This is an archive of the discontinued LLVM Phabricator instance.

Differential D159069

[builtins] Fix signed integer overflows in fp_fixint_impl.inc
ClosedPublic

Authored by Ka-Ka on Aug 29 2023, 12:05 AM.

Details

Reviewers
MaskRay
phosek
Commits
rG831b509d5f73: [builtins] Fix signed integer overflows in fp_fixint_impl.inc
Summary

When compiling the builtins with the undefined behavior sanitizer and running
testcases you end up with the following warning:

UBSan: fp_fixint_impl.inc:39:42: left shift of 8388608 by 40 places cannot be represented in type 'fixint_t' (aka 'long long')
UBSan: fp_fixint_impl.inc:39:17: signed integer overflow: -1 * -9223372036854775808 cannot be represented in type 'fixint_t' (aka 'long long')

This can be avoided by doing the shift and the multiplication in a matching
unsigned variant of the type.

This was found in an out of tree target.

Diff Detail

Event Timeline

Ka-Ka created this revision.Aug 29 2023, 12:05 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 29 2023, 12:05 AM
Herald added a subscriber: Enna1. · View Herald Transcript
Ka-Ka requested review of this revision.Aug 29 2023, 12:05 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 29 2023, 12:05 AM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Ka-Ka added inline comments.Aug 29 2023, 12:10 AM
compiler-rt/test/builtins/Unit/fixsfdi_test.c
73–76

The added test pass when compiling with gcc -lgcc.

uabelho added a subscriber: uabelho.Aug 29 2023, 12:18 AM
Harbormaster completed remote builds in B255425: Diff 554198.Aug 29 2023, 12:30 AM
MaskRay accepted this revision.Aug 30 2023, 5:58 PM
MaskRay added inline comments.
compiler-rt/lib/builtins/fp_fixint_impl.inc
39

Looks ok.

compiler-rt/test/builtins/Unit/fixsfdi_test.c
73–76

This checks the __fixunssfdi code path, not fp_fixint_impl.inc.

This revision is now accepted and ready to land.Aug 30 2023, 5:58 PM
Ka-Ka added inline comments.Aug 31 2023, 12:17 AM
compiler-rt/test/builtins/Unit/fixsfdi_test.c
73–76

It turn out that the added test only trigger the intended case if compiler-rt is compiled with -D__SOFTFP__ (which we do in our out of tree target). Maybe it is impossible to trigger the signed overflow in fp_fixint_impl.inc in a in tree target (ARM seems to have a feature for softfp but probably not enabled when compiling compiler-rt?).
Should I simply remove the added test from the patch as it don't trigger the intended case?

MaskRay added inline comments.Aug 31 2023, 12:20 AM
compiler-rt/test/builtins/Unit/fixsfdi_test.c
73–76

should be fine to keep it...

Ka-Ka added inline comments.Aug 31 2023, 12:26 AM
compiler-rt/test/builtins/Unit/fixsfdi_test.c
73–76

Sure, then I keep it. I will write something in the commit message about it.

Thanks for reviewing.

This revision was landed with ongoing or failed builds.Aug 31 2023, 1:11 AM
Closed by commit rG831b509d5f73: [builtins] Fix signed integer overflows in fp_fixint_impl.inc (authored by Ka-Ka). · Explain Why
This revision was automatically updated to reflect the committed changes.
Ka-Ka added a commit: rG831b509d5f73: [builtins] Fix signed integer overflows in fp_fixint_impl.inc.

Revision Contents

PathSize
compiler-rt/
lib/
builtins/
2 lines
test/
builtins/
Unit/
5 lines

Diff 554928

compiler-rt/lib/builtins/fp_fixint_impl.inc

Show All 30 Linesstatic __inline fixint_t __fixint(fp_t a) {
if ((unsigned)exponent >= sizeof(fixint_t) * CHAR_BIT) if ((unsigned)exponent >= sizeof(fixint_t) * CHAR_BIT)
return sign == 1 ? fixint_max : fixint_min; return sign == 1 ? fixint_max : fixint_min;
// If 0 <= exponent < significandBits, right shift to get the result. // If 0 <= exponent < significandBits, right shift to get the result.
// Otherwise, shift left. // Otherwise, shift left.
if (exponent < significandBits) if (exponent < significandBits)
return sign * (significand >> (significandBits - exponent)); return sign * (significand >> (significandBits - exponent));
else else
return sign * ((fixint_t)significand << (exponent - significandBits)); return sign * ((fixuint_t)significand << (exponent - significandBits));
MaskRayUnsubmitted
Not Done
ReplyInline Actions

Looks ok.

MaskRay: Looks ok.
} }

compiler-rt/test/builtins/Unit/fixsfdi_test.c

Show First 20 LinesShow All 64 Lines▼ Show 20 Linesint main()
if (test__fixsfdi(0x1.FFFFFCp+62F, 0x7FFFFF0000000000LL)) if (test__fixsfdi(0x1.FFFFFCp+62F, 0x7FFFFF0000000000LL))
return 1; return 1;
if (test__fixsfdi(-0x1.FFFFFEp+62F, 0x8000008000000000LL)) if (test__fixsfdi(-0x1.FFFFFEp+62F, 0x8000008000000000LL))
return 1; return 1;
if (test__fixsfdi(-0x1.FFFFFCp+62F, 0x8000010000000000LL)) if (test__fixsfdi(-0x1.FFFFFCp+62F, 0x8000010000000000LL))
return 1; return 1;
if (test__fixsfdi(-0x8000000000000000.0p+0F, 0x8000000000000000LL))
return 1;
return 0; return 0;
Ka-KaAuthorUnsubmitted
Done
ReplyInline Actions

The added test pass when compiling with gcc -lgcc.

Ka-Ka: The added test pass when compiling with gcc -lgcc.
MaskRayUnsubmitted
Not Done
ReplyInline Actions

This checks the __fixunssfdi code path, not fp_fixint_impl.inc.

MaskRay: This checks the `__fixunssfdi` code path, not `fp_fixint_impl.inc`.
Ka-KaAuthorUnsubmitted
Not Done
ReplyInline Actions

It turn out that the added test only trigger the intended case if compiler-rt is compiled with -D__SOFTFP__ (which we do in our out of tree target). Maybe it is impossible to trigger the signed overflow in fp_fixint_impl.inc in a in tree target (ARM seems to have a feature for softfp but probably not enabled when compiling compiler-rt?).
Should I simply remove the added test from the patch as it don't trigger the intended case?

Ka-Ka: It turn out that the added test only trigger the intended case if compiler-rt is compiled with…
MaskRayUnsubmitted
Not Done
ReplyInline Actions

should be fine to keep it...

MaskRay: should be fine to keep it...
Ka-KaAuthorUnsubmitted
Done
ReplyInline Actions

Sure, then I keep it. I will write something in the commit message about it.

Thanks for reviewing.

Ka-Ka: Sure, then I keep it. I will write something in the commit message about it. Thanks for…
} }