Control: tags -1 + fixed-upstream confirmed patch
Hi all,
I also ran into this issue while trying to build src:linux 6.1.7-1
targeting bullseye-backports.
I can confirm that I was able to build the kernel packages successfully
using gcc-10/10.2.1-6, with only the following patch on top:
https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=ee15832c53d52656e562c29110f2be1cfb66c450
ee15832c53 "tree-optimization/99824 - avoid excessive integer type
precision in VN"
So, in order to be able to do the next 'official' bullseye-backports for
src:linux I guess we first need this fix for gcc-10 to go into bullseye
via a stable point release?
Thanks,
Hans (Knorrie)
From ee15832c53d52656e562c29110f2be1cfb66c450 Mon Sep 17 00:00:00 2001
From: Richard Biener <rguent...@suse.de>
Date: Tue, 30 Mar 2021 11:22:52 +0200
Subject: [PATCH] tree-optimization/99824 - avoid excessive integer type
precision in VN
VN sometimes builds new integer types to handle accesss where precision
of the access type does not match the access size. The way
ao_ref_init_from_vn_reference is computing the access size ignores
the access type in case the ref operands have an outermost
COMPONENT_REF which, in case it is an array for example, can be
way larger than the access size. This can cause us to try
building an integer type with precision larger than WIDE_INT_MAX_PRECISION
eventually leading to memory corruption.
The following adjusts ao_ref_init_from_vn_reference to only lower
access sizes via the outermost COMPONENT_REF but otherwise honor
the access size as specified by the access type.
It also places an assert in integer type building that we remain
in the limits of WIDE_INT_MAX_PRECISION. I chose the shared code
where we set TYPE_MIN/MAX_VALUE because that will immediately
cross the wide_ints capacity otherwise.
2021-03-30 Richard Biener <rguent...@suse.de>
PR tree-optimization/99824
* stor-layout.c (set_min_and_max_values_for_integral_type):
Assert the precision is within the bounds of
WIDE_INT_MAX_PRECISION.
* tree-ssa-sccvn.c (ao_ref_init_from_vn_reference): Use
the outermost component ref only to lower the access size
and initialize that from the access type.
* gcc.dg/torture/pr99824.c: New testcase.
---
gcc/stor-layout.c | 2 ++
gcc/testsuite/gcc.dg/torture/pr99824.c | 33 ++++++++++++++++++++++++++
gcc/tree-ssa-sccvn.c | 24 +++++++++++--------
3 files changed, 49 insertions(+), 10 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/torture/pr99824.c
diff --git a/gcc/stor-layout.c b/gcc/stor-layout.c
index bde6fa22b58a..57c8a2516d95 100644
--- a/gcc/stor-layout.c
+++ b/gcc/stor-layout.c
@@ -2816,6 +2816,8 @@ set_min_and_max_values_for_integral_type (tree type,
if (precision < 1)
return;
+ gcc_assert (precision <= WIDE_INT_MAX_PRECISION);
+
TYPE_MIN_VALUE (type)
= wide_int_to_tree (type, wi::min_value (precision, sgn));
TYPE_MAX_VALUE (type)
diff --git a/gcc/testsuite/gcc.dg/torture/pr99824.c b/gcc/testsuite/gcc.dg/torture/pr99824.c
new file mode 100644
index 000000000000..9022d4a4b8e7
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/torture/pr99824.c
@@ -0,0 +1,33 @@
+/* { dg-do compile } */
+
+unsigned int
+strlenx(char *s)
+{
+ char *orig_s = s;
+ for (; *s; ++s)
+ ;
+ return s - orig_s;
+}
+
+struct i2c_adapter {
+ char name[48];
+};
+
+struct {
+ int instance;
+ struct i2c_adapter i2c_adap[];
+} * init_cx18_i2c_cx;
+
+const struct i2c_adapter cx18_i2c_adap_template = {""};
+int init_cx18_i2c___trans_tmp_1;
+
+void
+init_cx18_i2c()
+{
+ int i = 0;
+ for (;; i++) {
+ init_cx18_i2c_cx->i2c_adap[i] = cx18_i2c_adap_template;
+ init_cx18_i2c___trans_tmp_1
+ = strlenx(init_cx18_i2c_cx->i2c_adap[i].name);
+ }
+}
diff --git a/gcc/tree-ssa-sccvn.c b/gcc/tree-ssa-sccvn.c
index 4b280f21006e..926b4a976aec 100644
--- a/gcc/tree-ssa-sccvn.c
+++ b/gcc/tree-ssa-sccvn.c
@@ -996,22 +996,26 @@ ao_ref_init_from_vn_reference (ao_ref *ref,
poly_offset_int size = -1;
tree size_tree = NULL_TREE;
- /* First get the final access size from just the outermost expression. */
+ machine_mode mode = TYPE_MODE (type);
+ if (mode == BLKmode)
+ size_tree = TYPE_SIZE (type);
+ else
+ size = GET_MODE_BITSIZE (mode);
+ if (size_tree != NULL_TREE
+ && poly_int_tree_p (size_tree))
+ size = wi::to_poly_offset (size_tree);
+
+ /* Lower the final access size from the outermost expression. */
op = &ops[0];
+ size_tree = NULL_TREE;
if (op->opcode == COMPONENT_REF)
size_tree = DECL_SIZE (op->op0);
else if (op->opcode == BIT_FIELD_REF)
size_tree = op->op0;
- else
- {
- machine_mode mode = TYPE_MODE (type);
- if (mode == BLKmode)
- size_tree = TYPE_SIZE (type);
- else
- size = GET_MODE_BITSIZE (mode);
- }
if (size_tree != NULL_TREE
- && poly_int_tree_p (size_tree))
+ && poly_int_tree_p (size_tree)
+ && (!known_size_p (size)
+ || known_lt (wi::to_poly_offset (size_tree), size)))
size = wi::to_poly_offset (size_tree);
/* Initially, maxsize is the same as the accessed element size.
--
2.39.0
