From 01e10b0ee77e82cb331414c569e02dc7a2c4999e Mon Sep 17 00:00:00 2001 From: Jakub Jelinek Date: Wed, 24 Jun 2020 10:40:02 +0200 Subject: [PATCH] fold-const: Fix A <= 0 ? A : -A folding [PR95810] We folded A <= 0 ? A : -A into -ABS (A), which is for signed integral types incorrect - can invoke on INT_MIN UB twice, once on ABS and once on its negation. The following patch fixes it by instead folding it to (type)-ABSU (A). 2020-06-24 Jakub Jelinek PR middle-end/95810 * fold-const.c (fold_cond_expr_with_comparison): Optimize A <= 0 ? A : -A into (type)-absu(A) rather than -abs(A). * gcc.dg/ubsan/pr95810.c: New test. --- gcc/fold-const.c | 18 ++++++++++++++++-- gcc/testsuite/gcc.dg/ubsan/pr95810.c | 13 +++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 gcc/testsuite/gcc.dg/ubsan/pr95810.c diff --git a/gcc/fold-const.c b/gcc/fold-const.c index 212d0ba..67a379f 100644 --- a/gcc/fold-const.c +++ b/gcc/fold-const.c @@ -5770,8 +5770,22 @@ fold_cond_expr_with_comparison (location_t loc, tree type, case LT_EXPR: if (TYPE_UNSIGNED (TREE_TYPE (arg1))) break; - tem = fold_build1_loc (loc, ABS_EXPR, TREE_TYPE (arg1), arg1); - return negate_expr (fold_convert_loc (loc, type, tem)); + if (ANY_INTEGRAL_TYPE_P (TREE_TYPE (arg1)) + && !TYPE_OVERFLOW_WRAPS (TREE_TYPE (arg1))) + { + /* A <= 0 ? A : -A for A INT_MIN is valid, but -abs(INT_MIN) + is not, invokes UB both in abs and in the negation of it. + So, use ABSU_EXPR instead. */ + tree utype = unsigned_type_for (TREE_TYPE (arg1)); + tem = fold_build1_loc (loc, ABSU_EXPR, utype, arg1); + tem = negate_expr (tem); + return fold_convert_loc (loc, type, tem); + } + else + { + tem = fold_build1_loc (loc, ABS_EXPR, TREE_TYPE (arg1), arg1); + return negate_expr (fold_convert_loc (loc, type, tem)); + } default: gcc_assert (TREE_CODE_CLASS (comp_code) == tcc_comparison); break; diff --git a/gcc/testsuite/gcc.dg/ubsan/pr95810.c b/gcc/testsuite/gcc.dg/ubsan/pr95810.c new file mode 100644 index 0000000..535ace6 --- /dev/null +++ b/gcc/testsuite/gcc.dg/ubsan/pr95810.c @@ -0,0 +1,13 @@ +/* PR middle-end/95810 */ +/* { dg-do run } */ +/* { dg-options "-fsanitize=undefined -fno-sanitize-recover=undefined" } */ + +int +main () +{ + int x = -__INT_MAX__ - 1; + x = (x <= 0 ? x : -x); + if (x != -__INT_MAX__ - 1) + __builtin_abort (); + return 0; +} -- 2.7.4