Bug 100214 - UB in arm.c:optimal_immediate_sequence_1 (left shift of 255 by 30 places cannot be represented in type 'int')
Summary: UB in arm.c:optimal_immediate_sequence_1 (left shift of 255 by 30 places cann...
Status: NEW
Alias: None
Product: gcc
Classification: Unclassified
Component: target (show other bugs)
Version: 11.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks: ubsan
  Show dependency treegraph
 
Reported: 2021-04-22 17:20 UTC by Alex Coplan
Modified: 2021-04-23 12:35 UTC (History)
1 user (show)

See Also:
Host:
Target: arm
Build:
Known to work:
Known to fail: 11.0
Last reconfirmed: 2021-04-23 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Coplan 2021-04-22 17:20:33 UTC
Bootstrapping on arm --with-build-config=bootstrap-ubsan shows the following problem:

$ cat test.c
double a;
void b() { a += 0.1; }
$ gcc/xgcc -B gcc test.c -c
/data_sdb/toolchain/src/gcc/gcc/config/arm/arm.c:4745:37: runtime error: left shift of 255 by 30 places cannot be represented in type 'int'
    #0 0x23660cb in optimal_immediate_sequence_1(rtx_code, unsigned long, four_ints*, int) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x23660cb)
    #1 0x2365de4 in optimal_immediate_sequence(rtx_code, unsigned long, four_ints*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x2365de4)
    #2 0x2368e75 in arm_gen_constant(rtx_code, machine_mode, rtx_def*, unsigned long, rtx_def*, rtx_def*, int, int) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x2368e75)
    #3 0x23d4a3c in arm_const_double_inline_cost(rtx_def*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x23d4a3c)
    #4 0x2e0fa1e in satisfies_constraint_Da(rtx_def*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x2e0fa1e)
    #5 0x14bdf97 in constraint_satisfied_p(rtx_def*, constraint_num) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x14bdf97)
    #6 0x14c4cee in record_reg_classes(int, int, rtx_def**, machine_mode*, char const**, rtx_insn*, reg_class*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x14c4cee)
    #7 0x14cba27 in record_operand_costs(rtx_insn*, reg_class*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x14cba27)
    #8 0x14cc4e2 in scan_one_insn(rtx_insn*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x14cc4e2)
    #9 0x14cd5c6 in process_bb_for_costs(basic_block_def*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x14cd5c6)
    #10 0x14cd648 in process_bb_node_for_costs(ira_loop_tree_node*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x14cd648)
    #11 0x14ad82f in ira_traverse_loop_tree(bool, ira_loop_tree_node*, void (*)(ira_loop_tree_node*), void (*)(ira_loop_tree_node*)) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x14ad82f)
    #12 0x14cdeec in find_costs_and_classes(_IO_FILE*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x14cdeec)
    #13 0x14d28f5 in ira_costs() (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x14d28f5)
    #14 0x14b7e37 in ira_build() (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x14b7e37)
    #15 0x149f52a in ira(_IO_FILE*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x149f52a)
    #16 0x14a060a in (anonymous namespace)::pass_ira::execute(function*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x14a060a)
    #17 0x17d2355 in execute_one_pass(opt_pass*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x17d2355)
    #18 0x17d2b6e in execute_pass_list_1(opt_pass*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x17d2b6e)
    #19 0x17d2be5 in execute_pass_list_1(opt_pass*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x17d2be5)
    #20 0x17d2c65 in execute_pass_list(function*, opt_pass*) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x17d2c65)
    #21 0xdf27ac in cgraph_node::expand() (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0xdf27ac)
    #22 0xdf3a23 in cgraph_order_sort::process() (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0xdf3a23)
    #23 0xdf4135 in output_in_order() (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0xdf4135)
    #24 0xdf4e01 in symbol_table::compile() (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0xdf4e01)
    #25 0xdf55ea in symbol_table::finalize_compilation_unit() (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0xdf55ea)
    #26 0x1ac3baa in compile_file() (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x1ac3baa)
    #27 0x1ac8a15 in do_compile() (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x1ac8a15)
    #28 0x1ac8f10 in toplev::main(int, char**) (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x1ac8f10)
    #29 0x36a5ee7 in main (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x36a5ee7)
    #30 0x7ffff5ca1bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #31 0x980249 in _start (/data_sdb/toolchain/cc1s/ubsan-arm/gcc/cc1+0x980249)
Comment 1 Richard Earnshaw 2021-04-23 09:30:25 UTC
Confirmed by visual inspection of source.  There look to be a number of signed/unsigned confusions in this function.