cmd/compile: prevent overflow in walkinrange

In the compiler frontend, walkinrange indiscriminately calls Int64()
on const CTINT nodes, even though Int64's return value is undefined
for anything over 2⁶³ (in practise, it'll return a negative number).

This causes the introduction of bad constants during rewrites of
unsigned expressions, which make the compiler reject valid Go
programs.

This change introduces a preliminary check that Int64() is safe to
call on the consts on hand. If it isn't, walkinrange exits without
doing any rewrite.

Fixes #27143

Change-Id: I2017073cae65468a521ff3262d4ea8ab0d7098d9
Reviewed-on: https://go-review.googlesource.com/130735
Run-TryBot: Josh Bleecher Snyder <josharian@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Josh Bleecher Snyder <josharian@gmail.com>

diff --git a/src/cmd/compile/internal/gc/const.go b/src/cmd/compile/internal/gc/const.go
index ceb124e31e39c52865cfdc36d97e6ac47a0f781d..1403a2be11edfa66cf42871e55a8847bca6cfaf4 100644 (file)
--- a/src/cmd/compile/internal/gc/const.go
+++ b/src/cmd/compile/internal/gc/const.go
@@ -121,6 +121,17 @@ func (n *Node) Int64() int64 {
        return n.Val().U.(*Mpint).Int64()
 }
 
+// CanInt64 reports whether it is safe to call Int64() on n.
+func (n *Node) CanInt64() bool {
+       if !Isconst(n, CTINT) {
+               return false
+       }
+
+       // if the value inside n cannot be represented as an int64, the
+       // return value of Int64 is undefined
+       return n.Val().U.(*Mpint).CmpInt64(n.Int64()) == 0
+}
+
 // Bool returns n as a bool.
 // n must be a boolean constant.
 func (n *Node) Bool() bool {

diff --git a/src/cmd/compile/internal/gc/walk.go b/src/cmd/compile/internal/gc/walk.go
index bd936fb70a038ccbcdc7b5aa31ce9eb48f5d95f9..2993e08fc2b688e9c04291fc440a1c023183209f 100644 (file)
--- a/src/cmd/compile/internal/gc/walk.go
+++ b/src/cmd/compile/internal/gc/walk.go
@@ -3694,6 +3694,12 @@ func walkinrange(n *Node, init *Nodes) *Node {
                return n
        }
 
+       // Ensure that Int64() does not overflow on a and c (it'll happen
+       // for any const above 2**63; see issue #27143).
+       if !a.CanInt64() || !c.CanInt64() {
+               return n
+       }
+
        if opl == OLT {
                // We have a < b && ...
                // We need a ≤ b && ... to safely use unsigned comparison tricks.

diff --git a/test/fixedbugs/issue27143.go b/test/fixedbugs/issue27143.go
new file mode 100644 (file)
index 0000000..009ec9f
--- /dev/null
+++ b/test/fixedbugs/issue27143.go
@@ -0,0 +1,17 @@
+// compile
+
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Issue 27143: cmd/compile: erroneous application of walkinrange
+// optimization for const over 2**63
+
+package p
+
+var c uint64
+
+var b1 bool = 0x7fffffffffffffff < c && c < 0x8000000000000000
+var b2 bool = c < 0x8000000000000000 && 0x7fffffffffffffff < c
+var b3 bool = 0x8000000000000000 < c && c < 0x8000000000000001
+var b4 bool = c < 0x8000000000000001 && 0x8000000000000000 < c