57324 – Undefined behavior issues found with clang's -fsanitize=undefined

Bug 57324 - Undefined behavior issues found with clang's -fsanitize=undefined

Summary: Undefined behavior issues found with clang's -fsanitize=undefined

Status:	RESOLVED DUPLICATE of bug 59545

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	other (show other bugs)
Version:	4.8.1

Importance:	P3 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-05-18 17:10 UTC by Markus Trippelsdorf
Modified:	2014-10-01 09:23 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:

Attachments
output (1.26 KB, text/plain) 2013-07-26 07:26 UTC, Markus Trippelsdorf	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Markus Trippelsdorf 2013-05-18 17:10:24 UTC

Here's a list of issues found with clang's -fsanitize=undefined
while building gcc-4.8.1:

gcc/gcc/config/i386/i386.c:21073:37: runtime error: left shift of negative value -1073807360
gcc/gcc/cse.c:5384:31: runtime error: left shift of negative value -1
gcc/gcc/cselib.c:1118:43: runtime error: signed integer overflow: 3968 + 9223372036854775806 cannot be represented in type 'long'
gcc/gcc/dce.c:278:16: runtime error: left shift of negative value -1
gcc/gcc/double-int.c:150:13: runtime error: negation of -9223372036854775808 cannot be represented in type 'long'; cast to an unsigned type to negate this value to itself
gcc/gcc/double-int.c:290:37: runtime error: left shift of negative value -1
gcc/gcc/dwarf2out.c:11223:61: runtime error: left shift of negative value -1
gcc/gcc/dwarf2out.c:11238:54: runtime error: left shift of negative value -1
gcc/gcc/expmed.c:2910:15: runtime error: left shift of negative value -1
gcc/gcc/expr.c:3861:17: runtime error: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
gcc/gcc/fold-const.c:8032:8: runtime error: left shift of negative value -1
gcc/gcc/genattrtab.c:622:27: runtime error: signed integer overflow: 4568797 * 613 cannot be represented in type 'int'
gcc/gcc/genautomata.c:3495:23: runtime error: shift exponent 64 is too large for 64-bit type 'set_el_t' (aka 'unsigned long')
gcc/gcc/haifa-sched.c:1132:24: runtime error: left shift of negative value -1
gcc/gcc/haifa-sched.c:1395:26: runtime error: left shift of negative value -1
gcc/gcc/ipa-inline-analysis.c:341:18: runtime error: shift exponent 32 is too large for 32-bit type 'int'
gcc/gcc/ira-color.c:1359:29: runtime error: signed integer overflow: -130942930 * 1000 cannot be represented in type 'int'
gcc/gcc/postreload.c:1684:44: runtime error: signed integer overflow: 4611123068473966592 - -9223090561878065153 cannot be represented in type 'long'
gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -1021
gcc/gcc/sched-deps.c:110:20: runtime error: left shift of negative value -1
gcc/gcc/simplify-rtx.c:1614:10: runtime error: negation of -9223372036854775808 cannot be represented in type 'long'; cast to an unsigned type to negate this value to itself
gcc/gcc/simplify-rtx.c:4004:16: runtime error: signed integer overflow: -1844674407370955161 + -9223372036854775808 cannot be represented in type 'long'
gcc/gcc/stor-layout.c:2543:45: runtime error: signed integer overflow: -9223372036854775808 - 1 cannot be represented in type 'long'
gcc/gcc/stor-layout.c:2556:34: runtime error: left shift of negative value -1
gcc/gcc/stor-layout.c:2558:5: runtime error: left shift of negative value -1
gcc/gcc/tree.c:1873:32: runtime error: left shift of negative value -1
gcc/gcc/tree.c:1937:32: runtime error: left shift of negative value -1
gcc/gcc/tree.c:1974:32: runtime error: left shift of negative value -1
gcc/gcc/tree-ssa-structalias.c:1695:15: runtime error: left shift of negative value -1
gcc/gcc/tree-ssa-structalias.c:6421:16: runtime error: left shift of negative value -1
gcc/libcpp/files.c:675:30: runtime error: left shift of negative value -1
gcc/libiberty/regex.c:6970:11: runtime error: left shift of negative value -1
gcc/libiberty/regex.c:7165:4: runtime error: left shift of negative value -1

Comment 1 Markus Trippelsdorf 2013-07-26 07:24:28 UTC

Here's a list of issues found on current trunk. 
I've applied Marc's patch already: http://gcc.gnu.org/ml/gcc-patches/2013-06/msg01466.html

(steps to reproduce:
 % CC="clang -fsanitize=undefined -fno-sanitize=bounds -w" CXX="clang++ -fsanitize=undefined -fno-sanitize=bounds -w" ../gcc/configure --disable-bootstrap --disable-werror --disable-multilib --enable-languages=c,c++,fortran
 % make &> out #has to be single threaded
 % grep "runtime error" out | sort -u
)

../../gcc/gcc/config/i386/i386.c:21307:37: runtime error: left shift of negative value -1073807360
../../gcc/gcc/config/i386/i386.c:21307:37: runtime error: left shift of negative value -65537
../../gcc/gcc/config/i386/i386.c:21307:44: runtime error: left shift of negative value -140739635838976
../../gcc/gcc/config/i386/i386.c:21307:44: runtime error: left shift of negative value -2305983746702049280
../../gcc/gcc/cselib.c:1121:43: runtime error: signed integer overflow: 4096 + 9223372036854775806 cannot be represented in type 'long'
../../gcc/gcc/cselib.c:1121:43: runtime error: signed integer overflow: 4096 + 9223372036854775807 cannot be represented in type 'long'
../../gcc/gcc/dce.c:278:16: runtime error: left shift of negative value -1
../../gcc/gcc/double-int.c:141:13: runtime error: negation of -9223372036854775808 cannot be represented in type 'long'; cast to an unsigned type to negate this value to itself
../../gcc/gcc/dwarf2out.c:11344:61: runtime error: left shift of negative value -1
../../gcc/gcc/dwarf2out.c:11359:54: runtime error: left shift of negative value -1
../../gcc/gcc/expmed.c:2941:15: runtime error: left shift of negative value -1
../../gcc/gcc/expr.c:3861:17: runtime error: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
../../gcc/gcc/genattrtab.c:622:27: runtime error: signed integer overflow: 4568797 * 613 cannot be represented in type 'int'
../../gcc/gcc/genautomata.c:3499:23: runtime error: shift exponent 64 is too large for 64-bit type 'set_el_t' (aka 'unsigned long')
../../gcc/gcc/haifa-sched.c:1142:24: runtime error: left shift of negative value -1
../../gcc/gcc/haifa-sched.c:1405:26: runtime error: left shift of negative value -1
../../gcc/gcc/ipa-inline-analysis.c:341:18: runtime error: shift exponent 32 is too large for 32-bit type 'int'
../../gcc/gcc/ira-color.c:1362:29: runtime error: signed integer overflow: -130939929 * 270 cannot be represented in type 'int'
../../gcc/gcc/ira-color.c:1362:29: runtime error: signed integer overflow: -130942930 * 1000 cannot be represented in type 'int'
../../gcc/gcc/ira-color.c:1362:29: runtime error: signed integer overflow: -131071000 * 590 cannot be represented in type 'int'
../../gcc/gcc/ira-color.c:1362:29: runtime error: signed integer overflow: -131074014 * 1000 cannot be represented in type 'int'
../../gcc/gcc/ira-color.c:1362:29: runtime error: signed integer overflow: -16383781 * 250 cannot be represented in type 'int'
../../gcc/gcc/ira-color.c:1362:29: runtime error: signed integer overflow: -262141984 * 250 cannot be represented in type 'int'
../../gcc/gcc/ira-color.c:1362:29: runtime error: signed integer overflow: -262141984 * 62 cannot be represented in type 'int'
../../gcc/gcc/ira-color.c:1362:29: runtime error: signed integer overflow: -33685247 * 90 cannot be represented in type 'int'
../../gcc/gcc/ira-color.c:1362:29: runtime error: signed integer overflow: -58981950 * 90 cannot be represented in type 'int'
../../gcc/gcc/ira-color.c:1362:29: runtime error: signed integer overflow: -59636850 * 65 cannot be represented in type 'int'
../../gcc/gcc/ira-color.c:1362:29: runtime error: signed integer overflow: -69626841 * 999 cannot be represented in type 'int'
../../gcc/gcc/loop-iv.c:2276:24: runtime error: signed integer overflow: 9223372036854775807 - -9223372036854775808 cannot be represented in type 'long'
../../gcc/gcc/loop-iv.c:2614:14: runtime error: signed integer overflow: 9223372036854775806 - -9223372036854775808 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: 11 - -9223372036854775808 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: 20 - -9223372036854775808 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: -281474976710656 - 9223372036854775807 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: 4611123068473966592 - -9223090561878065153 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: 4611404543450677248 - -9223372036854775808 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: 7378697629483820646 - -1844674407370955162 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: -8446744073709551617 - 999999999999999999 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: 8646911284551352320 - -9223372036854775808 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: 9079256848778919936 - -1152921504606846977 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: 9223090561878065152 - -281474976710656 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: -9223090561878065152 - 9223090561878065151 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: -9223090561878065152 - 9223372036854775807 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: 9223372036854775807 - -9223090561878065153 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: 9223372036854775807 - -9223372036854775808 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: -9223372036854775808 - 32767 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: -9223372036854775808 - 8935141660703064064 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: -9223372036854775808 - 9223372036854775807 cannot be represented in type 'long'
../../gcc/gcc/postreload.c:1769:44: runtime error: signed integer overflow: 9999999999999999 - -9223372036854775808 cannot be represented in type 'long'
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -1
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -102
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -1021
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -111
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -113
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -114
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -16277
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -16381
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -19
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -2
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -21
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -225
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -23
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -3
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -30
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -31
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -44
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -48
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -54
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -59
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -6
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -63
../../gcc/gcc/real.c:2844:25: runtime error: left shift of negative value -9
../../gcc/gcc/sched-deps.c:110:20: runtime error: left shift of negative value -1
../../gcc/gcc/simplify-rtx.c:1642:10: runtime error: negation of -9223372036854775808 cannot be represented in type 'long'; cast to an unsigned type to negate this value to i
tself
../../gcc/gcc/simplify-rtx.c:4113:16: runtime error: signed integer overflow: -1844674407370955161 + -9223372036854775808 cannot be represented in type 'long'
../../gcc/gcc/simplify-rtx.c:4117:16: runtime error: signed integer overflow: 1844674407370955161 - -9223372036854775808 cannot be represented in type 'long'
../../gcc/gcc/stor-layout.c:2529:45: runtime error: signed integer overflow: -9223372036854775808 - 1 cannot be represented in type 'long'
../../gcc/gcc/stor-layout.c:2542:34: runtime error: left shift of negative value -1
../../gcc/gcc/stor-layout.c:2544:5: runtime error: left shift of negative value -1
../../gcc/libcpp/files.c:675:30: runtime error: left shift of negative value -1
../../../gcc/libiberty/md5.c:336:7: runtime error: load of misaligned address 0x7fffea3a861e for type 'const md5_uint32' (aka 'const unsigned int'), which requires 4 byte ali
gnment
...
../../../gcc/libiberty/md5.c:351:7: runtime error: load of misaligned address 0x7ffff742e262 for type 'const md5_uint32' (aka 'const unsigned int'), which requires 4 byte ali
gnment
../../../gcc/libiberty/regex.c:6970:11: runtime error: left shift of negative value -1
../../../gcc/libiberty/regex.c:7165:4: runtime error: left shift of negative value -1
/var/tmp/gcc_build_dir/gcc/cc1:0x27cc41d: runtime error: load of value 108, which is not a valid value for type 'bool'
/var/tmp/gcc_build_dir/gcc/cc1:0x27cc41d: runtime error: load of value 96, which is not a valid value for type 'bool'
...
/var/tmp/gcc_build_dir/gcc/cc1plus:0x2efac6d: runtime error: load of value 108, which is not a valid value for type 'bool'
/var/tmp/gcc_build_dir/gcc/cc1plus:0x2efac6d: runtime error: load of value 124, which is not a valid value for type 'bool'
...

Comment 2 Markus Trippelsdorf 2013-07-26 07:26:45 UTC

Created attachment 30557 [details]
output

unwrapped output

Comment 3 Markus Trippelsdorf 2014-10-01 09:23:36 UTC

Closing old bug. Most issues here are already fixed.

*** This bug has been marked as a duplicate of bug 59545 ***