https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100487
Bug ID: 100487
Summary: A possible divide by zero bug in
jump_table_cluster::emit
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: yguoaz at cse dot ust.hk
Target Milestone: ---
In the file tree-switch-conversion.c, the function jump_table_cluster::emit has
the following code (link to the code location:
https://github.com/gcc-mirror/gcc/blob/releases/gcc-11/gcc/tree-switch-conversion.c#L1118):
void
jump_table_cluster::emit (tree index_expr, tree,
tree default_label_expr, basic_block default_bb,
location_t loc) {
unsigned HOST_WIDE_INT range = get_range (get_low (), get_high ());
...
case_edge->probability
= profile_probability::always ().apply_scale ((intptr_t)case_edge->aux,
range);
}
/* Return *THIS * NUM / DEN. */
profile_probability apply_scale (int64_t num, int64_t den) const
{
...
safe_scale_64bit (m_val, num, den, &tmp);
...
}
Since get_range may return 0, this will lead to a potential divide by zero
following the call sequence:
apply_scale (num, den) -> safe_scale_64bit (m_val, num, den, &tmp)-> using den
as divisor in the function safe_scale_64bit.
I think we should check range's value against 0 or add an explicit assertion to
the function "profile_probability apply_scale (int64_t num, int64_t den)".
Notice that another similar function "profile_count apply_scale (int64_t num,
int64_t den) const" has explicitly asserted that den>0.
