From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 92269 invoked by alias); 19 Oct 2015 02:30:58 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 92228 invoked by uid 48); 19 Oct 2015 02:30:53 -0000 From: "danielmicay at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug c/67999] Wrong optimization of pointer comparisons Date: Mon, 19 Oct 2015 02:30:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c X-Bugzilla-Version: 5.2.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: danielmicay at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-10/txt/msg01452.txt.bz2 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67999 Daniel Micay changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |danielmicay at gmail dot com --- Comment #5 from Daniel Micay --- An implementation can have object size limits, but I think it's incorrect if those limits are not enforced for all standard ways of allocating objects. Objects larger than PTRDIFF_MAX are forbidden with musl (malloc, mmap and friends report ENOMEM and it's explicitly undefined to create them in another way and use them with libc), and it would make a lot of sense for glibc to do the same thing. I recently landed the same feature in Android's Bionic libc for mmap. Since glibc's implementations of standard library functions don't handle objects larger than PTRDIFF_MAX, this can definitely be considered as a buggy area in glibc. The typical issue is `end - start` but compilers considering addition to be undefined in this case isn't surprising either. FWIW, Clang also treats `ptr + size` with `size > PTRDIFF_MAX` as undefined for standard C pointer arithmetic because the underlying getelementptr instruction in LLVM is inherently a signed arithmetic operation. Clang marks standard C pointer arithmetic operations as "inbounds", which among other things makes use of the value returned from wrapping into undefined behavior. Last time I checked, the non-standard GNU C `void *` arithmetic doesn't get tagged as "inbounds" by Clang, so wrapping is well-defined for that.