From: Jakub Jelinek <jakub@redhat.com>
Date: Fri, 31 Oct 2014 11:18:13 +0000 (+0100)
Subject: re PR sanitizer/63697 (-fsanitize=undefined doesn't detect some subtraction overflows)
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=c288810f69853733df4452f25b78baaae0350a6c;p=gcc.git

re PR sanitizer/63697 (-fsanitize=undefined doesn't detect some subtraction overflows)

	PR sanitizer/63697
	* tree-vrp.c (simplify_internal_call_using_ranges): For subcode ==
	MINUS_EXPR, check overflow on vr0.min - vr1.max and vr0.max - vr1.min
	instead of vr0.min - vr1.min and vr0.max - vr1.max.

	* c-c++-common/ubsan/overflow-sub-3.c: New test.

From-SVN: r216962
---

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 36bf711aa2b..5ffc217e634 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,10 @@
+2014-10-31  Jakub Jelinek  <jakub@redhat.com>
+
+	PR sanitizer/63697
+	* tree-vrp.c (simplify_internal_call_using_ranges): For subcode ==
+	MINUS_EXPR, check overflow on vr0.min - vr1.max and vr0.max - vr1.min
+	instead of vr0.min - vr1.min and vr0.max - vr1.max.
+
 2014-10-31  Max Ostapenko  <m.ostapenko@partner.samsung.com>
 
 	PR ipa/63696
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 3aa9b6b5a56..7892292e078 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2014-10-31  Jakub Jelinek  <jakub@redhat.com>
+
+	PR sanitizer/63697
+	* c-c++-common/ubsan/overflow-sub-3.c: New test.
+
 2014-10-30  Marek Polacek  <polacek@redhat.com>
 
 	* gcc.dg/diag-aka-1.c: New test.
diff --git a/gcc/testsuite/c-c++-common/ubsan/overflow-sub-3.c b/gcc/testsuite/c-c++-common/ubsan/overflow-sub-3.c
new file mode 100644
index 00000000000..deec5c411ba
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/ubsan/overflow-sub-3.c
@@ -0,0 +1,34 @@
+/* { dg-do run } */
+/* { dg-options "-fsanitize=signed-integer-overflow" } */
+
+__attribute__((noinline, noclone)) int
+foo1 (int x, int y)
+{
+  return x - y;
+}
+
+__attribute__((noinline, noclone)) int
+foo2 (int x, int y)
+{
+  unsigned int xa = (unsigned int) x - (__INT_MAX__ - 3);
+  xa &= 3;
+  x = __INT_MAX__ - 3 + xa;
+  unsigned int ya = y + 1U;
+  ya &= 1;
+  y = ya - 1;
+  return x - y;
+}
+
+int
+main ()
+{
+  int xm1, y;
+  for (xm1 = __INT_MAX__ - 4; xm1 < __INT_MAX__; xm1++)
+    for (y = -1; y <= 0; y++)
+      if (foo1 (xm1 + 1, y) != (int) (xm1 + 1U - y)
+	  || foo2 (xm1 + 1, y) != (int) (xm1 + 1U - y))
+	__builtin_abort ();
+  return 0;
+}
+/* { dg-output ":7:\[0-9]\[^\n\r]*signed integer overflow: 2147483647 - -1 cannot be represented in type 'int'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*:19:\[0-9]\[^\n\r]*signed integer overflow: 2147483647 - -1 cannot be represented in type 'int'" } */
diff --git a/gcc/tree-vrp.c b/gcc/tree-vrp.c
index 55c7f7f73a0..fe67230bedf 100644
--- a/gcc/tree-vrp.c
+++ b/gcc/tree-vrp.c
@@ -9538,8 +9538,10 @@ simplify_internal_call_using_ranges (gimple_stmt_iterator *gsi, gimple stmt)
     }
   else
     {
-      tree r1 = int_const_binop (subcode, vr0.min, vr1.min);
-      tree r2 = int_const_binop (subcode, vr0.max, vr1.max);
+      tree r1 = int_const_binop (subcode, vr0.min,
+				 subcode == MINUS_EXPR ? vr1.max : vr1.min);
+      tree r2 = int_const_binop (subcode, vr0.max,
+				 subcode == MINUS_EXPR ? vr1.min : vr1.max);
       if (r1 == NULL_TREE || TREE_OVERFLOW (r1)
 	  || r2 == NULL_TREE || TREE_OVERFLOW (r2))
 	return false;