From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 9B1253857730; Tue, 30 Jan 2024 15:04:28 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9B1253857730
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1706627068;
	bh=YNXcfriexUW4m1QtFfrfgnrMCvGq8p/kH6l2tzVJjT8=;
	h=From:To:Subject:Date:From;
	b=BIhYICS0F4OqfDXeRpTt2Tq0/cqWQR5+zEgI7nYiriEwukRHEmHetszIvPghld1U8
	 IZCd4C0/Qn4JCuI8BrvmUmWs5uUS4xKAnrxxm3FeJeK99fA3JB7wPUkn2KUVKJItgJ
	 lsTw2uAt+bKgMEOnlaKLQTrNDQpgcg3t1CNqHa8g=
From: "jiajing_zheng at 163 dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug sanitizer/113669] New: -fsanitize=undefined failed to check a
 signed integer overflow
Date: Tue, 30 Jan 2024 15:04:28 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: sanitizer
X-Bugzilla-Version: 12.2.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: jiajing_zheng at 163 dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter cc target_milestone
Message-ID: <bug-113669-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D113669

            Bug ID: 113669
           Summary: -fsanitize=3Dundefined failed to check a signed integer
                    overflow
           Product: gcc
           Version: 12.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: jiajing_zheng at 163 dot com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
  Target Milestone: ---

I took a motion of the loop invariant expression of source.c and got
mutation.c.
Both the two files have a signed integer overflow problem.
I checked both files using -fsanitize=3Dundefined at the -O0,-O1,-O2,-O3,-Os
optimization levels. The results showed that 'signed integer overflow' was
given for mutation.c at -O0,-O1,-O3,-Os, but missing at -O2. And for source=
.c,
the message was missing at all the above optimization levels.

jing@jing-ubuntu:~$ cat source.c=20

static int g_B =3D -66265337;
static unsigned char g_A[2] =3D {0b00110110, 0b01111010};

static void func_1(void);

static void func_1(void) {
  char *arr[4];
  char ch =3D '1';
  int i;
  for (i =3D 0; i < 4; i++) {
    // source statement:
    g_A[0] +=3D ((int)(g_B * g_A[1])) & (g_A[1] & g_A[0]) | g_A[0];
          arr[i] =3D &ch;
  }
}

int main(void) {
  func_1();
  return 0;
}

jing@jing-ubuntu:~$ cat mutation.c=20

static int g_B =3D -66265337;
static unsigned char g_A[2] =3D {0b00110110, 0b01111010};

static void func_1(void);

static void func_1(void) {
  char *arr[4];
  char ch =3D '1';
  int i;
  //loop invaraint expression motion:
  int temp =3D (int)(g_B * g_A[1]);
  for (i =3D 0; i < 4; i++) {
    // mutation statement:
    g_A[0] +=3D temp & (g_A[1] & g_A[0]) | g_A[0];
          arr[i] =3D &ch;
  }
}

int main(void) {
  func_1();
  return 0;
}


results for source.c:
jing@jing-ubuntu:~$ gcc source.c -fsanitize=3Dundefined,address -O0 && ./a.=
out
jing@jing-ubuntu:~$ gcc source.c -fsanitize=3Dundefined,address -O1 && ./a.=
out
jing@jing-ubuntu:~$ gcc source.c -fsanitize=3Dundefined,address -O2 && ./a.=
out
jing@jing-ubuntu:~$ gcc source.c -fsanitize=3Dundefined,address -O3 && ./a.=
out
jing@jing-ubuntu:~$ gcc source.c -fsanitize=3Dundefined,address -Os && ./a.=
out

result for mutation.c at -O2:
jing@jing-ubuntu:~$ gcc mutation.c -fsanitize=3Dundefined,address -O2 && ./=
a.out

results for mutation.c at -O0,-O1,-O3,-Os:
jing@jing-ubuntu:~$ gcc mutation.c -fsanitize=3Dundefined,address -O0 && ./=
a.out
mutation.c:12:7: runtime error: signed integer overflow: 122 * -66265337 ca=
nnot
be represented in type 'int'
jing@jing-ubuntu:~$ gcc mutation.c -fsanitize=3Dundefined,address -O1 && ./=
a.out
mutation.c:12:7: runtime error: signed integer overflow: 122 * -66265337 ca=
nnot
be represented in type 'int'
jing@jing-ubuntu:~$ gcc mutation.c -fsanitize=3Dundefined,address -O3 && ./=
a.out
mutation.c:12:7: runtime error: signed integer overflow: 122 * -66265337 ca=
nnot
be represented in type 'int'
jing@jing-ubuntu:~$ gcc mutation.c -fsanitize=3Dundefined,address -Os && ./=
a.out
mutation.c:12:7: runtime error: signed integer overflow: 122 * -66265337 ca=
nnot
be represented in type 'int'


jing@jing-ubuntu:~$ gcc -v
Using built-in specs.
COLLECT_GCC=3Dgcc
COLLECT_LTO_WRAPPER=3D/home/jing/gcc-12.2.0/usr/local/bin/../libexec/gcc/x8=
6_64-pc-linux-gnu/12.2.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: ../configure -enable-checking=3Drelease -enable-languages=
=3Dc,c++
-disable-multilib
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 12.2.0 (GCC)=