public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug sanitizer/108995] New: Missed signed integer overflow checks in UBsan? @ 2023-03-02 19:00 qrzhang at gatech dot edu 2023-03-06 12:42 ` [Bug sanitizer/108995] Missed signed integer overflow checks in UBsan? since r8-343-g2bf54d93f159210d marxin at gcc dot gnu.org ` (4 more replies) 0 siblings, 5 replies; 6+ messages in thread From: qrzhang at gatech dot edu @ 2023-03-02 19:00 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108995 Bug ID: 108995 Summary: Missed signed integer overflow checks in UBsan? Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: qrzhang at gatech dot edu CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org Target Milestone: --- $ cat abc.c int printf(const char *, ...); int a; const int b = 44514; int *c = &a; void main(void) { *c = 65526 * b / 6; printf("%d\n", a); } Ubsan did not emit any message. However, the outputs are different. $ gcc-trunk -O3 -fsanitize=undefined abc.c ; ./a.out -229690488 $ gcc-trunk -fsanitize=undefined abc.c ; ./a.out 486137394 ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug sanitizer/108995] Missed signed integer overflow checks in UBsan? since r8-343-g2bf54d93f159210d 2023-03-02 19:00 [Bug sanitizer/108995] New: Missed signed integer overflow checks in UBsan? qrzhang at gatech dot edu @ 2023-03-06 12:42 ` marxin at gcc dot gnu.org 2023-03-07 7:54 ` rguenth at gcc dot gnu.org ` (3 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: marxin at gcc dot gnu.org @ 2023-03-06 12:42 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108995 Martin Liška <marxin at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Missed signed integer |Missed signed integer |overflow checks in UBsan? |overflow checks in UBsan? | |since | |r8-343-g2bf54d93f159210d Status|UNCONFIRMED |NEW CC| |rguenth at gcc dot gnu.org Ever confirmed|0 |1 Last reconfirmed| |2023-03-06 --- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> --- We regress since r8-343-g2bf54d93f159210d. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug sanitizer/108995] Missed signed integer overflow checks in UBsan? since r8-343-g2bf54d93f159210d 2023-03-02 19:00 [Bug sanitizer/108995] New: Missed signed integer overflow checks in UBsan? qrzhang at gatech dot edu 2023-03-06 12:42 ` [Bug sanitizer/108995] Missed signed integer overflow checks in UBsan? since r8-343-g2bf54d93f159210d marxin at gcc dot gnu.org @ 2023-03-07 7:54 ` rguenth at gcc dot gnu.org 2023-03-09 12:57 ` rguenth at gcc dot gnu.org ` (2 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: rguenth at gcc dot gnu.org @ 2023-03-07 7:54 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108995 --- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> --- We already fold this on GENERIC to *c = -229690488(OVF); with optimization and *c = (int) b * 10921; without. It's almost surely through extract_muldiv, we also diagnose t.c: In function ‘main’: t.c:6:14: warning: integer overflow in expression ‘65526 * (int)b’ of type ‘int’ results in ‘-1378142932’ [-Woverflow] 6 | *c = 65526 * b / 6; | ~~~~~~^~~ the issue seems to be that the C frontend, with optimization, constant folds the initializer of 'b' and with all-constants we ignore sanitization (but emit a diagnostic). Without optimization we run into extract_muldiv doing /* If these operations "cancel" each other, we have the main optimizations of this pass, which occur when either constant is a multiple of the other, in which case we replace this with either an operation or CODE or TCODE. If we have an unsigned type, we cannot do this since it will change the result if the original computation overflowed. */ if (TYPE_OVERFLOW_UNDEFINED (ctype) && ((code == MULT_EXPR && tcode == EXACT_DIV_EXPR) || (tcode == MULT_EXPR && code != TRUNC_MOD_EXPR && code != CEIL_MOD_EXPR && code != FLOOR_MOD_EXPR && code != ROUND_MOD_EXPR && code != MULT_EXPR))) { which is "fine". We do have a few && !TYPE_OVERFLOW_SANITIZED checks around but here we're missing it (I also believe we shouldn't do it this way, but ...). Without optimizing -Wstrict-overflow would diagnose this as well. The following fixes the "bug" at -O0 but leaves the constant folding in the frontend untouched (it could possibly refrain from replacing ops with TREE_OVERFLOW constants when sanitizing overflow). I'm not sure we want a patch like the following though. diff --git a/gcc/fold-const.cc b/gcc/fold-const.cc index 9aaea71a2fc..a9af4dbd0a3 100644 --- a/gcc/fold-const.cc +++ b/gcc/fold-const.cc @@ -7102,6 +7102,8 @@ extract_muldiv_1 (tree t, tree c, enum tree_code code, tree wide_type, if (wi::multiple_of_p (wi::to_wide (op1), wi::to_wide (c), TYPE_SIGN (type))) { + if (TYPE_OVERFLOW_SANITIZED (ctype)) + return NULL_TREE; if (TYPE_OVERFLOW_UNDEFINED (ctype)) *strict_overflow_p = true; return fold_build2 (tcode, ctype, fold_convert (ctype, op0), @@ -7112,6 +7114,8 @@ extract_muldiv_1 (tree t, tree c, enum tree_code code, tree wide_type, else if (wi::multiple_of_p (wi::to_wide (c), wi::to_wide (op1), TYPE_SIGN (type))) { + if (TYPE_OVERFLOW_SANITIZED (ctype)) + return NULL_TREE; if (TYPE_OVERFLOW_UNDEFINED (ctype)) *strict_overflow_p = true; return fold_build2 (code, ctype, fold_convert (ctype, op0), ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug sanitizer/108995] Missed signed integer overflow checks in UBsan? since r8-343-g2bf54d93f159210d 2023-03-02 19:00 [Bug sanitizer/108995] New: Missed signed integer overflow checks in UBsan? qrzhang at gatech dot edu 2023-03-06 12:42 ` [Bug sanitizer/108995] Missed signed integer overflow checks in UBsan? since r8-343-g2bf54d93f159210d marxin at gcc dot gnu.org 2023-03-07 7:54 ` rguenth at gcc dot gnu.org @ 2023-03-09 12:57 ` rguenth at gcc dot gnu.org 2023-03-09 13:29 ` cvs-commit at gcc dot gnu.org 2023-03-09 13:30 ` [Bug c/108995] " rguenth at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: rguenth at gcc dot gnu.org @ 2023-03-09 12:57 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108995 Richard Biener <rguenth at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Assignee|unassigned at gcc dot gnu.org |rguenth at gcc dot gnu.org --- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> --- I have posted the patch, waiting for feedback. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug sanitizer/108995] Missed signed integer overflow checks in UBsan? since r8-343-g2bf54d93f159210d 2023-03-02 19:00 [Bug sanitizer/108995] New: Missed signed integer overflow checks in UBsan? qrzhang at gatech dot edu ` (2 preceding siblings ...) 2023-03-09 12:57 ` rguenth at gcc dot gnu.org @ 2023-03-09 13:29 ` cvs-commit at gcc dot gnu.org 2023-03-09 13:30 ` [Bug c/108995] " rguenth at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2023-03-09 13:29 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108995 --- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Richard Biener <rguenth@gcc.gnu.org>: https://gcc.gnu.org/g:ace65db9215882b95e2ead1bb0dc8c54c2ea69be commit r13-6550-gace65db9215882b95e2ead1bb0dc8c54c2ea69be Author: Richard Biener <rguenther@suse.de> Date: Wed Mar 8 09:06:44 2023 +0100 middle-end/108995 - avoid folding when sanitizing overflow The following plugs one place in extract_muldiv where it should avoid folding when sanitizing overflow. PR middle-end/108995 * fold-const.cc (extract_muldiv_1): Avoid folding (CST * b) / CST2 when sanitizing overflow and we rely on overflow being undefined. * gcc.dg/ubsan/pr108995.c: New testcase. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/108995] Missed signed integer overflow checks in UBsan? since r8-343-g2bf54d93f159210d 2023-03-02 19:00 [Bug sanitizer/108995] New: Missed signed integer overflow checks in UBsan? qrzhang at gatech dot edu ` (3 preceding siblings ...) 2023-03-09 13:29 ` cvs-commit at gcc dot gnu.org @ 2023-03-09 13:30 ` rguenth at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: rguenth at gcc dot gnu.org @ 2023-03-09 13:30 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108995 Richard Biener <rguenth at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|sanitizer |c Assignee|rguenth at gcc dot gnu.org |unassigned at gcc dot gnu.org Version|unknown |13.0 Status|ASSIGNED |NEW --- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> --- The -O0 case is now fixed. The optimize case isn't sanitized because it's folded in the frontend - I've changed the component accordingly (but it's also diagnosed at compile-time unconditionally). ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-03-09 13:30 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-03-02 19:00 [Bug sanitizer/108995] New: Missed signed integer overflow checks in UBsan? qrzhang at gatech dot edu 2023-03-06 12:42 ` [Bug sanitizer/108995] Missed signed integer overflow checks in UBsan? since r8-343-g2bf54d93f159210d marxin at gcc dot gnu.org 2023-03-07 7:54 ` rguenth at gcc dot gnu.org 2023-03-09 12:57 ` rguenth at gcc dot gnu.org 2023-03-09 13:29 ` cvs-commit at gcc dot gnu.org 2023-03-09 13:30 ` [Bug c/108995] " rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).