From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 70EC1385782B; Thu,  7 Mar 2024 09:08:38 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 70EC1385782B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1709802518;
	bh=H9WswvZtAaLW0xJod2i0iomZDF5FirWcqeXtIEeY5mU=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=RjOrlXbJ0IWNZz0xcr9Q6LDqm3AVVrM1Y62yTUEP2b72gKGmweSV50ndWVzveTyWu
	 fpTP8sxMbY9ZKlI3xxvZBIUAIutNtnleK+FjxSbcHkzydex8O2htd8q+TMHFAYMbll
	 oAO+mHD3YYEmmV0Ic0t6NsgR4k4lgc6MrQnzWF8c=
From: "cvs-commit at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug middle-end/105533] UBSAN: gcc/expmed.cc:3272:26: runtime error:
 signed integer overflow: -9223372036854775808 - 1 cannot be represented in
 type 'long int'
Date: Thu, 07 Mar 2024 09:08:37 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: middle-end
X-Bugzilla-Version: 13.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: cvs-commit at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-105533-4-7fUy33kg7Q@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-105533-4@http.gcc.gnu.org/bugzilla/>
References: <bug-105533-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D105533

--- Comment #12 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jakub Jelinek <jakub@gcc.gnu.org>:

https://gcc.gnu.org/g:c655c8d8d845b36c59babb2413ce7aa3584dbeda

commit r14-9354-gc655c8d8d845b36c59babb2413ce7aa3584dbeda
Author: Jakub Jelinek <jakub@redhat.com>
Date:   Thu Mar 7 10:02:00 2024 +0100

    expand: Fix UB in choose_mult_variant [PR105533]

    As documented in the function comment, choose_mult_variant attempts to
    compute costs of 3 different cases, val, -val and val - 1.
    The -val case is actually only done if val fits into host int, so there
    should be no overflow, but the val - 1 case is done unconditionally.
    val is shwi (but inside of synth_mult already uhwi), so when val is
    HOST_WIDE_INT_MIN, val - 1 invokes UB.  The following patch fixes that
    by using val - HOST_WIDE_INT_1U, but I'm not really convinced it would
    DTRT for > 64-bit modes, so I've guarded it as well.  Though, arch
    would need to have really strange costs that something that could be
    expressed as x << 63 would be better expressed as (x * 0x7fffffffffffff=
ff)
+ 1
    In the long term, I think we should just rewrite
    choose_mult_variant/synth_mult etc. to work on wide_int.

    2024-03-07  Jakub Jelinek  <jakub@redhat.com>

            PR middle-end/105533
            * expmed.cc (choose_mult_variant): Only try the val - 1 variant
            if val is not HOST_WIDE_INT_MIN or if mode has exactly
            HOST_BITS_PER_WIDE_INT precision.  Avoid triggering UB while
computing
            val - 1.

            * gcc.dg/pr105533.c: New test.=