[Bug c++/98975] New: Infinite loop produces no assembly (including returning) with -O3

[Bug c++/98975] New: Infinite loop produces no assembly (including returning) with -O3

[e.meissner at seznam dot cz]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98975

            Bug ID: 98975
           Summary: Infinite loop produces no assembly (including
                    returning) with -O3
           Product: gcc
           Version: 10.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: e.meissner at seznam dot cz
  Target Milestone: ---

Created attachment 50134
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=50134&action=edit
Code producing the bug

[Bug c++/98975] Infinite loop produces no assembly (including returning) with -O3

[e.meissner at seznam dot cz]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98975

--- Comment #1 from Emil Meissner <e.meissner at seznam dot cz> ---
The code in the attachment, compiled with `g++ file.cpp -o bug -O3 -std=c++20`
produces no assembly for both the `main` and `bsort` function`. (I.e. not even
a `ret` instruction), ultimating in a segmentation fault when run.

The code has an intentional bug in it, where instead of comparing `j <
std::size(arr)` we compare `i < std::size(arr)`. I couldn't further simplify
the example.

Compiling with -O2 and -O1 produces the expected infinite loop.

I suspect this may be exploitable.

[Bug c++/98975] Infinite loop produces no assembly (including returning) with -O3

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98975

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
                 CC|                            |jakub at gcc dot gnu.org
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
And the bug is?  The code always invokes undefined behavior, so anything can
happen.

[Bug c++/98975] Infinite loop produces no assembly (including returning) with -O3

[e.meissner at seznam dot cz]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98975

--- Comment #3 from Emil Meissner <e.meissner at seznam dot cz> ---
(In reply to Jakub Jelinek from comment #2)
> And the bug is?  The code always invokes undefined behavior, so anything can
> happen.

Whilst that is true, shouldn't it still be fixed, given (possible) security
implications?

[Bug c++/98975] Infinite loop produces no assembly (including returning) with -O3

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98975

--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
The only thing that should be fixed is whatever code invokes the UB.
There is no bug on the compiler side, you essentially end up with
__builtin_unreachable (); in place of the loop.
You can use -fsanitize=unreachable to get a runtime diagnostics instead if the
UB is turned into __builtin_unreachable ().

[Bug c++/98975] Infinite loop produces no assembly (including returning) with -O3

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98975

--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Note C and C++ are differ here. C says only if the return value is used it
becomes undefined while in C++ it is undefined at the point of return.

[Bug c++/98975] Infinite loop produces no assembly (including returning) with -O3

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98975

--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
That is not what the UB in the testcase is, it is the out of bound accesses to
the array - arr[2] and above.
The bsort function has auto return type, but as there is no return, it is
deduced to be void.  And the UB would be there even with j < 3 instead of i < 3
(and even with j < 2).

[Bug c++/98975] Infinite loop produces no assembly (including returning) with -O3

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98975

--- Comment #7 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Jakub Jelinek from comment #6)
> That is not what the UB in the testcase is, it is the out of bound accesses
> to the array - arr[2] and above.
> The bsort function has auto return type, but as there is no return, it is
> deduced to be void.  And the UB would be there even with j < 3 instead of i
> < 3 (and even with j < 2).

Whoops I forgot to look the source to see which UB was happening.