From patchwork Wed Jan  4 09:08:53 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jakub Jelinek <jakub@redhat.com>
X-Patchwork-Id: 38812
Return-Path: <gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp5043885wrt;
        Wed, 4 Jan 2023 01:09:47 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXtyrz6NhrwGNxAYZJvtJJq8pbDS1WJa/p+goc91KSLmvp+6sj+CtRZC7QBFj/XD5Gxo3uka
X-Received: by 2002:a17:907:7e83:b0:7c0:f558:e518 with SMTP id
 qb3-20020a1709077e8300b007c0f558e518mr48954207ejc.51.1672823387796;
        Wed, 04 Jan 2023 01:09:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1672823387; cv=none;
        d=google.com; s=arc-20160816;
        b=YA/V7wCzh9IXyRoNNg5AH4wQ8G1nrxrL8pc5UdTBsYp+Ot3YAZ+nt20YjxfN6+FEnl
         G3bVNRagDIs8d+pjBrZKVp/lxAgHfY81TNobQrWpyUcb2E7zPApWhPwfvntbA7xZjTQB
         QprIflAWT6dywJe84vhUSzA0QXC65ML9OVmQI/nZ7VGfWlo/n1j21/pMYdQSbxOqPiYH
         UqTzqb58k2ZWzL0q6C0W6cdQ9JTCK3nDxOgAlJl1/BUoSjTQWKvuIgXOyr+UhfD+24kz
         apNb2BusJkIJGKxp/ir4ozR7qy7G4vZhju8N8VSK4T9mdwgfWNBYfOgu7xDnZ/+YA3B0
         BDgA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post
         :list-archive:list-unsubscribe:list-id:precedence
         :content-disposition:mime-version:message-id:subject:cc:to:date
         :dmarc-filter:delivered-to:dkim-signature:dkim-filter;
        bh=gXVscWKpdUk+W1YSIaYPlcmZd3+dE2YLqSxSIlQRSqg=;
        b=DnYb5zvbVMPnsdOPz0H7A/yPRPMJ7h1DmUiCP9MpiDAdPQINfI9MQEdOO134LUjQnM
         7dtpHbBe+nJJ2dM88qVqEZh3P4TDpIePw3nEbdwSfsXP8kLoyd53fU9LfLrPcL5ckHLA
         yZus8M0v2jBLpeqHVU313m/aPpHld5xg9ZUgbZcbrBd3qPBGTzUROL6LaFshK82nQ12+
         2hYpwx0uzSKJpQe+LtwUkAjNgQDD0+5T3IDcPteL1zqsGtlIkVEjAxBnABIh3PHFSNCh
         DgWQC2itML3ztN6FSYvs09tV6BX9jmlTX8L6s5CEuyMRZE4WtfFnYPdMBt2enaJ7lwTn
         /8ow==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gcc.gnu.org header.s=default header.b=x90HWQYX;
       spf=pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org
Received: from sourceware.org (server2.sourceware.org.
 [2620:52:3:1:0:246e:9693:128c])
        by mx.google.com with ESMTPS id
 hc42-20020a17090716aa00b007c10a0c590dsi31559120ejc.25.2023.01.04.01.09.47
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 04 Jan 2023 01:09:47 -0800 (PST)
Received-SPF: pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gcc.gnu.org header.s=default header.b=x90HWQYX;
       spf=pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 954A43858C39
	for <ouuuleilei@gmail.com>; Wed,  4 Jan 2023 09:09:46 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 954A43858C39
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1672823386;
	bh=gXVscWKpdUk+W1YSIaYPlcmZd3+dE2YLqSxSIlQRSqg=;
	h=Date:To:Cc:Subject:List-Id:List-Unsubscribe:List-Archive:
	 List-Post:List-Help:List-Subscribe:From:Reply-To:From;
	b=x90HWQYXISFI/Wt7j9WhYelr4s8odbvh0x+aVTSWbr0B3fyutZqfMN0Ji1Enj0dur
	 I7uKjp66MRSD8h4dIE4nphaSg+vw+Gno9ay6NTgrRHdjqlnpymsCiXsQyMPPfZHsD6
	 U0Pt5//qHexv+Z6qn/KAaNjyASadxDMOAuWf0zJM=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by sourceware.org (Postfix) with ESMTPS id B41653858D1E
 for <gcc-patches@gcc.gnu.org>; Wed,  4 Jan 2023 09:09:01 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B41653858D1E
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-541-kwYCelg8OXWt3Nr9_UDUPg-1; Wed, 04 Jan 2023 04:08:58 -0500
X-MC-Unique: kwYCelg8OXWt3Nr9_UDUPg-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
 [10.11.54.3])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C8D363C0E447;
 Wed,  4 Jan 2023 09:08:57 +0000 (UTC)
Received: from tucnak.zalov.cz (unknown [10.39.192.223])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 875351121314;
 Wed,  4 Jan 2023 09:08:57 +0000 (UTC)
Received: from tucnak.zalov.cz (localhost [127.0.0.1])
 by tucnak.zalov.cz (8.17.1/8.17.1) with ESMTPS id 30498skk2397864
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT);
 Wed, 4 Jan 2023 10:08:55 +0100
Received: (from jakub@localhost)
 by tucnak.zalov.cz (8.17.1/8.17.1/Submit) id 30498rvt2397863;
 Wed, 4 Jan 2023 10:08:53 +0100
Date: Wed, 4 Jan 2023 10:08:53 +0100
To: Richard Biener <rguenther@suse.de>
Cc: gcc-patches@gcc.gnu.org
Subject: [PATCH] ubsan: Avoid narrowing of multiply for
 -fsanitize=signed-integer-overflow [PR108256]
Message-ID: <Y7VCJRmHC/U+F53U@tucnak>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Disposition: inline
X-Spam-Status: No, score=-3.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE,
 RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: Jakub Jelinek via Gcc-patches
 <gcc-patches@gcc.gnu.org>
From: Jakub Jelinek <jakub@redhat.com>
Reply-To: Jakub Jelinek <jakub@redhat.com>
Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org
Sender: "Gcc-patches" <gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org>
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754082456633125972?=
X-GMAIL-MSGID: =?utf-8?q?1754082456633125972?=

Hi!

We shouldn't narrow multiplications originally done in signed types,
because the original multiplication might overflow but the narrowed
one will be done in unsigned arithmetics and will never overflow.

Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

2023-01-04  Jakub Jelinek  <jakub@redhat.com>

	PR sanitizer/108256
	* convert.cc (do_narrow): Punt for MULT_EXPR if original
	type doesn't wrap around and -fsanitize=signed-integer-overflow
	is on.
	* fold-const.cc (fold_unary_loc) <CASE_CONVERT>: Likewise.

	* c-c++-common/ubsan/pr108256.c: New test.


	Jakub

--- gcc/convert.cc.jj	2023-01-02 09:32:25.123245723 +0100
+++ gcc/convert.cc	2023-01-03 10:02:36.309706050 +0100
@@ -384,6 +384,14 @@ do_narrow (location_t loc,
       && sanitize_flags_p (SANITIZE_SI_OVERFLOW))
     return NULL_TREE;
 
+  /* Similarly for multiplication, but in that case it can be
+     problematic even if typex is unsigned type - 0xffff * 0xffff
+     overflows in int.  */
+  if (ex_form == MULT_EXPR
+      && !TYPE_OVERFLOW_WRAPS (TREE_TYPE (expr))
+      && sanitize_flags_p (SANITIZE_SI_OVERFLOW))
+    return NULL_TREE;
+
   /* But now perhaps TYPEX is as wide as INPREC.
      In that case, do nothing special here.
      (Otherwise would recurse infinitely in convert.  */
--- gcc/fold-const.cc.jj	2023-01-02 09:32:32.756135438 +0100
+++ gcc/fold-const.cc	2023-01-03 10:30:05.492239455 +0100
@@ -9574,7 +9574,9 @@ fold_unary_loc (location_t loc, enum tre
       if (INTEGRAL_TYPE_P (type)
 	  && TREE_CODE (op0) == MULT_EXPR
 	  && INTEGRAL_TYPE_P (TREE_TYPE (op0))
-	  && TYPE_PRECISION (type) < TYPE_PRECISION (TREE_TYPE (op0)))
+	  && TYPE_PRECISION (type) < TYPE_PRECISION (TREE_TYPE (op0))
+	  && (TYPE_OVERFLOW_WRAPS (TREE_TYPE (op0))
+	      || !sanitize_flags_p (SANITIZE_SI_OVERFLOW)))
 	{
 	  /* Be careful not to introduce new overflows.  */
 	  tree mult_type;
--- gcc/testsuite/c-c++-common/ubsan/pr108256.c.jj	2023-01-03 10:14:49.064284638 +0100
+++ gcc/testsuite/c-c++-common/ubsan/pr108256.c	2023-01-03 10:43:58.838326443 +0100
@@ -0,0 +1,27 @@
+/* PR sanitizer/108256 */
+/* { dg-do run { target { lp64 || ilp32 } } } */
+/* { dg-options "-fsanitize=signed-integer-overflow" } */
+
+unsigned short
+foo (unsigned short x, unsigned short y)
+{
+  return x * y;
+}
+
+unsigned short
+bar (unsigned short x, unsigned short y)
+{
+  int r = x * y;
+  return r;
+}
+
+int
+main ()
+{
+  volatile unsigned short a = foo (0xffff, 0xffff);
+  volatile unsigned short b = bar (0xfffe, 0xfffe);
+  return 0;
+}
+
+/* { dg-output "signed integer overflow: 65535 \\\* 65535 cannot be represented in type 'int'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*signed integer overflow: 65534 \\\* 65534 cannot be represented in type 'int'" } */