re PR sanitizer/63697 (-fsanitize=undefined doesn't detect some subtraction overflows)

PR sanitizer/63697 * tree-vrp.c (simplify_internal_call_using_ranges): For subcode == MINUS_EXPR, check overflow on vr0.min - vr1.max and vr0.max - vr1.min instead of vr0.min - vr1.min and vr0.max - vr1.max. * c-c++-common/ubsan/overflow-sub-3.c: New test. From-SVN: r216962

re PR sanitizer/63697 (-fsanitize=undefined doesn't detect some subtraction overflows)
PR sanitizer/63697 * tree-vrp.c (simplify_internal_call_using_ranges): For subcode == MINUS_EXPR, check overflow on vr0.min - vr1.max and vr0.max - vr1.min instead of vr0.min - vr1.min and vr0.max - vr1.max. * c-c++-common/ubsan/overflow-sub-3.c: New test. From-SVN: r216962
c288810f · Jakub Jelinek · Jakub Jelinek · 6fd52b78 · c288810f · c288810f
Commit c288810f authored Oct 31, 2014 by Jakub Jelinek Committed by Jakub Jelinek Oct 31, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 50 additions and 2 deletions

gcc/ChangeLog
+7 -0

gcc/testsuite/ChangeLog
+5 -0

gcc/testsuite/c-c++-common/ubsan/overflow-sub-3.c
+34 -0

gcc/tree-vrp.c
+4 -2

No files found.
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
+2014-10-31  Jakub Jelinek  <jakub@redhat.com>
+
+	PR sanitizer/63697
+	* tree-vrp.c (simplify_internal_call_using_ranges): For subcode ==
+	MINUS_EXPR, check overflow on vr0.min - vr1.max and vr0.max - vr1.min
+	instead of vr0.min - vr1.min and vr0.max - vr1.max.
+
 2014-10-31  Max Ostapenko  <m.ostapenko@partner.samsung.com>

 	PR ipa/63696
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
+2014-10-31  Jakub Jelinek  <jakub@redhat.com>
+
+	PR sanitizer/63697
+	* c-c++-common/ubsan/overflow-sub-3.c: New test.
+
 2014-10-30  Marek Polacek  <polacek@redhat.com>

 	* gcc.dg/diag-aka-1.c: New test.

--- a/gcc/testsuite/c-c++-common/ubsan/overflow-sub-3.c
+++ b/gcc/testsuite/c-c++-common/ubsan/overflow-sub-3.c
+/* { dg-do run } */
+/* { dg-options "-fsanitize=signed-integer-overflow" } */
+
+__attribute__((noinline, noclone)) int
+foo1 (int x, int y)
+{
+  return x - y;
+}
+
+__attribute__((noinline, noclone)) int
+foo2 (int x, int y)
+{
+  unsigned int xa = (unsigned int) x - (__INT_MAX__ - 3);
+  xa &= 3;
+  x = __INT_MAX__ - 3 + xa;
+  unsigned int ya = y + 1U;
+  ya &= 1;
+  y = ya - 1;
+  return x - y;
+}
+
+int
+main ()
+{
+  int xm1, y;
+  for (xm1 = __INT_MAX__ - 4; xm1 < __INT_MAX__; xm1++)
+    for (y = -1; y <= 0; y++)
+      if (foo1 (xm1 + 1, y) != (int) (xm1 + 1U - y)
+	  || foo2 (xm1 + 1, y) != (int) (xm1 + 1U - y))
+	__builtin_abort ();
+  return 0;
+}
+/* { dg-output ":7:\[0-9]\[^\n\r]*signed integer overflow: 2147483647 - -1 cannot be represented in type 'int'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*:19:\[0-9]\[^\n\r]*signed integer overflow: 2147483647 - -1 cannot be represented in type 'int'" } */
--- a/gcc/tree-vrp.c
+++ b/gcc/tree-vrp.c
@@ -9538,8 +9538,10 @@ simplify_internal_call_using_ranges (gimple_stmt_iterator *gsi, gimple stmt)
    }
  else
    {
-      tree r1 = int_const_binop (subcode, vr0.min, vr1.min);
-      tree r2 = int_const_binop (subcode, vr0.max, vr1.max);
+      tree r1 = int_const_binop (subcode, vr0.min,
+				 subcode == MINUS_EXPR ? vr1.max : vr1.min);
+      tree r2 = int_const_binop (subcode, vr0.max,
+				 subcode == MINUS_EXPR ? vr1.min : vr1.max);
      if (r1 == NULL_TREE || TREE_OVERFLOW (r1)
 	  || r2 == NULL_TREE || TREE_OVERFLOW (r2))
 	return false;