diff mbox series

Fix possible overflow in ipa-fnsummary

Message ID 20201014134215.GE21544@kam.mff.cuni.cz
State New
Headers show
Series Fix possible overflow in ipa-fnsummary | expand

Commit Message

Jan Hubicka Oct. 14, 2020, 1:42 p.m. UTC 
Hi,
while looking into jump functions I noticed that offset_map in
ipa-fnsummary is array of integers while everywhere else the offsets are
HOST_WIDE_INTs (for good reason since the offsets are pointer
adjustments moreover multplied by UNIT_SIZE)

Bootstrapped/regtested x86_64-linux, will commit it shortly.

gcc/ChangeLog:

2020-10-14  Jan Hubicka  <hubicka@ucw.cz>

	* ipa-fnsummary.c (remap_edge_summaries): Make offset_map HOST_WIDE_INT.
	(remap_freqcounting_predicate): Likewise.
	(ipa_merge_fn_summary_after_inlining): Likewise.
	* ipa-predicate.c (predicate::remap_after_inlining): Likewise
	* ipa-predicate.h (remap_after_inlining): Update.

Comments

Martin Jambor Oct. 14, 2020, 2:04 p.m. UTC | #1 
Hi,

On Wed, Oct 14 2020, Jan Hubicka wrote:
> Hi,
> while looking into jump functions I noticed that offset_map in
> ipa-fnsummary is array of integers while everywhere else the offsets are
> HOST_WIDE_INTs (for good reason since the offsets are pointer
> adjustments moreover multplied by UNIT_SIZE)
>
> Bootstrapped/regtested x86_64-linux, will commit it shortly.
>
> gcc/ChangeLog:
>
> 2020-10-14  Jan Hubicka  <hubicka@ucw.cz>
>
> 	* ipa-fnsummary.c (remap_edge_summaries): Make offset_map HOST_WIDE_INT.
> 	(remap_freqcounting_predicate): Likewise.
> 	(ipa_merge_fn_summary_after_inlining): Likewise.
> 	* ipa-predicate.c (predicate::remap_after_inlining): Likewise
> 	* ipa-predicate.h (remap_after_inlining): Update.
>
>
> diff --git a/gcc/ipa-fnsummary.c b/gcc/ipa-fnsummary.c
> index 771f432ebec..9e3eda4d3cb 100644
> --- a/gcc/ipa-fnsummary.c
> +++ b/gcc/ipa-fnsummary.c
> @@ -3896,7 +3896,7 @@ remap_edge_summaries (struct cgraph_edge *inlined_edge,
>  		      class ipa_node_params *params_summary,
>  		      class ipa_fn_summary *callee_info,
>  		      vec<int> operand_map,
> -		      vec<int> offset_map,
> +		      vec<HOST_WIDE_INT> offset_map,
>  		      clause_t possible_truths,
>  		      predicate *toplev_predicate)
>  {
> @@ -3957,7 +3957,7 @@ remap_freqcounting_predicate (class ipa_fn_summary *info,
>  			      class ipa_fn_summary *callee_info,
>  			      vec<ipa_freqcounting_predicate, va_gc> *v,
>  			      vec<int> operand_map,
> -			      vec<int> offset_map,
> +			      vec<HOST_WIDE_INT> offset_map,
>  			      clause_t possible_truths,
>  			      predicate *toplev_predicate)
>  
> @@ -3987,7 +3987,7 @@ ipa_merge_fn_summary_after_inlining (struct cgraph_edge *edge)
>    clause_t clause = 0;	/* not_inline is known to be false.  */
>    size_time_entry *e;
>    auto_vec<int, 8> operand_map;
> -  auto_vec<int, 8> offset_map;
> +  auto_vec<HOST_WIDE_INT, 8> offset_map;


if you want to do this, I suppose you also want to remove the INT_MAX
check from:

	      if (offset >= 0 && offset < INT_MAX)
		{
		  map = ipa_get_jf_ancestor_formal_id (jfunc);
		  if (!ipa_get_jf_ancestor_agg_preserved (jfunc))
		    offset = -1;
		  offset_map[i] = offset;
		}

further down in this function.  

Martin
diff mbox series

Patch

diff --git a/gcc/ipa-fnsummary.c b/gcc/ipa-fnsummary.c
index 771f432ebec..9e3eda4d3cb 100644
--- a/gcc/ipa-fnsummary.c
+++ b/gcc/ipa-fnsummary.c
@@ -3896,7 +3896,7 @@  remap_edge_summaries (struct cgraph_edge *inlined_edge,
 		      class ipa_node_params *params_summary,
 		      class ipa_fn_summary *callee_info,
 		      vec<int> operand_map,
-		      vec<int> offset_map,
+		      vec<HOST_WIDE_INT> offset_map,
 		      clause_t possible_truths,
 		      predicate *toplev_predicate)
 {
@@ -3957,7 +3957,7 @@  remap_freqcounting_predicate (class ipa_fn_summary *info,
 			      class ipa_fn_summary *callee_info,
 			      vec<ipa_freqcounting_predicate, va_gc> *v,
 			      vec<int> operand_map,
-			      vec<int> offset_map,
+			      vec<HOST_WIDE_INT> offset_map,
 			      clause_t possible_truths,
 			      predicate *toplev_predicate)
 
@@ -3987,7 +3987,7 @@  ipa_merge_fn_summary_after_inlining (struct cgraph_edge *edge)
   clause_t clause = 0;	/* not_inline is known to be false.  */
   size_time_entry *e;
   auto_vec<int, 8> operand_map;
-  auto_vec<int, 8> offset_map;
+  auto_vec<HOST_WIDE_INT, 8> offset_map;
   int i;
   predicate toplev_predicate;
   class ipa_call_summary *es = ipa_call_summaries->get (edge);
diff --git a/gcc/ipa-predicate.c b/gcc/ipa-predicate.c
index 27dabf2dc6a..605da912d26 100644
--- a/gcc/ipa-predicate.c
+++ b/gcc/ipa-predicate.c
@@ -508,7 +508,7 @@  predicate::remap_after_inlining (class ipa_fn_summary *info,
 				 class ipa_node_params *params_summary,
 				 class ipa_fn_summary *callee_info,
 				 vec<int> operand_map,
-				 vec<int> offset_map,
+				 vec<HOST_WIDE_INT> offset_map,
 				 clause_t possible_truths,
 				 const predicate &toplev_predicate)
 {
diff --git a/gcc/ipa-predicate.h b/gcc/ipa-predicate.h
index 05e37073817..34a0d239d2a 100644
--- a/gcc/ipa-predicate.h
+++ b/gcc/ipa-predicate.h
@@ -243,7 +243,8 @@  public:
   predicate remap_after_inlining (class ipa_fn_summary *,
 		  		  class ipa_node_params *params_summary,
 			          class ipa_fn_summary *,
-			          vec<int>, vec<int>, clause_t, const predicate &);
+				  vec<int>, vec<HOST_WIDE_INT>,
+				  clause_t, const predicate &);
 
   void stream_in (class lto_input_block *);
   void stream_out (struct output_block *);