code, type, lhs, rhs));
   VERIFY_CONSTANT (r);
   return r;
 }
diff --git gcc/testsuite/g++.dg/cpp0x/constexpr-shift1.C gcc/testsuite/g++.dg/cpp0x/constexpr-shift1.C
index e69de29..48c2ab1 100644
--- gcc/testsuite/g++.dg/cpp0x/constexpr-shift1.C
+++ gcc/testsuite/g++.dg/cpp0x/constexpr-shift1.C
@@ -0,0 +1,73 @@ 
+// { dg-do compile { target c++11 } }
+
+constexpr int
+fn1 (int i, int j)
+{
+  return i << j; // { dg-error "shift expression" }
+}
+
+constexpr int i1 = fn1 (1, -1);
+
+constexpr int
+fn2 (int i, int j)
+{
+  return i << j; // { dg-error "shift expression" }
+}
+
+constexpr int i2 = fn2 (1, 200);
+
+constexpr int
+fn3 (int i, int j)
+{
+  return i << j; // { dg-error "shift expression" }
+}
+
+constexpr int i3 = fn3 (-1, 2);
+
+constexpr int
+fn4 (int i, int j)
+{
+  return i << j; // { dg-error "shift expression" }
+}
+
+constexpr int i4 = fn4 (__INT_MAX__, 2);
+
+constexpr int
+fn5 (int i, int j)
+{
+  return i << j;
+}
+
+constexpr int i5 = fn5 (__INT_MAX__, 1);
+
+constexpr int
+fn6 (unsigned int i, unsigned int j)
+{
+  return i << j; // { dg-error "shift expression" }
+}
+
+constexpr int i6 = fn6 (1, -1);
+
+constexpr int
+fn7 (int i, int j)
+{
+  return i >> j; // { dg-error "shift expression" }
+}
+
+constexpr int i7 = fn7 (1, -1);
+
+constexpr int
+fn8 (int i, int j)
+{
+  return i >> j;
+}
+
+constexpr int i8 = fn8 (-1, 1);
+
+constexpr int
+fn9 (int i, int j)
+{
+  return i >> j;  // { dg-error "shift expression" }
+}
+
+constexpr int i9 = fn9 (1, 200);
diff --git gcc/testsuite/g++.dg/cpp1y/constexpr-shift1.C gcc/testsuite/g++.dg/cpp1y/constexpr-shift1.C
index e69de29..a739fd2 100644
--- gcc/testsuite/g++.dg/cpp1y/constexpr-shift1.C
+++ gcc/testsuite/g++.dg/cpp1y/constexpr-shift1.C
@@ -0,0 +1,9 @@ 
+// { dg-do compile { target c++14 } }
+
+constexpr int p = 1;
+constexpr __PTRDIFF_TYPE__ bar (int a)
+{
+  return ((__PTRDIFF_TYPE__) &p) << a; // { dg-error "is not a constant expression" }
+}
+constexpr __PTRDIFF_TYPE__ r = bar (2);
+constexpr __PTRDIFF_TYPE__ s = bar (0); // { dg-error "conversion from pointer" }