diff options
| author | Richard Biener <rguenther@suse.de> | 2021-03-30 11:22:52 +0200 |
|---|---|---|
| committer | Richard Biener <rguenther@suse.de> | 2021-03-30 14:00:58 +0200 |
| commit | bd3d919b58466a9837e423c1255b88215f89bc9d (patch) | |
| tree | 486aa79830ac230854d7abba2a954efa4849f907 /gcc/tree-ssa-sccvn.c | |
| parent | 48c79f054bf435051c95ee093c45a0f8c9de5b4e (diff) | |
| download | gcc-bd3d919b58466a9837e423c1255b88215f89bc9d.zip gcc-bd3d919b58466a9837e423c1255b88215f89bc9d.tar.gz gcc-bd3d919b58466a9837e423c1255b88215f89bc9d.tar.bz2 | |
tree-optimization/99824 - avoid excessive integer type precision in VN
VN sometimes builds new integer types to handle accesss where precision
of the access type does not match the access size. The way
ao_ref_init_from_vn_reference is computing the access size ignores
the access type in case the ref operands have an outermost
COMPONENT_REF which, in case it is an array for example, can be
way larger than the access size. This can cause us to try
building an integer type with precision larger than WIDE_INT_MAX_PRECISION
eventually leading to memory corruption.
The following adjusts ao_ref_init_from_vn_reference to only lower
access sizes via the outermost COMPONENT_REF but otherwise honor
the access size as specified by the access type.
It also places an assert in integer type building that we remain
in the limits of WIDE_INT_MAX_PRECISION. I chose the shared code
where we set TYPE_MIN/MAX_VALUE because that will immediately
cross the wide_ints capacity otherwise.
2021-03-30 Richard Biener <rguenther@suse.de>
PR tree-optimization/99824
* stor-layout.c (set_min_and_max_values_for_integral_type):
Assert the precision is within the bounds of
WIDE_INT_MAX_PRECISION.
* tree-ssa-sccvn.c (ao_ref_init_from_vn_reference): Use
the outermost component ref only to lower the access size
and initialize that from the access type.
* gcc.dg/torture/pr99824.c: New testcase.
Diffstat (limited to 'gcc/tree-ssa-sccvn.c')
| -rw-r--r-- | gcc/tree-ssa-sccvn.c | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/gcc/tree-ssa-sccvn.c b/gcc/tree-ssa-sccvn.c index 1c0500c..0567a2e 100644 --- a/gcc/tree-ssa-sccvn.c +++ b/gcc/tree-ssa-sccvn.c @@ -1002,22 +1002,26 @@ ao_ref_init_from_vn_reference (ao_ref *ref, poly_offset_int size = -1; tree size_tree = NULL_TREE; - /* First get the final access size from just the outermost expression. */ + machine_mode mode = TYPE_MODE (type); + if (mode == BLKmode) + size_tree = TYPE_SIZE (type); + else + size = GET_MODE_BITSIZE (mode); + if (size_tree != NULL_TREE + && poly_int_tree_p (size_tree)) + size = wi::to_poly_offset (size_tree); + + /* Lower the final access size from the outermost expression. */ op = &ops[0]; + size_tree = NULL_TREE; if (op->opcode == COMPONENT_REF) size_tree = DECL_SIZE (op->op0); else if (op->opcode == BIT_FIELD_REF) size_tree = op->op0; - else - { - machine_mode mode = TYPE_MODE (type); - if (mode == BLKmode) - size_tree = TYPE_SIZE (type); - else - size = GET_MODE_BITSIZE (mode); - } if (size_tree != NULL_TREE - && poly_int_tree_p (size_tree)) + && poly_int_tree_p (size_tree) + && (!known_size_p (size) + || known_lt (wi::to_poly_offset (size_tree), size))) size = wi::to_poly_offset (size_tree); /* Initially, maxsize is the same as the accessed element size. |