public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/67662] New: -fsanitize=undefined cries wolf for X - 1 + X when X is 2**30
@ 2015-09-21 6:26 eggert at gnu dot org
2015-09-21 7:47 ` [Bug middle-end/67662] " rguenth at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: eggert at gnu dot org @ 2015-09-21 6:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67662
Bug ID: 67662
Summary: -fsanitize=undefined cries wolf for X - 1 + X when X
is 2**30
Product: gcc
Version: 5.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: eggert at gnu dot org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Created attachment 36358
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=36358&action=edit
Test program illustrating the bug
I uncovered this bug while trying to use -fsanitize=undefined on the tzcode
source.
gcc -fsanitize=undefined (x86-64) reports an error at runtime for the
expression 'X - 1 + X' when X is 2**30, even though that expression does not
overflow. To reproduce the problem, compile and run the attached program u.c
with:
gcc -fsanitize=undefined -static-libubsan -O2 u.c
./a.out
It's a valid program that does not overflow, but the output I get is:
u.c:5:31: runtime error: signed integer overflow: 1073741824 + 1073741824
canno\
t be represented in type 'int'
u.c:5:7: runtime error: signed integer overflow: -2147483648 - 1 cannot be
repr\
esented in type 'int'
There is a similar problem with 2**62 and 'long long'.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug middle-end/67662] -fsanitize=undefined cries wolf for X - 1 + X when X is 2**30
2015-09-21 6:26 [Bug sanitizer/67662] New: -fsanitize=undefined cries wolf for X - 1 + X when X is 2**30 eggert at gnu dot org
@ 2015-09-21 7:47 ` rguenth at gcc dot gnu.org
2015-09-23 10:47 ` rguenth at gcc dot gnu.org
2015-09-23 14:10 ` rguenth at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: rguenth at gcc dot gnu.org @ 2015-09-21 7:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67662
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |wrong-code
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |rguenth at gcc dot gnu.org
--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
/* With undefined overflow we can only associate constants with one
variable, and constants whose association doesn't overflow. */
if ((POINTER_TYPE_P (atype) && POINTER_TYPE_OVERFLOW_UNDEFINED)
|| (INTEGRAL_TYPE_P (atype) && !TYPE_OVERFLOW_WRAPS (atype)))
{
...
/* The only case we can still associate with two variables
is if they are the same, modulo negation and bit-pattern
preserving conversions. */
if (!operand_equal_p (tmp0, tmp1, 0))
ok = false;
but that's only if they cancel out. I think the above code is mine, thus,
mine.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug middle-end/67662] -fsanitize=undefined cries wolf for X - 1 + X when X is 2**30
2015-09-21 6:26 [Bug sanitizer/67662] New: -fsanitize=undefined cries wolf for X - 1 + X when X is 2**30 eggert at gnu dot org
2015-09-21 7:47 ` [Bug middle-end/67662] " rguenth at gcc dot gnu.org
@ 2015-09-23 10:47 ` rguenth at gcc dot gnu.org
2015-09-23 14:10 ` rguenth at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: rguenth at gcc dot gnu.org @ 2015-09-23 10:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67662
--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
Yeah, r122414 fixed the PR30364 issue incompletely, leaving a special-case that
still mishandles this case. Testing a patch.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug middle-end/67662] -fsanitize=undefined cries wolf for X - 1 + X when X is 2**30
2015-09-21 6:26 [Bug sanitizer/67662] New: -fsanitize=undefined cries wolf for X - 1 + X when X is 2**30 eggert at gnu dot org
2015-09-21 7:47 ` [Bug middle-end/67662] " rguenth at gcc dot gnu.org
2015-09-23 10:47 ` rguenth at gcc dot gnu.org
@ 2015-09-23 14:10 ` rguenth at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: rguenth at gcc dot gnu.org @ 2015-09-23 14:10 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67662
--- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> ---
Author: rguenth
Date: Wed Sep 23 14:09:48 2015
New Revision: 228051
URL: https://gcc.gnu.org/viewcvs?rev=228051&root=gcc&view=rev
Log:
2015-09-23 Richard Biener <rguenther@suse.de>
PR middle-end/67662
* fold-const.c (fold_binary_loc): Do not reassociate two vars with
undefined overflow unless they will cancel out.
* gcc.dg/ubsan/pr67662.c: New testcase.
Added:
trunk/gcc/testsuite/gcc.dg/ubsan/pr67662.c
Modified:
trunk/gcc/ChangeLog
trunk/gcc/fold-const.c
trunk/gcc/testsuite/ChangeLog
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-09-23 14:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-09-21 6:26 [Bug sanitizer/67662] New: -fsanitize=undefined cries wolf for X - 1 + X when X is 2**30 eggert at gnu dot org
2015-09-21 7:47 ` [Bug middle-end/67662] " rguenth at gcc dot gnu.org
2015-09-23 10:47 ` rguenth at gcc dot gnu.org
2015-09-23 14:10 ` rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).