From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-396561-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 22672 invoked by alias); 14 Jul 2012 22:50:35 -0000
Received: (qmail 22661 invoked by uid 22791); 14 Jul 2012 22:50:33 -0000
X-SWARE-Spam-Status: No, hits=-3.6 required=5.0	tests=ALL_TRUSTED,AWL,BAYES_00
X-Spam-Check-By: sourceware.org
Received: from localhost (HELO gcc.gnu.org) (127.0.0.1)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sat, 14 Jul 2012 22:50:20 +0000
From: "regehr at cs dot utah.edu" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/53968] New: integer undefined behaviors in GCC
Date: Sat, 14 Jul 2012 22:50:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: c
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: regehr at cs dot utah.edu
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Changed-Fields:
Message-ID: <bug-53968-4@http.gcc.gnu.org/bugzilla/>
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
X-SW-Source: 2012-07/txt/msg01147.txt.bz2

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53968

             Bug #: 53968
           Summary: integer undefined behaviors in GCC
    Classification: Unclassified
           Product: gcc
           Version: 4.8.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: regehr@cs.utah.edu


Using IOC (link below) I made a GCC that looks for integer overflow problems in
itself, and then used it to run the GCC testsuite and bootstrap itself. The
resulting defects are listed below.

I've found that the best way to track down these problems is to put an
assertion into the source code close to where the overflow happens.

Note that this is far fewer undefined behaviors than were present two years
ago:

  http://gcc.gnu.org/ml/gcc/2010-08/msg00039.html

Version info:

regehr@home:~/z/checked-gcc-install/bin$ ./gcc -v
Using built-in specs.
COLLECT_GCC=./gcc
COLLECT_LTO_WRAPPER=/home/regehr/z/checked-gcc-install/libexec/gcc/x86_64-unknown-linux-gnu/4.8.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: /home/regehr/z/compiler-source/gcc/configure
--enable-languages=c,c++ CC='clang -w -fcatch-undefined-behavior' CXX='clang++
-w -fcatch-undefined-behavior' --prefix=/home/regehr/z/checked-gcc-install
--disable-bootstrap
Thread model: posix
gcc version 4.8.0 20120714 (experimental) (GCC) 

IOC tool:

http://embed.cs.utah.edu/ioc/

Defects:

ARITHMETIC UNDEFINED at </home/regehr/z/compiler-source/gcc/gcc/diagnostic.c,
(244:28)> : Op: -, Reason : Signed Subtraction Overflow, BINARY OPERATION: left
(int32): 2147483647 right (int32): -1 

ARITHMETIC UNDEFINED at </home/regehr/z/compiler-source/gcc/gcc/double-int.c,
(158:21)> : Op: *, Reason : Signed Multiplication Overflow, BINARY OPERATION:
left (int64): 4294967295 right (int64): 4294967295 

ARITHMETIC UNDEFINED at </home/regehr/z/compiler-source/gcc/gcc/double-int.c,
(613:46)> : Op: <<, Reason : Unsigned Left Shift: Right operand is negative or
is greater than or equal to the width of the promoted left operand, BINARY
OPERATION: left (uint64): 2 right (uint64): 4294967295 

ARITHMETIC UNDEFINED at </home/regehr/z/compiler-source/gcc/gcc/expr.c,
(3832:20)> : Op: -, Reason : Signed Subtraction Overflow, UNARY OPERATION: left
(int64): 0 right (int64): -9223372036854775808 

ARITHMETIC UNDEFINED at
</home/regehr/z/compiler-source/gcc/gcc/ipa-inline-analysis.c, (2347:22)> : Op:
*, Reason : Signed Multiplication Overflow, BINARY OPERATION: left (int32):
256348 right (int32): 10000 

ARITHMETIC UNDEFINED at </home/regehr/z/compiler-source/gcc/gcc/simplify-rtx.c,
(69:24)> : Op: -, Reason : Signed Subtraction Overflow, UNARY OPERATION: left
(int64): 0 right (int64): -9223372036854775808 

ARITHMETIC UNDEFINED at </home/regehr/z/compiler-source/gcc/gcc/stor-layout.c,
(2563:52)> : Op: -, Reason : Signed Subtraction Overflow, BINARY OPERATION:
left (int64): -9223372036854775808 right (int64): 1 

ARITHMETIC UNDEFINED at </home/regehr/z/compiler-source/gcc/gcc/stor-layout.c,
(2566:54)> : Op: -, Reason : Signed Subtraction Overflow, BINARY OPERATION:
left (int64): -9223372036854775808 right (int64): 1 

ARITHMETIC UNDEFINED at
</home/regehr/z/compiler-source/gcc/gcc/tree-ssa-loop-ivopts.c, (3450:10)> :
Op: -, Reason : Signed Subtraction Overflow, UNARY OPERATION: left (int64): 0
right (int64): -9223372036854775808 

ARITHMETIC UNDEFINED at
</home/regehr/z/compiler-source/gcc/gcc/tree-ssa-loop-ivopts.c, (3459:35)> :
Op: -, Reason : Signed Subtraction Overflow, BINARY OPERATION: left (int64):
-9223372036854775808 right (int64): 1 

ARITHMETIC UNDEFINED at </home/regehr/z/compiler-source/gcc/gcc/tree.c,
(1889:37)> : Op: -, Reason : Signed Subtraction Overflow, BINARY OPERATION:
left (int64): -9223372036854775808 right (int64): 1