public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/113628] New: -fsanitize=undefined failed to check a signed integer overflow
@ 2024-01-27 14:31 jiajing_zheng at 163 dot com
2024-01-27 16:10 ` [Bug sanitizer/113628] " harald at gigawatt dot nl
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: jiajing_zheng at 163 dot com @ 2024-01-27 14:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113628
Bug ID: 113628
Summary: -fsanitize=undefined failed to check a signed integer
overflow
Product: gcc
Version: 12.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: jiajing_zheng at 163 dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
The following two files are equivalent(I took a motion of the loop invariant
expression of source.c and got mutation.c).
I checked both files using -fsanitize=undefined and the results showed that
'signed integer overflow' was given for mutation.c, but this message was
missing for source.c. This is the case in both release version 12.2.0 and
version 13.2.0.
jing@jing-ubuntu:~$ cat source.c
static int g_3 = 0b11000111000010111011011101000011;
static char g_51 = 2L;
static unsigned char g_106 = 252UL;
inline static void func_1(void) {
int i;
for (i = 0; i < 1; i++) {
// source statement:
g_3 *= (g_106 / (g_51 ? g_51 : 16653417461)) | (g_51 & g_3) + g_3;
}
for (g_3 = (-6); (g_3 != 29); ++g_3) {
}
}
int main(void) {
func_1();
return 0;
}
jing@jing-ubuntu:~/Desktop/issue$ cat mutation.c
static int g_3 = 0b11000111000010111011011101000011;
static char g_51 = 2L;
static unsigned char g_106 = 252UL;
inline static void func_1(void) {
int i;
// loop invariant motion:
int TVH = (g_106 / (g_51 ? g_51 : 16653417461));
for (i = 0; i < 1; i++) {
// mutation statement:
g_3 *= TVH | (g_51 & g_3) + g_3;
}
for (g_3 = (-6); (g_3 != 29); ++g_3) {
}
}
int main(void) {
func_1();
return 0;
}
results both in gcc version 12.2.0 and 13.2.0:
jing@jing-ubuntu:~$ gcc source.c -fsanitize=undefined -O0 && ./a.out
jing@jing-ubuntu:~$ gcc mutation.c -fsanitize=undefined -O0 && ./a.out
mutation.c:11:9: runtime error: signed integer overflow: -955533441 *
-955533501 cannot be represented in type 'int'
jing@jing-ubuntu:~$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/home/jing/gcc-12.2.0/usr/local/bin/../libexec/gcc/x86_64-pc-linux-gnu/12.2.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: ../configure -enable-checking=release -enable-languages=c,c++
-disable-multilib
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 12.2.0 (GCC)
jing@jing-ubuntu:~$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/home/jing/gcc-13.2.0-install/libexec/gcc/x86_64-pc-linux-gnu/13.2.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: ../configure --prefix=/home/jing/gcc-13.2.0-install
--enable-threads=posix -enable-checking=release -enable-languages=c,c++
-disable-multilib
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 13.2.0 (GCC)
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug sanitizer/113628] -fsanitize=undefined failed to check a signed integer overflow
2024-01-27 14:31 [Bug sanitizer/113628] New: -fsanitize=undefined failed to check a signed integer overflow jiajing_zheng at 163 dot com
@ 2024-01-27 16:10 ` harald at gigawatt dot nl
2024-01-27 16:35 ` jiajing_zheng at 163 dot com
2024-01-27 16:47 ` jakub at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: harald at gigawatt dot nl @ 2024-01-27 16:10 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113628
Harald van Dijk <harald at gigawatt dot nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |harald at gigawatt dot nl
--- Comment #1 from Harald van Dijk <harald at gigawatt dot nl> ---
These two files are not equivalent. The equivalent would be
long TVH = (g_106 / (g_51 ? g_51 : 16653417461));
because that is the type that subexpression has. The constant of type long
causes everything to be promoted to long, and then finally truncated to int.
That is well-defined. By making TVH an int, all the other operations are
performed in type int as well.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug sanitizer/113628] -fsanitize=undefined failed to check a signed integer overflow
2024-01-27 14:31 [Bug sanitizer/113628] New: -fsanitize=undefined failed to check a signed integer overflow jiajing_zheng at 163 dot com
2024-01-27 16:10 ` [Bug sanitizer/113628] " harald at gigawatt dot nl
@ 2024-01-27 16:35 ` jiajing_zheng at 163 dot com
2024-01-27 16:47 ` jakub at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: jiajing_zheng at 163 dot com @ 2024-01-27 16:35 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113628
--- Comment #2 from Jiajing_Zheng <jiajing_zheng at 163 dot com> ---
(In reply to Harald van Dijk from comment #1)
> These two files are not equivalent. The equivalent would be
> long TVH = (g_106 / (g_51 ? g_51 : 16653417461));
> because that is the type that subexpression has. The constant of type long
> causes everything to be promoted to long, and then finally truncated to int.
> That is well-defined. By making TVH an int, all the other operations are
> performed in type int as well.
I'm sorry, I did overlook the type promotion. Thanks for your reply.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug sanitizer/113628] -fsanitize=undefined failed to check a signed integer overflow
2024-01-27 14:31 [Bug sanitizer/113628] New: -fsanitize=undefined failed to check a signed integer overflow jiajing_zheng at 163 dot com
2024-01-27 16:10 ` [Bug sanitizer/113628] " harald at gigawatt dot nl
2024-01-27 16:35 ` jiajing_zheng at 163 dot com
@ 2024-01-27 16:47 ` jakub at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-01-27 16:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113628
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |INVALID
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-01-27 16:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-27 14:31 [Bug sanitizer/113628] New: -fsanitize=undefined failed to check a signed integer overflow jiajing_zheng at 163 dot com
2024-01-27 16:10 ` [Bug sanitizer/113628] " harald at gigawatt dot nl
2024-01-27 16:35 ` jiajing_zheng at 163 dot com
2024-01-27 16:47 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).