From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 32201 invoked by alias); 22 Jul 2010 21:13:37 -0000 Received: (qmail 32162 invoked by uid 48); 22 Jul 2010 21:13:23 -0000 Date: Thu, 22 Jul 2010 21:13:00 -0000 Subject: [Bug c/45034] New: "safe" conversion from unsigned to signed char gives broken code X-Bugzilla-Reason: CC Message-ID: Reply-To: gcc-bugzilla@gcc.gnu.org To: gcc-bugs@gcc.gnu.org From: "mikpe at it dot uu dot se" Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org X-SW-Source: 2010-07/txt/msg02437.txt.bz2 The following program (which I'll also attach later) gives unexpected results, where signed char values are passed as non properly sign-extended ints: > cat char-neg.c #include #include #include static void fixnum_neg(signed char x, signed char *py, int *pv) { unsigned char ux, uy; ux = (unsigned char)x; uy = -ux; *py = (uy <= 127) ? (signed char)uy : (-(signed char)(255 - uy) - 1); *pv = (x == -128) ? 1 : 0; } void __attribute__((noinline)) foo(int x, int y, int v) { printf("test_neg: -(%d) => (%d, %d)\n", x, y, v); if (y < -128 || y > 127) abort(); } int test_neg(void) { signed char x, y; int v, err; err = 0; x = -128; for (;;) { fixnum_neg(x, &y, &v); foo((int)x, (int)y, v); if ((v && x != -128) || (!v && x == -128)) ++err; if (x == 127) break; ++x; } return err; } int main(void) { if (CHAR_BIT != 8 || SCHAR_MIN != -128 || SCHAR_MAX != 127 || UCHAR_MAX != 255) abort(); if (test_neg() != 0) abort(); return 0; } > gcc -O2 -Wall -Wextra char-neg.c ; ./a.out test_neg: -(-128) => (-128, 1) test_neg: -(-127) => (-129, 0) Abort The abort shows that the `signed char' variable y is incorrectly extended to int when passed to foo(). Passing -fwrapv eliminates the failure. Maybe I've been staring at this for too long, but I can't see any signed overflow in this code. The problem occurs with gcc 4.6/4.5/4.4/4.3/4.2, but not with 4.1 or older. The program comes from some code which attempts to emulate machine-level integer arithmetic and condition code settings. To validate the condition code logic I used exhaustive testing on a smaller integer type (signed char), but that broke as shown above. The assignment to *py in fixnum_neg() is one of several attempts to cast from unsigned to signed char without (apparently) triggering undefined behaviour due to signed overflow; other failed attempts have included plain casts, assignment via a union, and memcpy() via a local signed char temporary. gcc was configured --with-gmp=... --with-mpfr=... --with-mpc=... --disable-plugin --disable-lto --disable-nls --enable-threads=posix --enable-checking=release --disable-libmudflap --enable-languages=c -- Summary: "safe" conversion from unsigned to signed char gives broken code Product: gcc Version: 4.6.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: mikpe at it dot uu dot se GCC target triplet: i686-pc-linux-gnu http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45034