From patchwork Tue Nov 26 21:10:11 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom de Vries X-Patchwork-Id: 294422 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 90E312C00A6 for ; Wed, 27 Nov 2013 08:13:21 +1100 (EST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :message-id:date:from:mime-version:to:cc:subject:references :in-reply-to:content-type; q=dns; s=default; b=qLatZujZAjq2QjSjq RKVZfl595oVx2bKyKB3/LPCeCkKrS200IswwCGtAlmbHO8sM9vz5DHRntgDpkUFb VV/Ul3pvQ3KHfjFi5XjiNDnqRHFY8ylOSlR1UywFvIB4NCV4tEyH2imLPNeLiOHn +a54SFOgxx6qRVRZd+5qsuqt5U= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :message-id:date:from:mime-version:to:cc:subject:references :in-reply-to:content-type; s=default; bh=lq0fMoG1HmsKQdvIhIa2DG/ wiZE=; b=dpanZGluhmtqqE9nqONNJkiBbOo9tx+mD9YFEhTRAiysK964saqKV57 09ywKIo4CGhpJxUfETwCmSLqiycZ6cUV+GkD4JmGOcgMG5RXQ1V7yV/ae/lESiq8 ix5zzjS+FoLX1c62oIhLKpMFz002k/bm08e5TF1XWit/T2V4qshw= Received: (qmail 17521 invoked by alias); 26 Nov 2013 21:12:40 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 17454 invoked by uid 89); 26 Nov 2013 21:12:39 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.2 required=5.0 tests=AWL, BAYES_50, RDNS_NONE autolearn=no version=3.3.2 X-HELO: relay1.mentorg.com Received: from Unknown (HELO relay1.mentorg.com) (192.94.38.131) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 26 Nov 2013 21:10:32 +0000 Received: from svr-orw-fem-01.mgc.mentorg.com ([147.34.98.93]) by relay1.mentorg.com with esmtp id 1VlPtg-0004Ue-AT from Tom_deVries@mentor.com ; Tue, 26 Nov 2013 13:10:16 -0800 Received: from SVR-IES-FEM-01.mgc.mentorg.com ([137.202.0.104]) by svr-orw-fem-01.mgc.mentorg.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Tue, 26 Nov 2013 13:10:16 -0800 Received: from [127.0.0.1] (137.202.0.76) by SVR-IES-FEM-01.mgc.mentorg.com (137.202.0.104) with Microsoft SMTP Server id 14.2.247.3; Tue, 26 Nov 2013 21:10:13 +0000 Message-ID: <52950E33.3080209@mentor.com> Date: Tue, 26 Nov 2013 22:10:11 +0100 From: Tom de Vries User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1 MIME-Version: 1.0 To: Richard Biener CC: Jason Merrill , GCC Patches , Marc Glisse Subject: Re: [PATCH] Don't create out-of-bounds BIT_FIELD_REFs References: <5294544D.60506@mentor.com> In-Reply-To: On 26-11-13 11:12, Richard Biener wrote: > On Tue, Nov 26, 2013 at 8:57 AM, Tom de Vries wrote: >> Jason, >> >> This patch prevents creating out-of-bounds BIT_FIELD_REFs in 3 locations. >> >> It fixes a SIGSEGV (triggered by gimple_fold_indirect_ref_1) in >> simplify_bitfield_ref. I've added an assert to detect the problematic >> BIT_FIELD_REF there. >> >> Bootstrapped and reg-tested on x86_64. >> >> OK for trunk? > > Looks obvious to me - btw, instead of asserting in tree-ssa-forwprop.c > can you adjust the verify_expr BIT_FIELD_REF code so it checks for > this? > Done. And I've move the test-case to c-c++-common. Build and reg-tested on x86_64 (ada inclusive). Now redoing build and test, but with bootstrap build. OK for trunk? Thanks, - Tom 2013-11-25 Tom de Vries Marc Glisse PR middle-end/59037 * semantics.c (cxx_fold_indirect_ref): Don't create out-of-bounds BIT_FIELD_REF. * fold-const.c (fold_indirect_ref_1): Don't create out-of-bounds BIT_FIELD_REF. * gimple-fold.c (gimple_fold_indirect_ref): Same. * tree-cfg.c (verify_expr): Give error if BIT_FIELD_REF is out-of-bounds. * c-c++-common/pr59037.c: New testcase. diff --git a/gcc/cp/semantics.c b/gcc/cp/semantics.c index 316834c..71daaa2 100644 --- a/gcc/cp/semantics.c +++ b/gcc/cp/semantics.c @@ -9117,7 +9117,7 @@ cxx_fold_indirect_ref (location_t loc, tree type, tree op0, bool *empty_base) unsigned HOST_WIDE_INT indexi = offset * BITS_PER_UNIT; tree index = bitsize_int (indexi); - if (offset/part_widthi <= TYPE_VECTOR_SUBPARTS (op00type)) + if (offset / part_widthi < TYPE_VECTOR_SUBPARTS (op00type)) return fold_build3_loc (loc, BIT_FIELD_REF, type, op00, part_width, index); diff --git a/gcc/fold-const.c b/gcc/fold-const.c index f91673d..0926626 100644 --- a/gcc/fold-const.c +++ b/gcc/fold-const.c @@ -16719,7 +16719,7 @@ fold_indirect_ref_1 (location_t loc, tree type, tree op0) unsigned HOST_WIDE_INT indexi = offset * BITS_PER_UNIT; tree index = bitsize_int (indexi); - if (offset/part_widthi <= TYPE_VECTOR_SUBPARTS (op00type)) + if (offset / part_widthi < TYPE_VECTOR_SUBPARTS (op00type)) return fold_build3_loc (loc, BIT_FIELD_REF, type, op00, part_width, index); diff --git a/gcc/gimple-fold.c b/gcc/gimple-fold.c index 2902e69..7e9ba65 100644 --- a/gcc/gimple-fold.c +++ b/gcc/gimple-fold.c @@ -3418,7 +3418,7 @@ gimple_fold_indirect_ref (tree t) unsigned HOST_WIDE_INT indexi = offset * BITS_PER_UNIT; tree index = bitsize_int (indexi); if (offset / part_widthi - <= TYPE_VECTOR_SUBPARTS (TREE_TYPE (addrtype))) + < TYPE_VECTOR_SUBPARTS (TREE_TYPE (addrtype))) return fold_build3 (BIT_FIELD_REF, type, TREE_OPERAND (addr, 0), part_width, index); } diff --git a/gcc/testsuite/c-c++-common/pr59037.c b/gcc/testsuite/c-c++-common/pr59037.c new file mode 100644 index 0000000..fae13c2 --- /dev/null +++ b/gcc/testsuite/c-c++-common/pr59037.c @@ -0,0 +1,12 @@ +/* { dg-do compile } */ +/* { dg-options "-O3" } */ + +typedef int v4si __attribute__ ((vector_size (16))); + +int +main (int argc, char** argv) +{ + v4si x = {0,1,2,3}; + x = (v4si) {(x)[3], (x)[2], (x)[1], (x)[0]}; + return x[4]; +} diff --git a/gcc/tree-cfg.c b/gcc/tree-cfg.c index ab4bb09..f8937c6 100644 --- a/gcc/tree-cfg.c +++ b/gcc/tree-cfg.c @@ -2712,15 +2712,29 @@ verify_expr (tree *tp, int *walk_subtrees, void *data ATTRIBUTE_UNUSED) if (TREE_CODE (t) == BIT_FIELD_REF) { - if (!tree_fits_uhwi_p (TREE_OPERAND (t, 1)) - || !tree_fits_uhwi_p (TREE_OPERAND (t, 2))) + tree t0 = TREE_OPERAND (t, 0); + tree t1 = TREE_OPERAND (t, 1); + tree t2 = TREE_OPERAND (t, 2); + tree t0_type = TREE_TYPE (t0); + unsigned HOST_WIDE_INT t0_size = 0; + + if (tree_fits_uhwi_p (TYPE_SIZE (t0_type))) + t0_size = tree_to_uhwi (TYPE_SIZE (t0_type)); + else + { + HOST_WIDE_INT t0_max_size = max_int_size_in_bytes (t0_type); + if (t0_max_size > 0) + t0_size = t0_max_size * BITS_PER_UNIT; + } + if (!tree_fits_uhwi_p (t1) + || !tree_fits_uhwi_p (t2)) { error ("invalid position or size operand to BIT_FIELD_REF"); return t; } if (INTEGRAL_TYPE_P (TREE_TYPE (t)) && (TYPE_PRECISION (TREE_TYPE (t)) - != tree_to_uhwi (TREE_OPERAND (t, 1)))) + != tree_to_uhwi (t1))) { error ("integral result type precision does not match " "field size of BIT_FIELD_REF"); @@ -2729,12 +2743,19 @@ verify_expr (tree *tp, int *walk_subtrees, void *data ATTRIBUTE_UNUSED) else if (!INTEGRAL_TYPE_P (TREE_TYPE (t)) && TYPE_MODE (TREE_TYPE (t)) != BLKmode && (GET_MODE_PRECISION (TYPE_MODE (TREE_TYPE (t))) - != tree_to_uhwi (TREE_OPERAND (t, 1)))) + != tree_to_uhwi (t1))) { error ("mode precision of non-integral result does not " "match field size of BIT_FIELD_REF"); return t; } + if (t0_size != 0 + && tree_to_uhwi (t1) + tree_to_uhwi (t2) > t0_size) + { + error ("position plus size exceeds size of referenced object in " + "BIT_FIELD_REF"); + return t; + } } t = TREE_OPERAND (t, 0);