From patchwork Wed Jan  5 10:56:00 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Biener <rguenther@suse.de>
X-Patchwork-Id: 1575587
Return-Path: <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: bilbo.ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256
 header.s=default header.b=dy5r8QWg;
	dkim-atps=neutral
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org
 (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org;
 envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org;
 receiver=<UNKNOWN>)
Received: from sourceware.org (server2.sourceware.org
 [IPv6:2620:52:3:1:0:246e:9693:128c])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4JTRHv2QK2z9sXM
	for <incoming@patchwork.ozlabs.org>; Wed,  5 Jan 2022 21:56:41 +1100 (AEDT)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 90A7D3858423
	for <incoming@patchwork.ozlabs.org>; Wed,  5 Jan 2022 10:56:38 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 90A7D3858423
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1641380198;
	bh=iMHu3YtfVJ5cjjl4OIIfIx5iNcKAMGa5OD8IJyYxdps=;
	h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=dy5r8QWgwP077R+0z8NZcWpA016J7/SSa3LpvDFJO8y6oeX7zPVDJBLMHdOcL6zbv
	 rcXP4qMPNJtkV2tucnW6mZMYPGyopOREMNzCZ+/l7kaq9hfpF3Ma+tLritALwbmm5G
	 cIR+GmciQwpUbD3TeLGuedUrHJwqmGmBKUBUvDBA=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28])
 by sourceware.org (Postfix) with ESMTPS id ACA2F3858400
 for <gcc-patches@gcc.gnu.org>; Wed,  5 Jan 2022 10:56:18 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org ACA2F3858400
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de
 [192.168.254.74])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
 (No client certificate requested)
 by smtp-out1.suse.de (Postfix) with ESMTPS id 79B792110B
 for <gcc-patches@gcc.gnu.org>; Wed,  5 Jan 2022 10:56:17 +0000 (UTC)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de
 [192.168.254.74])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
 (No client certificate requested)
 by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 66CF313BBF
 for <gcc-patches@gcc.gnu.org>; Wed,  5 Jan 2022 10:56:17 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
 by imap2.suse-dmz.suse.de with ESMTPSA id rnzvF1F51WF7bAAAMHmgww
 (envelope-from <rguenther@suse.de>)
 for <gcc-patches@gcc.gnu.org>; Wed, 05 Jan 2022 10:56:17 +0000
Date: Wed, 5 Jan 2022 11:56:00 +0100 (CET)
To: gcc-patches@gcc.gnu.org
Subject: [PATCH] tree-optimization/103816 - detect offset overflow in SLP
 group analysis
Message-ID: <53o9p6r3-o129-pn55-o126-416851o9r498@fhfr.qr>
MIME-Version: 1.0
X-Spam-Status: No, score=-11.8 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_NONE,
 SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: Richard Biener via Gcc-patches
 <gcc-patches@gcc.gnu.org>
From: Richard Biener <rguenther@suse.de>
Reply-To: Richard Biener <rguenther@suse.de>
Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>

This makes sure to detect overflow when computing DR_GROUP_GAP
and DR_GROUP_SIZE more thoroughly so artificial testcases like the
added one are not fooling the existing check.

Bootstrapped and tested on x86_64-unknown-linux-gnu, pushed.

2022-01-05  Richard Biener  <rguenther@suse.de>

	PR tree-optimization/103816
	* tree-vect-data-refs.c (vect_analyze_group_access_1): Also
	check DR_GROUP_GAP compute for overflow and representability.

	* gcc.dg/torture/pr103816.c: New testcase.
---
 gcc/testsuite/gcc.dg/torture/pr103816.c | 10 ++++++++++
 gcc/tree-vect-data-refs.c               | 15 ++++++++++++++-
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 gcc/testsuite/gcc.dg/torture/pr103816.c

diff --git a/gcc/testsuite/gcc.dg/torture/pr103816.c b/gcc/testsuite/gcc.dg/torture/pr103816.c
new file mode 100644
index 00000000000..769036a1af8
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/torture/pr103816.c
@@ -0,0 +1,10 @@
+/* { dg-do compile } */
+/* { dg-additional-options "-w" } */
+
+extern struct {
+  unsigned char a;
+  unsigned char b;
+  unsigned char c;
+  unsigned char d;
+} g[];
+void main() { g[0].b = (g[0].b & g[4].b) * g[2305843009213693952ULL].c; }
diff --git a/gcc/tree-vect-data-refs.c b/gcc/tree-vect-data-refs.c
index 2b3ec6289de..dd20ed974af 100644
--- a/gcc/tree-vect-data-refs.c
+++ b/gcc/tree-vect-data-refs.c
@@ -2721,7 +2721,20 @@ vect_analyze_group_access_1 (vec_info *vinfo, dr_vec_info *dr_info)
           /* Check that the distance between two accesses is equal to the type
              size. Otherwise, we have gaps.  */
           diff = (TREE_INT_CST_LOW (DR_INIT (data_ref))
-                  - TREE_INT_CST_LOW (prev_init)) / type_size;
+		  - TREE_INT_CST_LOW (prev_init)) / type_size;
+	  if (diff < 1 || diff > UINT_MAX)
+	    {
+	      /* For artificial testcases with array accesses with large
+		 constant indices we can run into overflow issues which
+		 can end up fooling the groupsize constraint below so
+		 check the individual gaps (which are represented as
+		 unsigned int) as well.  */
+	      if (dump_enabled_p ())
+		dump_printf_loc (MSG_MISSED_OPTIMIZATION, vect_location,
+				 "interleaved access with gap larger "
+				 "than representable\n");
+	      return false;
+	    }
 	  if (diff != 1)
 	    {
 	      /* FORNOW: SLP of accesses with gaps is not supported.  */