[Bug other/50610] New: G++ 4.4.3: Incorrect code at -O2 (-fwrapv, SafeInt, c++ templates, template class files)

[Bug other/50610] New: G++ 4.4.3: Incorrect code at -O2 (-fwrapv, SafeInt, c++ templates, template class files)

[noloader at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50610

             Bug #: 50610
           Summary: G++ 4.4.3: Incorrect code at -O2 (-fwrapv, SafeInt,
                    c++ templates, template class files)
    Classification: Unclassified
           Product: gcc
           Version: 4.4.3
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: other
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: noloader@gmail.com


Created attachment 25407
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=25407
Test case for bad code generation at -O2

Attached is a test program which uses a secure vector. The secure vector 'has
a' standard vector, and attempts to do a few extra things to help ensure safe
use (such as check for pointer wrap and zeroization). In addition, the secure
vector uses LeBlanc's SafeInt class to check for wraps and overflows. (SafeInt
uses unsigned, so no undefined behavior should be present).

The test program incorrectly rejects a valid input:

$ g++ -g -O2 -fwrapv -I. TestMain.cpp SecureArray.cpp -o TestMain.exe
$ ./TestMain.exe
Array pointer wrap
$

TestMain is as follows:

  try
  {
    const int arr[] = { 1, 1, 1, 1 };
    SecureIntArray vv(arr, COUNTOF(arr));
    assert(vv.size() == 4);
  }
  catch(const std::exception& ex)
  {
    cerr << ex.what() << endl;
  }

The SecureIntArray ctor calls into a helper function:

  template <typename T>
  typename SecureArray<T>::SecureVector*
  SecureArray<T>::create_secure_array(const T* ptr, size_t cnt)
  {
    try
    {
      const size_t base = (size_t)ptr;
      SafeInt<size_t> si(cnt);
      si *= sizeof(T);
      si += base;
    }
    catch(const SafeIntException&)
    {
      throw InvalidArgumentException("Array pointer wrap");
    }

    return new SecureVector(ptr /*first*/, ptr+cnt /*last*/);
  }

*If* I manually check for overflow (ie, no SafeInt use), I get expected
results:
$ g++ -g -O2 -DSECURE_ARRAY_NO_SAFE_INT=1 -I. TestMain.cpp SecureArray.cpp -o
TestMain.exe
$ ./TestMain.exe
$ 

Defining SECURE_ARRAY_NO_SAFE_INT uses the following rather than SafeInt
objects:

    const size_t b = (size_t)ptr;
    size_t p = cnt * sizeof(T) + b;
    if(!(p >= b))
      throw InvalidArgumentException("Array pointer wrap");

Finally, the issue is not present on other versions of GCC. Other versions
include 4.5 from F14 and 4.6 from F15.

I was not able to reduce the test program to something smaller (though I
tried). For example, I know the following will not help the problem: removing
namespaces, removing throws, removing explicit template instantiations, moving
bodies into the header, and a few other items.

I do know that removing everything except the ctor, size(), max_size(), and
operator[] will fix it, but it does not help with a minimum test case.

[Bug other/50610] G++ 4.4.3: Incorrect code at -O2 (-fwrapv, SafeInt, c++ templates, template class files)

[noloader at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50610

--- Comment #1 from Jeffrey Walton <noloader at gmail dot com> 2011-10-04 04:07:17 UTC ---
My bad:

jeffrey@studio:~/Desktop/safeint-opt-test$ gcc --version
gcc (Ubuntu 4.4.3-4ubuntu5) 4.4.3
Copyright (C) 2009 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

jeffrey@studio:~/Desktop/safeint-opt-test$ uname -a
Linux studio 2.6.32-34-generic #77-Ubuntu SMP Tue Sep 13 19:39:17 UTC 2011
x86_64 GNU/Linux
jeffrey@studio:~/Desktop/safeint-opt-test$

[Bug other/50610] G++ 4.4.3: Incorrect code at -O2 (-fwrapv, SafeInt, c++ templates, template class files)

[noloader at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50610

--- Comment #2 from Jeffrey Walton <noloader at gmail dot com> 2011-10-04 05:24:20 UTC ---
For this problem, the work around was:

   try
   {
     const T* base = ptr;
     base += SafeInt<size_t>(cnt);
   }
   catch(const SafeIntException&)
   {
     throw InvalidArgumentException("Array pointer wrap");
   }

It seems LeBlanc had it all the time, but I was not using it. My apologies.

[Bug other/50610] G++ 4.4.3: Incorrect code at -O2 (-fwrapv, SafeInt, c++ templates, template class files)

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50610

Richard Guenther <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|                            |INVALID

--- Comment #3 from Richard Guenther <rguenth at gcc dot gnu.org> 2011-10-04 10:38:00 UTC ---
So I suppose invalid.