From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id D86FF3858D35; Wed, 1 Feb 2023 13:11:22 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D86FF3858D35 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1675257082; bh=qUW4QSSfm3BODSCqqbQtWOvwgMdr7ATJAwpf1uJkaZU=; h=From:To:Subject:Date:In-Reply-To:References:From; b=HQL9f6WxO1HurvuCh6paPAS5lB7k0ZwB1fZ1PhfLmmEc7+CIIPVqcCwfk3ByAQo1F Arcj1vzKswgTpD4g+3CL26KMrkzFHtIK8v3JJDbkBnYGDdZJHY1Ha0z/vCd16FEsgF oKmNcbhJp+7aNa8KKophxTAp5n3/sfWmUtmJapJ0= From: "jakub at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/108481] [10/11/12/13 Regression] UBsan missed a signed integer overflow Date: Wed, 01 Feb 2023 13:11:22 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: wrong-code X-Bugzilla-Severity: normal X-Bugzilla-Who: jakub at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 13.0 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cf_known_to_work short_desc keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D108481 Jakub Jelinek changed: What |Removed |Added ---------------------------------------------------------------------------- Known to work|12.2.0 | Summary|[13 Regression] UBsan |[10/11/12/13 Regression] |missed a signed integer |UBsan missed a signed |overflow |integer overflow Keywords|needs-bisection | --- Comment #5 from Jakub Jelinek --- Why is this marked 13 Regression? I can certainly reproduce up to ~ r26000= 0, with just -O1 -fsanitize=3Dsigned-integer-overflow so that I can use newer libubsan f= or even older code back to r8-93-g2700fbd655f608e8e23. The difference with r8-93 from earlier commits is that we decide to sink the i_15 =3D UBSAN_CHECK_SUB (i_9, 6822162149299574294); statement, because the result of i isn't really used in the path when j =3D=3D 0. We intentionally mark UBSAN_CHECK_SUB etc. internal functions as ECF_CONST,= so that they can be DCEd etc., we don't want to kill performance with -fsanitize=3Dundefined, if you don't care about performance of the code, ju= st use -O0 with -fsanitize=3Dundefined. So, similarly to how we don't diagnose long foo (long i) { i =3D i - 6822162149299574294; return 0; } int main () { return foo (-5354944485355449974); } at -O2 because the result of the subtraction isn't used, we allow the i =3D= i - 6822162149299574294; subtraction to be sunk, so effectively: @@ -11,8 +11,8 @@ static char f(int *g, short h, long i) { if ((i * (unsigned long)7 <=3D 1) << j) ; else { - i =3D i - 6822162149299574294; if (j) { + i =3D i - 6822162149299574294; if (*g) break; continue; change in the source because for the return 8; path nothing cares about the result. I'd say this behaves as designed.=