projects / platform / upstream / gcc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f000885)
fold-const: Fix A <= 0 ? A : -A folding [PR95810]
authorJakub Jelinek <jakub@redhat.com>
Wed, 24 Jun 2020 08:40:02 +0000 (10:40 +0200)
committerJakub Jelinek <jakub@redhat.com>
Wed, 24 Jun 2020 08:41:04 +0000 (10:41 +0200)
We folded A <= 0 ? A : -A into -ABS (A), which is for signed integral types
incorrect - can invoke on INT_MIN UB twice, once on ABS and once on its
negation.

The following patch fixes it by instead folding it to (type)-ABSU (A).

2020-06-24  Jakub Jelinek  <jakub@redhat.com>

PR middle-end/95810
* fold-const.c (fold_cond_expr_with_comparison): Optimize
A <= 0 ? A : -A into (type)-absu(A) rather than -abs(A).

* gcc.dg/ubsan/pr95810.c: New test.

gcc/fold-const.c patch | blob | history
gcc/testsuite/gcc.dg/ubsan/pr95810.c [new file with mode: 0644] patch | blob

diff --git a/gcc/fold-const.c b/gcc/fold-const.c
index 212d0ba..67a379f 100644 (file)
--- a/gcc/fold-const.c
+++ b/gcc/fold-const.c
@@ -5770,8 +5770,22 @@ fold_cond_expr_with_comparison (location_t loc, tree type,
       case LT_EXPR:
        if (TYPE_UNSIGNED (TREE_TYPE (arg1)))
          break;
-       tem = fold_build1_loc (loc, ABS_EXPR, TREE_TYPE (arg1), arg1);
-       return negate_expr (fold_convert_loc (loc, type, tem));
+       if (ANY_INTEGRAL_TYPE_P (TREE_TYPE (arg1))
+           && !TYPE_OVERFLOW_WRAPS (TREE_TYPE (arg1)))
+         {
+           /* A <= 0 ? A : -A for A INT_MIN is valid, but -abs(INT_MIN)
+              is not, invokes UB both in abs and in the negation of it.
+              So, use ABSU_EXPR instead.  */
+           tree utype = unsigned_type_for (TREE_TYPE (arg1));
+           tem = fold_build1_loc (loc, ABSU_EXPR, utype, arg1);
+           tem = negate_expr (tem);
+           return fold_convert_loc (loc, type, tem);
+         }
+       else
+         {
+           tem = fold_build1_loc (loc, ABS_EXPR, TREE_TYPE (arg1), arg1);
+           return negate_expr (fold_convert_loc (loc, type, tem));
+         }
       default:
        gcc_assert (TREE_CODE_CLASS (comp_code) == tcc_comparison);
        break;
diff --git a/gcc/testsuite/gcc.dg/ubsan/pr95810.c b/gcc/testsuite/gcc.dg/ubsan/pr95810.c
new file mode 100644 (file)
index 0000000..535ace6
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/ubsan/pr95810.c
@@ -0,0 +1,13 @@
+/* PR middle-end/95810 */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=undefined -fno-sanitize-recover=undefined" } */
+
+int
+main ()
+{
+  int x = -__INT_MAX__ - 1;
+  x = (x <= 0 ? x : -x);
+  if (x != -__INT_MAX__ - 1)
+    __builtin_abort ();
+  return 0;
+}
Domain: System / Toolchain;