public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/24542] New: integer overflow should be warned on assignment to wider variable
@ 2005-10-26 14:54 alexey at hyperroll dot com
2005-10-26 15:01 ` [Bug c/24542] " alexey at hyperroll dot com
` (9 more replies)
0 siblings, 10 replies; 13+ messages in thread
From: alexey at hyperroll dot com @ 2005-10-26 14:54 UTC (permalink / raw)
To: gcc-bugs
The following code is ISO and ANSI standard compliant:
unsigned x1, x2;
unsigned long long y1;
... /* here we assign to x1 and x2 */
y1 = x1 * x2; /* no castings -- silent overflow may occur on assignment */
...
{
unsigned long long y2 = x1 * x2; /* no castings -- silent overflow may
occur on initialization */
...
}
(Instead of multiplication, addition or left shift shold be dealt with, too.)
When the binary operation result is assigned to lvalue of the same width, it's
OK not to warn about probable overflow. But in these cases, "do what I mean" is
obvious.
--
Summary: integer overflow should be warned on assignment to wider
variable
Product: gcc
Version: 4.0.2
Status: UNCONFIRMED
Severity: enhancement
Priority: P2
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: alexey at hyperroll dot com
GCC build triplet: i686-pc-linux-gnu
GCC host triplet: i686-pc-linux-gnu
GCC target triplet: i686-pc-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c/24542] integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer overflow should be warned on assignment to wider variable alexey at hyperroll dot com
@ 2005-10-26 15:01 ` alexey at hyperroll dot com
2005-10-26 15:03 ` alexey at hyperroll dot com
` (8 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: alexey at hyperroll dot com @ 2005-10-26 15:01 UTC (permalink / raw)
To: gcc-bugs
------- Comment #1 from alexey at hyperroll dot com 2005-10-26 15:01 -------
I'm not familiar with the parse tree, so I could do only a partial patch
(assignment, not initialization). The example file, original and patched source
files archived and attached.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c/24542] integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer overflow should be warned on assignment to wider variable alexey at hyperroll dot com
2005-10-26 15:01 ` [Bug c/24542] " alexey at hyperroll dot com
@ 2005-10-26 15:03 ` alexey at hyperroll dot com
2005-10-26 15:59 ` [Bug c/24542] potential " pinskia at gcc dot gnu dot org
` (7 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: alexey at hyperroll dot com @ 2005-10-26 15:03 UTC (permalink / raw)
To: gcc-bugs
------- Comment #2 from alexey at hyperroll dot com 2005-10-26 15:03 -------
Created an attachment (id=10062)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=10062&action=view)
example of code to warn, proposed partial patch
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer overflow should be warned on assignment to wider variable alexey at hyperroll dot com
2005-10-26 15:01 ` [Bug c/24542] " alexey at hyperroll dot com
2005-10-26 15:03 ` alexey at hyperroll dot com
@ 2005-10-26 15:59 ` pinskia at gcc dot gnu dot org
2005-10-26 16:00 ` pinskia at gcc dot gnu dot org
` (6 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-10-26 15:59 UTC (permalink / raw)
To: gcc-bugs
------- Comment #3 from pinskia at gcc dot gnu dot org 2005-10-26 15:59 -------
You should be patching the mainline as the C parser has changed to a non bison
based parser.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer overflow should be warned on assignment to wider variable alexey at hyperroll dot com
` (2 preceding siblings ...)
2005-10-26 15:59 ` [Bug c/24542] potential " pinskia at gcc dot gnu dot org
@ 2005-10-26 16:00 ` pinskia at gcc dot gnu dot org
2005-10-26 17:12 ` alexey at hyperroll dot com
` (5 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-10-26 16:00 UTC (permalink / raw)
To: gcc-bugs
------- Comment #4 from pinskia at gcc dot gnu dot org 2005-10-26 16:00 -------
Please also make the warning conditional based on an option and make the
option.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer overflow should be warned on assignment to wider variable alexey at hyperroll dot com
` (3 preceding siblings ...)
2005-10-26 16:00 ` pinskia at gcc dot gnu dot org
@ 2005-10-26 17:12 ` alexey at hyperroll dot com
2005-11-01 22:29 ` pinskia at gcc dot gnu dot org
` (4 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: alexey at hyperroll dot com @ 2005-10-26 17:12 UTC (permalink / raw)
To: gcc-bugs
------- Comment #5 from alexey at hyperroll dot com 2005-10-26 17:12 -------
Sir, it's my first report here, and I see the code first time. I hope that both
comments #3 and #4 are not for me. Or am I mistaken?
Otherwise, what document (preferably, short) should I read to understand the
ideology of the parse tree, and its details.
Also, why have I done the parser non-bison compatible? I've taken the stable
release, not the CVS revision.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer overflow should be warned on assignment to wider variable alexey at hyperroll dot com
` (4 preceding siblings ...)
2005-10-26 17:12 ` alexey at hyperroll dot com
@ 2005-11-01 22:29 ` pinskia at gcc dot gnu dot org
2006-03-13 21:49 ` alexey at hyperroll dot com
` (3 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-11-01 22:29 UTC (permalink / raw)
To: gcc-bugs
------- Comment #6 from pinskia at gcc dot gnu dot org 2005-11-01 22:29 -------
(In reply to comment #5)
> Sir, it's my first report here, and I see the code first time. I hope that both
> comments #3 and #4 are not for me. Or am I mistaken?
They were the person who was written the code.
> Otherwise, what document (preferably, short) should I read to understand the
> ideology of the parse tree, and its details.
> Also, why have I done the parser non-bison compatible? I've taken the stable
> release, not the CVS revision.
The fix you are proposing would go on the mainline first (well in this case it
would only go on the mainline). And since the mainline (CVS/SVN trunk) is
using a non bison parser, you would have to change your code to deal with that.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer overflow should be warned on assignment to wider variable alexey at hyperroll dot com
` (5 preceding siblings ...)
2005-11-01 22:29 ` pinskia at gcc dot gnu dot org
@ 2006-03-13 21:49 ` alexey at hyperroll dot com
2006-03-13 21:52 ` pinskia at gcc dot gnu dot org
` (2 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: alexey at hyperroll dot com @ 2006-03-13 21:49 UTC (permalink / raw)
To: gcc-bugs
------- Comment #7 from alexey at hyperroll dot com 2006-03-13 21:49 -------
(In reply to comment #6)
So, who is actually going to fix the issue?
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer overflow should be warned on assignment to wider variable alexey at hyperroll dot com
` (6 preceding siblings ...)
2006-03-13 21:49 ` alexey at hyperroll dot com
@ 2006-03-13 21:52 ` pinskia at gcc dot gnu dot org
2006-09-18 0:18 ` pinskia at gcc dot gnu dot org
2006-09-18 5:48 ` alexey at hyperroll dot com
9 siblings, 0 replies; 13+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2006-03-13 21:52 UTC (permalink / raw)
To: gcc-bugs
------- Comment #8 from pinskia at gcc dot gnu dot org 2006-03-13 21:52 -------
(In reply to comment #7)
> So, who is actually going to fix the issue?
If you want it fixed, you should update it to the mainline and then post the
patch.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer overflow should be warned on assignment to wider variable alexey at hyperroll dot com
` (7 preceding siblings ...)
2006-03-13 21:52 ` pinskia at gcc dot gnu dot org
@ 2006-09-18 0:18 ` pinskia at gcc dot gnu dot org
2006-09-18 5:48 ` alexey at hyperroll dot com
9 siblings, 0 replies; 13+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2006-09-18 0:18 UTC (permalink / raw)
To: gcc-bugs
------- Comment #9 from pinskia at gcc dot gnu dot org 2006-09-18 00:18 -------
We should never warn on multiply because it is just too crazy to. This is what
debugging is about, debug your program for mistakes like this.
--
pinskia at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |WONTFIX
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer overflow should be warned on assignment to wider variable alexey at hyperroll dot com
` (8 preceding siblings ...)
2006-09-18 0:18 ` pinskia at gcc dot gnu dot org
@ 2006-09-18 5:48 ` alexey at hyperroll dot com
9 siblings, 0 replies; 13+ messages in thread
From: alexey at hyperroll dot com @ 2006-09-18 5:48 UTC (permalink / raw)
To: gcc-bugs
------- Comment #10 from alexey at hyperroll dot com 2006-09-18 05:48 -------
(In reply to comment #9)
> We should never warn on multiply because it is just too crazy to. This is what
> debugging is about, debug your program for mistakes like this.
The citation may be used to eliminate every warning any compiler produces:
"just debug, why bother? Ain't you a programmer?" I've tried to specify a
warning that comes for developers when they do a scaling of their applications
for a larger input data, and just do not see when the overflowing happens.
So, you're free to reject the issue, but the reason you've given... Personally,
I do not accept it.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
[not found] <bug-24542-4@http.gcc.gnu.org/bugzilla/>
2023-03-31 7:16 ` pinskia at gcc dot gnu.org
@ 2023-03-31 8:15 ` zhangboyang.id at gmail dot com
1 sibling, 0 replies; 13+ messages in thread
From: zhangboyang.id at gmail dot com @ 2023-03-31 8:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
--- Comment #12 from Zhang Boyang <zhangboyang.id at gmail dot com> ---
Hi,
Sorry for filled a duplicate bug. But I'd like to suggest reconsider this
feature request. Here are two reasons:
1) "u64 = 1 << u32", "u64 = u32 * u32" are common mistakes in beginners,
2) These expressions may introduce vulnerability especially on now-widely-used
64-bit machines:
On a typical 64-bit machine, it's ok to write:
unsigned x = ...;
malloc(sizeof(...) + x)
but it will introduce vulnerability with a trivial change of "*2", i.e.:
malloc(sizeof(...) + x * 2)
If expression is very long, it's very hard to find out where is the bug.
Instead of warn on multiplys, I suggest a new "-Wexpr-conversion", it will
detect and warn on implicit conversions if and only if: 1) convert to wider
variable, and 2) value is real expression (i.e. result of operands, like a*b;
but not variable or function call or explicit cast)
For example, it should warn on:
uint64_t u64 = ...;
uint32_t u32 = ...;
u64 = 1 << u32;
// ^^^^^^^^
// suggests "u64 = (uint64_t)1 << (uint64_t)u32"
// suppressed by "u64 = (uint32_t)(1 << u32)"
But not on:
u64 = u32;
u64 = (u32)(...);
u64 = f(...);
This might be a kind of noisy warning like "-Wconversion" but I believe it will
help some people (we can just disable it by default).
Zhang Boyang
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
[not found] <bug-24542-4@http.gcc.gnu.org/bugzilla/>
@ 2023-03-31 7:16 ` pinskia at gcc dot gnu.org
2023-03-31 8:15 ` zhangboyang.id at gmail dot com
1 sibling, 0 replies; 13+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-03-31 7:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |zhangboyang.id at gmail dot com
--- Comment #11 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
*** Bug 109352 has been marked as a duplicate of this bug. ***
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2023-03-31 8:15 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-10-26 14:54 [Bug c/24542] New: integer overflow should be warned on assignment to wider variable alexey at hyperroll dot com
2005-10-26 15:01 ` [Bug c/24542] " alexey at hyperroll dot com
2005-10-26 15:03 ` alexey at hyperroll dot com
2005-10-26 15:59 ` [Bug c/24542] potential " pinskia at gcc dot gnu dot org
2005-10-26 16:00 ` pinskia at gcc dot gnu dot org
2005-10-26 17:12 ` alexey at hyperroll dot com
2005-11-01 22:29 ` pinskia at gcc dot gnu dot org
2006-03-13 21:49 ` alexey at hyperroll dot com
2006-03-13 21:52 ` pinskia at gcc dot gnu dot org
2006-09-18 0:18 ` pinskia at gcc dot gnu dot org
2006-09-18 5:48 ` alexey at hyperroll dot com
[not found] <bug-24542-4@http.gcc.gnu.org/bugzilla/>
2023-03-31 7:16 ` pinskia at gcc dot gnu.org
2023-03-31 8:15 ` zhangboyang.id at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).