From: Richard Biener <rguenther@suse.de>
Date: Thu, 29 Oct 2015 14:10:31 +0000 (+0000)
Subject: re PR middle-end/68142 (unsafe association of multiplication)
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=55db37536fcff75d42cb852e3c822f9f3fb5f04f;p=gcc.git

re PR middle-end/68142 (unsafe association of multiplication)

2015-10-29  Richard Biener  <rguenther@suse.de>

	PR middle-end/68142
	* fold-const.c (extract_muldiv_1): Avoid introducing undefined
	overflow.

	* c-c++-common/ubsan/pr68142.c: New testcase.

From-SVN: r229528
---

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 1b339690d53..a088c13fd12 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,9 @@
+2015-10-29  Richard Biener  <rguenther@suse.de>
+
+	PR middle-end/68142
+	* fold-const.c (extract_muldiv_1): Avoid introducing undefined
+	overflow.
+
 2015-10-29  Andrew MacLeod  <amacleod@redhat.com>
 
 	* alias.c: Reorder #include statements and remove duplicates.
diff --git a/gcc/fold-const.c b/gcc/fold-const.c
index 298c520647b..26fd7353399 100644
--- a/gcc/fold-const.c
+++ b/gcc/fold-const.c
@@ -6008,8 +6008,17 @@ extract_muldiv_1 (tree t, tree c, enum tree_code code, tree wide_type,
 	 or (for divide and modulus) if it is a multiple of our constant.  */
       if (code == MULT_EXPR
 	  || wi::multiple_of_p (t, c, TYPE_SIGN (type)))
-	return const_binop (code, fold_convert (ctype, t),
-			    fold_convert (ctype, c));
+	{
+	  tree tem = const_binop (code, fold_convert (ctype, t),
+				  fold_convert (ctype, c));
+	  /* If the multiplication overflowed to INT_MIN then we lost sign
+	     information on it and a subsequent multiplication might
+	     spuriously overflow.  See PR68142.  */
+	  if (TREE_OVERFLOW (tem)
+	      && wi::eq_p (tem, wi::min_value (TYPE_PRECISION (ctype), SIGNED)))
+	    return NULL_TREE;
+	  return tem;
+	}
       break;
 
     CASE_CONVERT: case NON_LVALUE_EXPR:
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 77a736fe064..9a7d5454e6c 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2015-10-29  Richard Biener  <rguenther@suse.de>
+
+	PR middle-end/68142
+	* c-c++-common/ubsan/pr68142.c: New testcase.
+
 2015-10-29  Paolo Carlini  <paolo.carlini@oracle.com>
 
 	PR c++/67845
diff --git a/gcc/testsuite/c-c++-common/ubsan/pr68142.c b/gcc/testsuite/c-c++-common/ubsan/pr68142.c
new file mode 100644
index 00000000000..9498f08ae41
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/ubsan/pr68142.c
@@ -0,0 +1,31 @@
+/* { dg-do run } */
+/* { dg-options "-fsanitize=undefined -fsanitize-undefined-trap-on-error" } */
+
+int __attribute__((noinline,noclone))
+h(int a)
+{
+  return 2 * (a * (__INT_MAX__/2 + 1));
+}
+int __attribute__((noinline,noclone))
+i(int a)
+{
+  return (2 * a) * (__INT_MAX__/2 + 1);
+}
+int __attribute__((noinline,noclone))
+j(int a, int b)
+{
+  return (b * a) * (__INT_MAX__/2 + 1);
+}
+int __attribute__((noinline,noclone))
+k(int a, int b)
+{
+  return (2 * a) * b;
+}
+int main()
+{
+  volatile int tem = h(-1);
+  tem = i(-1);
+  tem = j(-1, 2);
+  tem = k(-1, __INT_MAX__/2 + 1);
+  return 0;
+}