[PATCH] Fix UBSAN errors in ipa-cp.

Wed, 23 Sep 2020 05:20:06 -0700 

I see the following UBSAN errors:

./xgcc -B. /home/marxin/Programming/gcc/gcc/testsuite/g++.dg/ipa/pr96806.C 
-std=c++11 -O -fipa-cp -fipa-cp-clone --param=ipa-cp-max-recursive-depth=94 
--param=logical-op-non-short-circuit=0
/home/marxin/Programming/gcc2/gcc/ipa-cp.c:3866:20: runtime error: signed 
integer overflow: 64 + 2147483584 cannot be represented in type 'int'
/home/marxin/Programming/gcc2/gcc/ipa-cp.c:3843:16: runtime error: signed 
integer overflow: -2147483648 + -2147483648 cannot be represented in type 'int'
/home/marxin/Programming/gcc2/gcc/ipa-cp.c:3864:20: runtime error: signed 
integer overflow: 1 + 2147483647 cannot be represented in type 'int'

Patch can bootstrap on x86_64-linux-gnu and survives regression tests.

Ready to be installed?
Thanks,
Martin

gcc/ChangeLog:

        * ipa-cp.c (safe_add): Handle also very small negative values.
        (value_topo_info::propagate_effects): Use properly safe_add.
---
 gcc/ipa-cp.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/gcc/ipa-cp.c b/gcc/ipa-cp.c
index b3e7d41ea10..e39ee28726d 100644
--- a/gcc/ipa-cp.c
+++ b/gcc/ipa-cp.c
@@ -3832,13 +3832,15 @@ propagate_constants_topo (class ipa_topo_info *topo)
/* Return the sum of A and B if none of them is bigger than INT_MAX/2, return 
-   the bigger one if otherwise.  */
+   the bigger one if otherwise.  Similarly for negative numbers.  */
static int 
 safe_add (int a, int b)
 {
   if (a > INT_MAX/2 || b > INT_MAX/2)
     return a > b ? a : b;
+  else if (a < -INT_MAX/2 || b < -INT_MAX/2)
+    return a > b ? b : a;
   else
     return a + b;
 }
@@ -3861,9 +3863,10 @@ value_topo_info<valtype>::propagate_effects ()
for (val = base; val; val = val->scc_next) 
        {
-         time = safe_add (time,
-                          val->local_time_benefit + val->prop_time_benefit);
-         size = safe_add (size, val->local_size_cost + val->prop_size_cost);
+         time = safe_add (time, val->local_time_benefit);
+         time = safe_add (time, val->prop_time_benefit);
+         size = safe_add (size, val->local_size_cost);
+         size = safe_add (size, val->prop_size_cost);
        }
for (val = base; val; val = val->scc_next) 
--
2.28.0

Reply via email to