diff options
| author | Yannick Moy <moy@adacore.com> | 2019-09-17 08:02:25 +0000 |
|---|---|---|
| committer | Pierre-Marie de Rodat <pmderodat@gcc.gnu.org> | 2019-09-17 08:02:25 +0000 |
| commit | 7197e2db28f10dec509967bb1cbd2d74cb03ee7e (patch) | |
| tree | 69738973e7cc42feb84900855f8486825c845263 | |
| parent | 64989f18c04c7444ecb67da9a6ccecbe40bb1c12 (diff) | |
| download | gcc-7197e2db28f10dec509967bb1cbd2d74cb03ee7e.zip gcc-7197e2db28f10dec509967bb1cbd2d74cb03ee7e.tar.gz gcc-7197e2db28f10dec509967bb1cbd2d74cb03ee7e.tar.bz2 | |
[Ada] Fix possible suppressed overflows in arithmetic run-time
Function Double_Divide computes the division of its parameters
(X / (Y*Z)) in a way that avoids overflows on signed integers, except in
two specific cases, when X = -2**63, abs(Y) = abs(Z) = 1 (leading to an
overflow in -To_Int(Qu)) and when X = -2**63 and Y*Z is large enough
that Qu=0 and so the remainder Ru=2**63 (leading to an overflow in
-To_Int(Ru)), for example with Y = Z = 2**32-1.
This fix avoids the overflow by applying "-" on the unsigned value
before the conversion to signed integer.
The issue cannot manifest as an overflow check failure in our runtime,
as overflow checks are suppressed by using pragma Suppress at the start
of the file. Assuming a machine implements wraparound semantics here,
the result was correct even with the suppressed overflow.
As a result, there can be no test showing the difference.
2019-09-17 Yannick Moy <moy@adacore.com>
gcc/ada/
* libgnat/s-arit64.adb (Double_Divide): Fix two possible
overflows.
From-SVN: r275790
| -rw-r--r-- | gcc/ada/ChangeLog | 5 | ||||
| -rw-r--r-- | gcc/ada/libgnat/s-arit64.adb | 8 |
2 files changed, 11 insertions, 2 deletions
diff --git a/gcc/ada/ChangeLog b/gcc/ada/ChangeLog index 13a3a76..913b30f 100644 --- a/gcc/ada/ChangeLog +++ b/gcc/ada/ChangeLog @@ -1,3 +1,8 @@ +2019-09-17 Yannick Moy <moy@adacore.com> + + * libgnat/s-arit64.adb (Double_Divide): Fix two possible + overflows. + 2019-09-17 Dmitriy Anisimkov <anisimko@adacore.com> * make_util.ads (On_Windows): Move... diff --git a/gcc/ada/libgnat/s-arit64.adb b/gcc/ada/libgnat/s-arit64.adb index 3a65ec0..a35a40d 100644 --- a/gcc/ada/libgnat/s-arit64.adb +++ b/gcc/ada/libgnat/s-arit64.adb @@ -204,9 +204,13 @@ package body System.Arith_64 is -- Case of dividend (X) sign negative + -- We perform the unary minus operation on the unsigned value + -- before conversion to signed, to avoid a possible overflow for + -- value -2**63, both for computing R and Q. + else - R := -To_Int (Ru); - Q := (if Den_Pos then -To_Int (Qu) else To_Int (Qu)); + R := To_Int (-Ru); + Q := (if Den_Pos then To_Int (-Qu) else To_Int (Qu)); end if; end Double_Divide; |