public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug sanitizer/115156] New: [14 Regression] passing zero to __builtin_clzl() check missing
@ 2024-05-19 8:47 bic60176 at gmail dot com
2024-05-19 9:47 ` [Bug sanitizer/115156] " pinskia at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: bic60176 at gmail dot com @ 2024-05-19 8:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115156
Bug ID: 115156
Summary: [14 Regression] passing zero to __builtin_clzl() check
missing
Product: gcc
Version: 14.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: bic60176 at gmail dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
OS: Ubuntu 22.04.3 LTS
UBSAN missed checking if zero is passed to __builtin_clzl() when compiling with
gcc-14.1.0.
testcase:
```
#include<stdint.h>
void main() {
int32_t b = 0;
(__builtin_clzl(b), 3) && b;
// __builtin_clzl(b); /* gcc-14 can detect this one */
}
```
$ ../compiler-builds/gcc-14.1.0_build/bin/gcc -fsanitize=undefined -g -lgcc_s
testcase.c -o exec
$ ./exec 2>exec.err
$ cat exec.err
$ ../compiler-builds/gcc-13.2.0_build/bin/gcc -fsanitize=undefined -g -lgcc_s
testcase.c -o exec
$ ./exec 2>exec.err
$ cat exec.err
testcase.c:5:4: runtime error: passing zero to clz(), which is not a valid
argument
^ permalink raw reply [flat|nested] 4+ messages in thread* [Bug sanitizer/115156] [14 Regression] passing zero to __builtin_clzl() check missing 2024-05-19 8:47 [Bug sanitizer/115156] New: [14 Regression] passing zero to __builtin_clzl() check missing bic60176 at gmail dot com @ 2024-05-19 9:47 ` pinskia at gcc dot gnu.org 2024-05-19 9:47 ` [Bug sanitizer/115156] [14/15 " pinskia at gcc dot gnu.org 2024-05-19 15:14 ` jakub at gcc dot gnu.org 2 siblings, 0 replies; 4+ messages in thread From: pinskia at gcc dot gnu.org @ 2024-05-19 9:47 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115156 --- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> --- I am not 100% sure this if this case matters as the return value of __builtin_clzl is very much unused. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug sanitizer/115156] [14/15 Regression] passing zero to __builtin_clzl() check missing 2024-05-19 8:47 [Bug sanitizer/115156] New: [14 Regression] passing zero to __builtin_clzl() check missing bic60176 at gmail dot com 2024-05-19 9:47 ` [Bug sanitizer/115156] " pinskia at gcc dot gnu.org @ 2024-05-19 9:47 ` pinskia at gcc dot gnu.org 2024-05-19 15:14 ` jakub at gcc dot gnu.org 2 siblings, 0 replies; 4+ messages in thread From: pinskia at gcc dot gnu.org @ 2024-05-19 9:47 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115156 Andrew Pinski <pinskia at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |14.2 Summary|[14 Regression] passing |[14/15 Regression] passing |zero to __builtin_clzl() |zero to __builtin_clzl() |check missing |check missing ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug sanitizer/115156] [14/15 Regression] passing zero to __builtin_clzl() check missing 2024-05-19 8:47 [Bug sanitizer/115156] New: [14 Regression] passing zero to __builtin_clzl() check missing bic60176 at gmail dot com 2024-05-19 9:47 ` [Bug sanitizer/115156] " pinskia at gcc dot gnu.org 2024-05-19 9:47 ` [Bug sanitizer/115156] [14/15 " pinskia at gcc dot gnu.org @ 2024-05-19 15:14 ` jakub at gcc dot gnu.org 2 siblings, 0 replies; 4+ messages in thread From: jakub at gcc dot gnu.org @ 2024-05-19 15:14 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115156 Jakub Jelinek <jakub at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rguenth at gcc dot gnu.org --- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> --- Started with r14-1880-g827e208fa64771f15fc8e53970a2297e637277b5 Note, the functions in question are const, so they can be dead code eliminated at any time, and the UBSAN instrumentation in this case is done only in the ubsan pass, so if it gets folded away before that it won't be instrumented. At -O1 or higher it would be a clear non-bug, with optimizations sanitizers often diagnose only UB in code that isn't dead, in this case a question is why we are folding this at -O0. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-05-19 15:14 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2024-05-19 8:47 [Bug sanitizer/115156] New: [14 Regression] passing zero to __builtin_clzl() check missing bic60176 at gmail dot com 2024-05-19 9:47 ` [Bug sanitizer/115156] " pinskia at gcc dot gnu.org 2024-05-19 9:47 ` [Bug sanitizer/115156] [14/15 " pinskia at gcc dot gnu.org 2024-05-19 15:14 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).