public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
[not found] <bug-24542-4@http.gcc.gnu.org/bugzilla/>
@ 2023-03-31 7:16 ` pinskia at gcc dot gnu.org
2023-03-31 8:15 ` zhangboyang.id at gmail dot com
` (4 subsequent siblings)
5 siblings, 0 replies; 14+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-03-31 7:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |zhangboyang.id at gmail dot com
--- Comment #11 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
*** Bug 109352 has been marked as a duplicate of this bug. ***
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
[not found] <bug-24542-4@http.gcc.gnu.org/bugzilla/>
2023-03-31 7:16 ` [Bug c/24542] potential integer overflow should be warned on assignment to wider variable pinskia at gcc dot gnu.org
@ 2023-03-31 8:15 ` zhangboyang.id at gmail dot com
2023-03-31 9:18 ` [Bug c/24542] potential unwanted truncation of operation " rguenth at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 14+ messages in thread
From: zhangboyang.id at gmail dot com @ 2023-03-31 8:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
--- Comment #12 from Zhang Boyang <zhangboyang.id at gmail dot com> ---
Hi,
Sorry for filled a duplicate bug. But I'd like to suggest reconsider this
feature request. Here are two reasons:
1) "u64 = 1 << u32", "u64 = u32 * u32" are common mistakes in beginners,
2) These expressions may introduce vulnerability especially on now-widely-used
64-bit machines:
On a typical 64-bit machine, it's ok to write:
unsigned x = ...;
malloc(sizeof(...) + x)
but it will introduce vulnerability with a trivial change of "*2", i.e.:
malloc(sizeof(...) + x * 2)
If expression is very long, it's very hard to find out where is the bug.
Instead of warn on multiplys, I suggest a new "-Wexpr-conversion", it will
detect and warn on implicit conversions if and only if: 1) convert to wider
variable, and 2) value is real expression (i.e. result of operands, like a*b;
but not variable or function call or explicit cast)
For example, it should warn on:
uint64_t u64 = ...;
uint32_t u32 = ...;
u64 = 1 << u32;
// ^^^^^^^^
// suggests "u64 = (uint64_t)1 << (uint64_t)u32"
// suppressed by "u64 = (uint32_t)(1 << u32)"
But not on:
u64 = u32;
u64 = (u32)(...);
u64 = f(...);
This might be a kind of noisy warning like "-Wconversion" but I believe it will
help some people (we can just disable it by default).
Zhang Boyang
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/24542] potential unwanted truncation of operation overflow should be warned on assignment to wider variable
[not found] <bug-24542-4@http.gcc.gnu.org/bugzilla/>
2023-03-31 7:16 ` [Bug c/24542] potential integer overflow should be warned on assignment to wider variable pinskia at gcc dot gnu.org
2023-03-31 8:15 ` zhangboyang.id at gmail dot com
@ 2023-03-31 9:18 ` rguenth at gcc dot gnu.org
2023-03-31 9:33 ` rsandifo at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 14+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-03-31 9:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2023-03-31
Status|RESOLVED |NEW
Resolution|WONTFIX |---
Summary|potential integer overflow |potential unwanted
|should be warned on |truncation of operation
|assignment to wider |overflow should be warned
|variable |on assignment to wider
| |variable
Ever confirmed|0 |1
--- Comment #13 from Richard Biener <rguenth at gcc dot gnu.org> ---
Let me re-open this. I agree that it sounds useful to have a diagnostic that
would catch these cases but I also think it might have many false positives.
But that's similar to diagnosing if (a || b && c).
That said, the burden is on whoever is going to prototype patch with
extensive enough test coverage.
The question is whether to diagnose
int x1, x2;
long y1;
y1 = x1 * x2;
since when x1 * x2 overflows that even invokes undefined behavior (so it's
even worse than the unsigned case).
The description is misleading, there's no "overflow on assignment" but the
operation itself might overflow and the truncated value is then widened
on assignment. The assignment is a mere hint that a wider result might
have been intended (and a good enough hint IMHO).
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/24542] potential unwanted truncation of operation overflow should be warned on assignment to wider variable
[not found] <bug-24542-4@http.gcc.gnu.org/bugzilla/>
` (2 preceding siblings ...)
2023-03-31 9:18 ` [Bug c/24542] potential unwanted truncation of operation " rguenth at gcc dot gnu.org
@ 2023-03-31 9:33 ` rsandifo at gcc dot gnu.org
2023-08-07 11:00 ` mail+gcc at nh2 dot me
2023-08-07 14:34 ` pinskia at gcc dot gnu.org
5 siblings, 0 replies; 14+ messages in thread
From: rsandifo at gcc dot gnu.org @ 2023-03-31 9:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
rsandifo at gcc dot gnu.org <rsandifo at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rsandifo at gcc dot gnu.org
--- Comment #14 from rsandifo at gcc dot gnu.org <rsandifo at gcc dot gnu.org> ---
Heh, was in the process of reopening this too, but Richard beat
me too it.
FWIW, I agree this is worth providing as an option. Another justification
is the different promotion handling between u32 = u16 op u16 and
u64 = u32 op u32.
"auto" (which wasn't a thing when the PR was first filed) might also
increase the chances of accidentally pushing promotions to the root of
a multi-statement calculation.
I don't think the false positive/negative ratio matters too much for
the option itself. If it works then I think it's worth having.
IMO the ratio only becomes important if we're considering enabling
this by default (unlikely), -Wall (unsure) or -Wextra (seems feasible).
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/24542] potential unwanted truncation of operation overflow should be warned on assignment to wider variable
[not found] <bug-24542-4@http.gcc.gnu.org/bugzilla/>
` (3 preceding siblings ...)
2023-03-31 9:33 ` rsandifo at gcc dot gnu.org
@ 2023-08-07 11:00 ` mail+gcc at nh2 dot me
2023-08-07 14:34 ` pinskia at gcc dot gnu.org
5 siblings, 0 replies; 14+ messages in thread
From: mail+gcc at nh2 dot me @ 2023-08-07 11:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
--- Comment #15 from Niklas Hambüchen <mail+gcc at nh2 dot me> ---
Another common integer overflow bug type is the "for (u32 i = 0; i < u64; ++i)"
pattern, as well as general widening comparisons.
I filed bug 110933 for those; just linking it here for people interested in
integer overflows.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/24542] potential unwanted truncation of operation overflow should be warned on assignment to wider variable
[not found] <bug-24542-4@http.gcc.gnu.org/bugzilla/>
` (4 preceding siblings ...)
2023-08-07 11:00 ` mail+gcc at nh2 dot me
@ 2023-08-07 14:34 ` pinskia at gcc dot gnu.org
5 siblings, 0 replies; 14+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-08-07 14:34 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
--- Comment #16 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Niklas Hambüchen from comment #15)
> Another common integer overflow bug type is the "for (u32 i = 0; i < u64;
> ++i)" pattern, as well as general widening comparisons.
>
> I filed bug 110933 for those; just linking it here for people interested in
> integer overflows.
There is no integer overflow here rather there has been wrapping happening. Yes
there is a huge difference between the two. Wrapping is defined behavior while
overflow is undefined behavior.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer " alexey at hyperroll dot com
` (6 preceding siblings ...)
2006-09-18 0:18 ` pinskia at gcc dot gnu dot org
@ 2006-09-18 5:48 ` alexey at hyperroll dot com
7 siblings, 0 replies; 14+ messages in thread
From: alexey at hyperroll dot com @ 2006-09-18 5:48 UTC (permalink / raw)
To: gcc-bugs
------- Comment #10 from alexey at hyperroll dot com 2006-09-18 05:48 -------
(In reply to comment #9)
> We should never warn on multiply because it is just too crazy to. This is what
> debugging is about, debug your program for mistakes like this.
The citation may be used to eliminate every warning any compiler produces:
"just debug, why bother? Ain't you a programmer?" I've tried to specify a
warning that comes for developers when they do a scaling of their applications
for a larger input data, and just do not see when the overflowing happens.
So, you're free to reject the issue, but the reason you've given... Personally,
I do not accept it.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer " alexey at hyperroll dot com
` (5 preceding siblings ...)
2006-03-13 21:52 ` pinskia at gcc dot gnu dot org
@ 2006-09-18 0:18 ` pinskia at gcc dot gnu dot org
2006-09-18 5:48 ` alexey at hyperroll dot com
7 siblings, 0 replies; 14+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2006-09-18 0:18 UTC (permalink / raw)
To: gcc-bugs
------- Comment #9 from pinskia at gcc dot gnu dot org 2006-09-18 00:18 -------
We should never warn on multiply because it is just too crazy to. This is what
debugging is about, debug your program for mistakes like this.
--
pinskia at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |WONTFIX
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer " alexey at hyperroll dot com
` (4 preceding siblings ...)
2006-03-13 21:49 ` alexey at hyperroll dot com
@ 2006-03-13 21:52 ` pinskia at gcc dot gnu dot org
2006-09-18 0:18 ` pinskia at gcc dot gnu dot org
2006-09-18 5:48 ` alexey at hyperroll dot com
7 siblings, 0 replies; 14+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2006-03-13 21:52 UTC (permalink / raw)
To: gcc-bugs
------- Comment #8 from pinskia at gcc dot gnu dot org 2006-03-13 21:52 -------
(In reply to comment #7)
> So, who is actually going to fix the issue?
If you want it fixed, you should update it to the mainline and then post the
patch.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer " alexey at hyperroll dot com
` (3 preceding siblings ...)
2005-11-01 22:29 ` pinskia at gcc dot gnu dot org
@ 2006-03-13 21:49 ` alexey at hyperroll dot com
2006-03-13 21:52 ` pinskia at gcc dot gnu dot org
` (2 subsequent siblings)
7 siblings, 0 replies; 14+ messages in thread
From: alexey at hyperroll dot com @ 2006-03-13 21:49 UTC (permalink / raw)
To: gcc-bugs
------- Comment #7 from alexey at hyperroll dot com 2006-03-13 21:49 -------
(In reply to comment #6)
So, who is actually going to fix the issue?
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer " alexey at hyperroll dot com
` (2 preceding siblings ...)
2005-10-26 17:12 ` alexey at hyperroll dot com
@ 2005-11-01 22:29 ` pinskia at gcc dot gnu dot org
2006-03-13 21:49 ` alexey at hyperroll dot com
` (3 subsequent siblings)
7 siblings, 0 replies; 14+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-11-01 22:29 UTC (permalink / raw)
To: gcc-bugs
------- Comment #6 from pinskia at gcc dot gnu dot org 2005-11-01 22:29 -------
(In reply to comment #5)
> Sir, it's my first report here, and I see the code first time. I hope that both
> comments #3 and #4 are not for me. Or am I mistaken?
They were the person who was written the code.
> Otherwise, what document (preferably, short) should I read to understand the
> ideology of the parse tree, and its details.
> Also, why have I done the parser non-bison compatible? I've taken the stable
> release, not the CVS revision.
The fix you are proposing would go on the mainline first (well in this case it
would only go on the mainline). And since the mainline (CVS/SVN trunk) is
using a non bison parser, you would have to change your code to deal with that.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer " alexey at hyperroll dot com
2005-10-26 15:59 ` [Bug c/24542] potential " pinskia at gcc dot gnu dot org
2005-10-26 16:00 ` pinskia at gcc dot gnu dot org
@ 2005-10-26 17:12 ` alexey at hyperroll dot com
2005-11-01 22:29 ` pinskia at gcc dot gnu dot org
` (4 subsequent siblings)
7 siblings, 0 replies; 14+ messages in thread
From: alexey at hyperroll dot com @ 2005-10-26 17:12 UTC (permalink / raw)
To: gcc-bugs
------- Comment #5 from alexey at hyperroll dot com 2005-10-26 17:12 -------
Sir, it's my first report here, and I see the code first time. I hope that both
comments #3 and #4 are not for me. Or am I mistaken?
Otherwise, what document (preferably, short) should I read to understand the
ideology of the parse tree, and its details.
Also, why have I done the parser non-bison compatible? I've taken the stable
release, not the CVS revision.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer " alexey at hyperroll dot com
2005-10-26 15:59 ` [Bug c/24542] potential " pinskia at gcc dot gnu dot org
@ 2005-10-26 16:00 ` pinskia at gcc dot gnu dot org
2005-10-26 17:12 ` alexey at hyperroll dot com
` (5 subsequent siblings)
7 siblings, 0 replies; 14+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-10-26 16:00 UTC (permalink / raw)
To: gcc-bugs
------- Comment #4 from pinskia at gcc dot gnu dot org 2005-10-26 16:00 -------
Please also make the warning conditional based on an option and make the
option.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
2005-10-26 14:54 [Bug c/24542] New: integer " alexey at hyperroll dot com
@ 2005-10-26 15:59 ` pinskia at gcc dot gnu dot org
2005-10-26 16:00 ` pinskia at gcc dot gnu dot org
` (6 subsequent siblings)
7 siblings, 0 replies; 14+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-10-26 15:59 UTC (permalink / raw)
To: gcc-bugs
------- Comment #3 from pinskia at gcc dot gnu dot org 2005-10-26 15:59 -------
You should be patching the mainline as the C parser has changed to a non bison
based parser.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2023-08-07 14:34 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bug-24542-4@http.gcc.gnu.org/bugzilla/>
2023-03-31 7:16 ` [Bug c/24542] potential integer overflow should be warned on assignment to wider variable pinskia at gcc dot gnu.org
2023-03-31 8:15 ` zhangboyang.id at gmail dot com
2023-03-31 9:18 ` [Bug c/24542] potential unwanted truncation of operation " rguenth at gcc dot gnu.org
2023-03-31 9:33 ` rsandifo at gcc dot gnu.org
2023-08-07 11:00 ` mail+gcc at nh2 dot me
2023-08-07 14:34 ` pinskia at gcc dot gnu.org
2005-10-26 14:54 [Bug c/24542] New: integer " alexey at hyperroll dot com
2005-10-26 15:59 ` [Bug c/24542] potential " pinskia at gcc dot gnu dot org
2005-10-26 16:00 ` pinskia at gcc dot gnu dot org
2005-10-26 17:12 ` alexey at hyperroll dot com
2005-11-01 22:29 ` pinskia at gcc dot gnu dot org
2006-03-13 21:49 ` alexey at hyperroll dot com
2006-03-13 21:52 ` pinskia at gcc dot gnu dot org
2006-09-18 0:18 ` pinskia at gcc dot gnu dot org
2006-09-18 5:48 ` alexey at hyperroll dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).