public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/106885] New: -(a-b) is folded to b-a before the UBSAN pass is run
@ 2022-09-08 1:01 kristerw at gcc dot gnu.org
2022-09-08 9:56 ` [Bug sanitizer/106885] " rguenth at gcc dot gnu.org
0 siblings, 1 reply; 2+ messages in thread
From: kristerw at gcc dot gnu.org @ 2022-09-08 1:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106885
Bug ID: 106885
Summary: -(a-b) is folded to b-a before the UBSAN pass is run
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: kristerw at gcc dot gnu.org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
GCC is folding -(a-b) to b-a before the UBSAN pass is run, which may hide
undefined behavior from the sanitizer.
This can be seen by the following program, which invokes undefined behavior
that is not detected by -fsanitize=undefined
int main(void)
{
volatile int a = 0;
volatile int b = 0x80000000;
return -(a - b);
}
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug sanitizer/106885] -(a-b) is folded to b-a before the UBSAN pass is run
2022-09-08 1:01 [Bug sanitizer/106885] New: -(a-b) is folded to b-a before the UBSAN pass is run kristerw at gcc dot gnu.org
@ 2022-09-08 9:56 ` rguenth at gcc dot gnu.org
0 siblings, 0 replies; 2+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-09-08 9:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106885
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2022-09-08
Status|UNCONFIRMED |NEW
--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
We have ugly TYPE_OVERFLOW_SANITIZED checks in folding but it would be much
better if the sanitizing would happen before any folding is invoked ...
#0 fold_unary_loc (loc=258791, code=NEGATE_EXPR,
type=<integer_type 0x7ffff65365e8 int>, op0=<minus_expr 0x7ffff668f848>)
at /home/rguenther/src/trunk/gcc/fold-const.cc:9275
#1 0x0000000000f5d084 in fold (expr=<negate_expr 0x7ffff669f320>)
at /home/rguenther/src/trunk/gcc/fold-const.cc:13421
#2 0x0000000000beca8c in c_fully_fold_internal (
expr=<negate_expr 0x7ffff669f320>, in_init=false,
maybe_const_operands=0x7fffffffd5ab, maybe_const_itself=0x7fffffffd5aa,
for_int_const=false, lval=false)
at /home/rguenther/src/trunk/gcc/c/c-fold.cc:494
#3 0x0000000000beab7e in c_fully_fold (expr=<negate_expr 0x7ffff669f320>,
in_init=false, maybe_const=0x7fffffffd5ab, lval=false)
at /home/rguenther/src/trunk/gcc/c/c-fold.cc:125
#4 0x0000000000b7a840 in c_finish_return (loc=258791,
retval=<negate_expr 0x7ffff669f320>, origtype=<tree 0x0>)
at /home/rguenther/src/trunk/gcc/c/c-typeck.cc:10927
and match.pd exempts itself:
/* -(A - B) -> B - A. */
(simplify
(negate (minus @0 @1))
(if ((ANY_INTEGRAL_TYPE_P (type) && !TYPE_OVERFLOW_SANITIZED (type))
|| (FLOAT_TYPE_P (type)
&& !HONOR_SIGN_DEPENDENT_ROUNDING (type)
&& !HONOR_SIGNED_ZEROS (type)))
(minus @1 @0)))
but fold_negate_expr_1 does not:
638 case MINUS_EXPR:
639 /* - (A - B) -> B - A */
640 if (!HONOR_SIGN_DEPENDENT_ROUNDING (type)
641 && !HONOR_SIGNED_ZEROS (type))
642 return fold_build2_loc (loc, MINUS_EXPR, type,
643 TREE_OPERAND (t, 1), TREE_OPERAND (t,
0));
644 break;
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-09-08 9:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-08 1:01 [Bug sanitizer/106885] New: -(a-b) is folded to b-a before the UBSAN pass is run kristerw at gcc dot gnu.org
2022-09-08 9:56 ` [Bug sanitizer/106885] " rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).