public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/107912] New: UBsan at -O0 missed a signed integer overflow
@ 2022-11-29 12:33 shaohua.li at inf dot ethz.ch
2022-11-29 15:37 ` [Bug sanitizer/107912] shorterning causes a missing " pinskia at gcc dot gnu.org
0 siblings, 1 reply; 2+ messages in thread
From: shaohua.li at inf dot ethz.ch @ 2022-11-29 12:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107912
Bug ID: 107912
Summary: UBsan at -O0 missed a signed integer overflow
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: shaohua.li at inf dot ethz.ch
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
`gcc-trunk -O0 -fsanitize=undefined -fno-sanitize-recover=all` misses the
signed integer overflow, while `gcc-trunk -Ox -fsanitize=address
-fno-sanitize-recover=all` (x=1, 2, 3, or s) can detect it.
Compiler explorer: https://godbolt.org/z/n8qs3z6v4
% cat a.c
unsigned short a;
int b;
int main() {
int c = b = -2147483648;
a = (c && 0 == c) - b;
__builtin_printf("%d\n", a);
}
%
% gcc-tk -O0 -fsanitize=undefined -fno-sanitize-recover=all a.c &&./a.out
0
% gcc-tk -O1 -fsanitize=undefined -fno-sanitize-recover=all -w a.c &&./a.out
a.c:5:21: runtime error: negation of -2147483648 cannot be represented in type
'int'; cast to an unsigned type to negate this value to itself
% gcc-tk -O3 -fsanitize=undefined -fno-sanitize-recover=all -w a.c &&./a.out
a.c:5:21: runtime error: negation of -2147483648 cannot be represented in type
'int'; cast to an unsigned type to negate this value to itself
%
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug sanitizer/107912] shorterning causes a missing signed integer overflow
2022-11-29 12:33 [Bug sanitizer/107912] New: UBsan at -O0 missed a signed integer overflow shaohua.li at inf dot ethz.ch
@ 2022-11-29 15:37 ` pinskia at gcc dot gnu.org
0 siblings, 0 replies; 2+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-11-29 15:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107912
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
Keywords|diagnostic |
Last reconfirmed| |2022-11-29
Summary|UBsan at -O0 missed a |shorterning causes a
|signed integer overflow |missing signed integer
| |overflow
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Another example where optimization level does not matter:
```
unsigned short a;
int b;
int main() {
int c = b = -2147483648;
unsigned short t = 0;
a = t - b;
__builtin_printf("%d\n", a);
}
```
I thought we had there was a bug report about this but I can't find it right
now.
Anyways confirmed. The only reason why the original example works at -O1 and
above is because (c && c == 0) is figured out to be false (0) and then 0-b is
translated into -b and the shorterning does not happen.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-11-29 15:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-29 12:33 [Bug sanitizer/107912] New: UBsan at -O0 missed a signed integer overflow shaohua.li at inf dot ethz.ch
2022-11-29 15:37 ` [Bug sanitizer/107912] shorterning causes a missing " pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).