public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "jiajing_zheng at 163 dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug sanitizer/113669] New: -fsanitize=undefined failed to check a signed integer overflow
Date: Tue, 30 Jan 2024 15:04:28 +0000	[thread overview]
Message-ID: <bug-113669-4@http.gcc.gnu.org/bugzilla/> (raw)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113669

            Bug ID: 113669
           Summary: -fsanitize=undefined failed to check a signed integer
                    overflow
           Product: gcc
           Version: 12.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: jiajing_zheng at 163 dot com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
  Target Milestone: ---

I took a motion of the loop invariant expression of source.c and got
mutation.c.
Both the two files have a signed integer overflow problem.
I checked both files using -fsanitize=undefined at the -O0,-O1,-O2,-O3,-Os
optimization levels. The results showed that 'signed integer overflow' was
given for mutation.c at -O0,-O1,-O3,-Os, but missing at -O2. And for source.c,
the message was missing at all the above optimization levels.

jing@jing-ubuntu:~$ cat source.c 

static int g_B = -66265337;
static unsigned char g_A[2] = {0b00110110, 0b01111010};

static void func_1(void);

static void func_1(void) {
  char *arr[4];
  char ch = '1';
  int i;
  for (i = 0; i < 4; i++) {
    // source statement:
    g_A[0] += ((int)(g_B * g_A[1])) & (g_A[1] & g_A[0]) | g_A[0];
          arr[i] = &ch;
  }
}

int main(void) {
  func_1();
  return 0;
}

jing@jing-ubuntu:~$ cat mutation.c 

static int g_B = -66265337;
static unsigned char g_A[2] = {0b00110110, 0b01111010};

static void func_1(void);

static void func_1(void) {
  char *arr[4];
  char ch = '1';
  int i;
  //loop invaraint expression motion:
  int temp = (int)(g_B * g_A[1]);
  for (i = 0; i < 4; i++) {
    // mutation statement:
    g_A[0] += temp & (g_A[1] & g_A[0]) | g_A[0];
          arr[i] = &ch;
  }
}

int main(void) {
  func_1();
  return 0;
}


results for source.c:
jing@jing-ubuntu:~$ gcc source.c -fsanitize=undefined,address -O0 && ./a.out
jing@jing-ubuntu:~$ gcc source.c -fsanitize=undefined,address -O1 && ./a.out
jing@jing-ubuntu:~$ gcc source.c -fsanitize=undefined,address -O2 && ./a.out
jing@jing-ubuntu:~$ gcc source.c -fsanitize=undefined,address -O3 && ./a.out
jing@jing-ubuntu:~$ gcc source.c -fsanitize=undefined,address -Os && ./a.out

result for mutation.c at -O2:
jing@jing-ubuntu:~$ gcc mutation.c -fsanitize=undefined,address -O2 && ./a.out

results for mutation.c at -O0,-O1,-O3,-Os:
jing@jing-ubuntu:~$ gcc mutation.c -fsanitize=undefined,address -O0 && ./a.out
mutation.c:12:7: runtime error: signed integer overflow: 122 * -66265337 cannot
be represented in type 'int'
jing@jing-ubuntu:~$ gcc mutation.c -fsanitize=undefined,address -O1 && ./a.out
mutation.c:12:7: runtime error: signed integer overflow: 122 * -66265337 cannot
be represented in type 'int'
jing@jing-ubuntu:~$ gcc mutation.c -fsanitize=undefined,address -O3 && ./a.out
mutation.c:12:7: runtime error: signed integer overflow: 122 * -66265337 cannot
be represented in type 'int'
jing@jing-ubuntu:~$ gcc mutation.c -fsanitize=undefined,address -Os && ./a.out
mutation.c:12:7: runtime error: signed integer overflow: 122 * -66265337 cannot
be represented in type 'int'


jing@jing-ubuntu:~$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/home/jing/gcc-12.2.0/usr/local/bin/../libexec/gcc/x86_64-pc-linux-gnu/12.2.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: ../configure -enable-checking=release -enable-languages=c,c++
-disable-multilib
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 12.2.0 (GCC)

             reply	other threads:[~2024-01-30 15:04 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-30 15:04 jiajing_zheng at 163 dot com [this message]
2024-01-30 15:38 ` [Bug sanitizer/113669] " jakub at gcc dot gnu.org
2024-01-31  8:03 ` [Bug middle-end/113669] " rguenth at gcc dot gnu.org
2024-02-01  7:59 ` jiajing_zheng at 163 dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-113669-4@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).