On 11/02/2017 07:15 AM, Martin Liška wrote:
> PING^1
I don't see an updated patch in this thread? THe last message I see is
this one where you indicate you're going to tweak the patch and re-test.
Jeff
>
> On 10/19/2017 01:36 PM, Martin Liška wrote:
>> On 09/20/2017 10:15 AM, Jakub Jelinek wrote:
>>> On Wed, Sep 20, 2017 at 09:50:32AM +0200, Martin Liška wrote:
>>>> Hello.
>>>>
>>>> Following patch handles UBSAN (overflow) in dce.c.
>>>
>>> dse.c ;)
>>>
>>>> --- a/gcc/dse.c
>>>> +++ b/gcc/dse.c
>>>> @@ -929,7 +929,9 @@ set_usage_bits (group_info *group, HOST_WIDE_INT
>>>> offset, HOST_WIDE_INT width,
>>>> {
>>>> HOST_WIDE_INT i;
>>>> bool expr_escapes = can_escape (expr);
>>>> - if (offset > -MAX_OFFSET && offset + width < MAX_OFFSET)
>>>> + if (offset > -MAX_OFFSET
>>>> + && offset < MAX_OFFSET
>>>> + && offset + width < MAX_OFFSET)
>>>
>>> This can still overflow if width is close to HOST_WIDE_INT_MAX.
>>> Anyway, I don't remember this code too much, but wonder if either offset or
>>> width or their sum is outside of the -MAX_OFFSET, MAX_OFFSET range if we
>>> still don't want to record usage bits at least in the intersection of
>>> -MAX_OFFSET, MAX_OFFSET and offset, offset + width (the latter performed
>>> with infinite precision; though, if record_store is changed as suggested
>>> below, offset + width shouldn't overflow).
>>>
>>>> for (i=offset; i<offset+width; i++)
>>>> {
>>>> bitmap store1;
>>>> @@ -1536,7 +1538,11 @@ record_store (rtx body, bb_info_t bb_info)
>>>> }
>>>> store_info->group_id = group_id;
>>>> store_info->begin = offset;
>>>> - store_info->end = offset + width;
>>>> + if (offset > HOST_WIDE_INT_MAX - width)
>>>> + store_info->end = HOST_WIDE_INT_MAX;
>>>> + else
>>>> + store_info->end = offset + width;
>>>
>>> If offset + width overflows, I think we risk wrong-code by doing this, plus
>>> there are 3 other offset + width computations earlier in record_store
>>> before we reach this. I think instead we should treat such cases as wild
>>> stores early, i.e.:
>>> if (!canon_address (mem, &group_id, &offset, &base))
>>> {
>>> clear_rhs_from_active_local_stores ();
>>> return 0;
>>> }
>>>
>>> if (GET_MODE (mem) == BLKmode)
>>> width = MEM_SIZE (mem);
>>> else
>>> width = GET_MODE_SIZE (GET_MODE (mem));
>>>
>>> + if (offset > HOST_WIDE_INT_MAX - width)
>>> + {
>>> + clear_rhs_from_active_local_stores ();
>>> + return 0;
>>> + }
>>>
>>> or so.
>>>
>>>> +
>>>> store_info->is_set = GET_CODE (body) == SET;
>>>> store_info->rhs = rhs;
>>>> store_info->const_rhs = const_rhs;
>>>> @@ -1976,6 +1982,14 @@ check_mem_read_rtx (rtx *loc, bb_info_t bb_info)
>>>> return;
>>>> }
>>>>
>>>> + if (offset > MAX_OFFSET)
>>>> + {
>>>> + if (dump_file && (dump_flags & TDF_DETAILS))
>>>> + fprintf (dump_file, " reaches MAX_OFFSET.\n");
>>>> + add_wild_read (bb_info);
>>>> + return;
>>>> + }
>>>> +
>>
>> Hi.
>>
>> The later one works for me. I'm going to regtest that.
>>
>> Ready after it survives regression tests?
>>
>> Thanks,
>> Martin
>>
>>>
>>> Is offset > MAX_OFFSET really problematic (and not just the width != -1 &&
>>> offset + width overflowing case)?
>>>
>>>> if (GET_MODE (mem) == BLKmode)
>>>> width = -1;
>>>> else
>>>>
>>>
>>>
>>> Jakub
>>>
>>
>
