public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libgcc/114762] New: wrong code with _BitInt() division by "BITINT_NN_MIN"
@ 2024-04-18  5:40 zsojka at seznam dot cz
  2024-04-18 10:34 ` [Bug libgcc/114762] " zsojka at seznam dot cz
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: zsojka at seznam dot cz @ 2024-04-18  5:40 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114762

            Bug ID: 114762
           Summary: wrong code with _BitInt() division by "BITINT_NN_MIN"
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Keywords: wrong-code
          Severity: normal
          Priority: P3
         Component: libgcc
          Assignee: unassigned at gcc dot gnu.org
          Reporter: zsojka at seznam dot cz
  Target Milestone: ---
              Host: x86_64-pc-linux-gnu
            Target: x86_64-pc-linux-gnu

Created attachment 57980
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57980&action=edit
reduced testcase

Output:
$ x86_64-pc-linux-gnu-gcc testcase.c
$ ./a.out 
Floating point exception

Program received signal SIGFPE, Arithmetic exception.
0x0000000000401dc1 in __divmodbitint4 (q=0x7fffffffd7a0, qprec=<optimized out>,
r=0x0, rprec=<optimized out>, 
    u=<optimized out>, uprec=64, v=0x7fffffffd780, vprec=<optimized out>) at
/repo/gcc-trunk/libgcc/libgcc2.c:1866
1866                vv = 1 / vv; /* Divide intentionally by zero.  */


$ x86_64-pc-linux-gnu-gcc -v
Using built-in specs.
COLLECT_GCC=/repo/gcc-trunk/binary-latest-amd64/bin/x86_64-pc-linux-gnu-gcc
COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r14-9960-20240415001639-gfe99ab1f5e9-checking-yes-rtl-df-extra-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/14.0.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++
--enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra
--with-cloog --with-ppl --with-isl --build=x86_64-pc-linux-gnu
--host=x86_64-pc-linux-gnu --target=x86_64-pc-linux-gnu
--with-ld=/usr/bin/x86_64-pc-linux-gnu-ld
--with-as=/usr/bin/x86_64-pc-linux-gnu-as --enable-libsanitizer
--disable-libstdcxx-pch
--prefix=/repo/gcc-trunk//binary-trunk-r14-9960-20240415001639-gfe99ab1f5e9-checking-yes-rtl-df-extra-amd64
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 14.0.1 20240415 (experimental) (GCC)

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug libgcc/114762] wrong code with _BitInt() division by "BITINT_NN_MIN"
  2024-04-18  5:40 [Bug libgcc/114762] New: wrong code with _BitInt() division by "BITINT_NN_MIN" zsojka at seznam dot cz
@ 2024-04-18 10:34 ` zsojka at seznam dot cz
  2024-04-18 11:03 ` jakub at gcc dot gnu.org
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: zsojka at seznam dot cz @ 2024-04-18 10:34 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114762

--- Comment #1 from Zdenek Sojka <zsojka at seznam dot cz> ---
Created attachment 57981
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57981&action=edit
testcase trying reasonable input for division (and multiplication)

This can be used to test various input combinations. It might be reasonable to
try both -O0 and -O3.

$ x86_64-pc-linux-gnu-gcc tg.c -O0 -fsanitize=undefined -g3 -static && ./a.out 
1 0
Floating point exception

$ aarch64-unknown-linux-gnu-gcc tg.c -O3 -static && qemu-aarch64 -- ./a.out 
1 0
2 0
2 1
3 0
...
62 57
62 58
62 59
62 60
62 61
63 0
a.out: tg.c:35: divmod: Assertion `q * sb + r == sa' failed.
qemu: uncaught target signal 6 (Aborted) - core dumped
Aborted

No warranty for code correctness.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug libgcc/114762] wrong code with _BitInt() division by "BITINT_NN_MIN"
  2024-04-18  5:40 [Bug libgcc/114762] New: wrong code with _BitInt() division by "BITINT_NN_MIN" zsojka at seznam dot cz
  2024-04-18 10:34 ` [Bug libgcc/114762] " zsojka at seznam dot cz
@ 2024-04-18 11:03 ` jakub at gcc dot gnu.org
  2024-04-19  6:47 ` cvs-commit at gcc dot gnu.org
  2024-04-19  6:49 ` jakub at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-04-18 11:03 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114762

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2024-04-18
             Status|UNCONFIRMED                 |ASSIGNED
           Assignee|unassigned at gcc dot gnu.org      |jakub at gcc dot gnu.org

--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Created attachment 57982
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57982&action=edit
gcc14-pr114762.patch

Untested fix.
Note, -0x10000000000000000wb is not _BitInt(65) minimum, but _BitInt(66) with
value equal to _BitInt(65) minimum.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug libgcc/114762] wrong code with _BitInt() division by "BITINT_NN_MIN"
  2024-04-18  5:40 [Bug libgcc/114762] New: wrong code with _BitInt() division by "BITINT_NN_MIN" zsojka at seznam dot cz
  2024-04-18 10:34 ` [Bug libgcc/114762] " zsojka at seznam dot cz
  2024-04-18 11:03 ` jakub at gcc dot gnu.org
@ 2024-04-19  6:47 ` cvs-commit at gcc dot gnu.org
  2024-04-19  6:49 ` jakub at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-04-19  6:47 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114762

--- Comment #3 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jakub Jelinek <jakub@gcc.gnu.org>:

https://gcc.gnu.org/g:36f4c8a9ac8f71fc21fcb169c7913e8fef30d15c

commit r14-10034-g36f4c8a9ac8f71fc21fcb169c7913e8fef30d15c
Author: Jakub Jelinek <jakub@redhat.com>
Date:   Fri Apr 19 08:44:54 2024 +0200

    libgcc: Another __divmodbitint4 bug fix [PR114762]

    The following testcase is miscompiled because the code to decrement
    vn on negative value with all ones in most significant limb (even partial)
    and 0 in most significant bit of the second most significant limb doesn't
    take into account the case where all bits below the most significant limb
    are zero.  This has been a problem both in the version before yesterday's
    commit where it has been done only if un was one shorter than vn before
this
    decrement, and is now problem even more often when it is done earlier.
    When we decrement vn in such case and negate it, we end up with all 0s in
    the v2 value, so have both the problems with UB on __builtin_clz* and the
    expectations of the algorithm that the divisor has most significant bit set
    after shifting, plus when the decremented vn is 1 it can SIGFPE on division
    by zero even when it is not division by zero etc.  Other values shouldn't
    get 0 in the new most significant limb after negation, because the
    bitint_reduce_prec canonicalization should reduce prec if the second most
    significant limb is all ones and if that limb is all zeros, if at least
    one limb below it is non-zero, carry in will make it non-zero.

    The following patch fixes it by checking if at least one bit below the
    most significant limb is non-zero, in that case it decrements, otherwise
    it will do nothing (but e.g. for the un < vn case that also means the
    divisor is large enough that the result should be q 0 r u).

    2024-04-18  Jakub Jelinek  <jakub@redhat.com>

            PR libgcc/114762
            * libgcc2.c (__divmodbitint4): Perform the decrement on negative
            v with most significant limb all ones and the second least
            significant limb with most significant bit clear always, regardless
of
            un < vn.

            * gcc.dg/torture/bitint-70.c: New test.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug libgcc/114762] wrong code with _BitInt() division by "BITINT_NN_MIN"
  2024-04-18  5:40 [Bug libgcc/114762] New: wrong code with _BitInt() division by "BITINT_NN_MIN" zsojka at seznam dot cz
                   ` (2 preceding siblings ...)
  2024-04-19  6:47 ` cvs-commit at gcc dot gnu.org
@ 2024-04-19  6:49 ` jakub at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-04-19  6:49 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114762

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed.

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-04-19  6:49 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-18  5:40 [Bug libgcc/114762] New: wrong code with _BitInt() division by "BITINT_NN_MIN" zsojka at seznam dot cz
2024-04-18 10:34 ` [Bug libgcc/114762] " zsojka at seznam dot cz
2024-04-18 11:03 ` jakub at gcc dot gnu.org
2024-04-19  6:47 ` cvs-commit at gcc dot gnu.org
2024-04-19  6:49 ` jakub at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).