[12] RFR: 8214059: Undefined behaviour in ADLC
Simon Tooke
stooke at redhat.com
Tue Nov 20 14:54:20 UTC 2018
On 2018-11-19 5:22 p.m., Aleksey Shipilev wrote:
> On 11/19/18 11:19 PM, Aleksey Shipilev wrote:
>> I think the canonical way to perform overflow-sensitive addition involves checking against INT_MAX.
>> Or, in this case, Expr::Max. Instead of this "long long" and STATIC_ASSERT mess, we can say:
>>
>> int Expr::compute_max(const Expr *c1, const Expr *c2) {
>> int v1 = c1->_max_value;
>> int v2 = c2->_max_value;
>>
>> // Check for overflow without producing UB. If v2 is positive
>> // and not larger than Max, the subtraction cannot underflow.
>> assert(0 <= v2 && v2 <= Expr::Max, "sanity");
>> if (v1 > Expr::Max - v2) {
>> return Expr::Max;
>> }
>>
>> return v1 + v2;
>> }
> Also, Expr::compute_min seems to have the same problem, but not caught by sanitizer?
>
> -Aleksey
>
That's a good catch; since this is a runtime sanitizer, it means that
code path (meaning the underflow condition) is never triggered. I'll
add that to my proposed change.
Thanks
-Simon
More information about the hotspot-compiler-dev
mailing list