On Fri, Jan 29, 2016 at 5:21 PM, Bin Cheng <bin.ch...@arm.com> wrote: > Hi, > Function fold_binary_loc calls split_tree to split a tree into constant, > literal and variable parts. Function split_tree deals with minus_expr by > negating different parts into NEXGATE_EXPR. Since tree exprs fed to > split_tree are with NOP conversions stripped, this could result in illegal > expr for pointer expressions. Given below example as described by PR67921: > op0: (4 - (sizetype) &c) > code: MINUS_EXPR > op1: (sizetype)b > > fold_binary_loc calls split_tree for both op0 and op1 and gets below from the > function calls (it also flips the code): > op0: 4, -(sizetype)&c > code: PLUS_EXPR > op1: -b > > Here we generate NEGATIVE_EXPR of pointer variable (b) which is illegal. If > "-b" can not be canceled by following call to associate_trees, it will be > passed along in IR resulting in ICE somewhere. > > This patch fixes it by converting pointer expression to proper type before > negating it. Note the proper type is the outer type stripped in > fold_binary_loc before calling split_tree. I also included a test which is > heavily reduced from the original ffmpeg code in the original PR. > Considering it's stage4, I restricted the patch to the smallest change. As a > matter of fact, we may need to do the same thing for signed int types because > -TYPE_MIN is undefined. Unfortunately, I failed to create a test in this > case. > > Bootstrap and test on x64_64, is it OK?
Ok. Thanks, Richard. > 2016-01-27 Bin Cheng <bin.ch...@arm.com> > > PR tree-optimization/67921 > * fold-const.c (split_tree): New parameters. Convert pointer > type variable part to proper type before negating. > (fold_binary_loc): Pass new arguments to split_tree. > > gcc/testsuite/ChangeLog > 2016-01-27 Bin Cheng <bin.ch...@arm.com> > > PR tree-optimization/67921 > * c-c++-common/ubsan/pr67921.c: New test. > >
