59545 – Signed integer overflow issues

Bug 59545 - Signed integer overflow issues

Summary: Signed integer overflow issues

Status:	RESOLVED FIXED

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	other (show other bugs)
Version:	4.9.0

Importance:	P3 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Duplicates (1):	57324 (view as bug list)
Depends on:
Blocks:	ubsan
	Show dependency tree / graph

Reported:	2013-12-18 12:36 UTC by Marek Polacek
Modified:	2023-06-02 00:59 UTC (History)
CC List:	3 users (show)

See Also:	40987
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:	2013-12-20 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marek Polacek 2013-12-18 12:36:35 UTC

I ran bootstrap with -fsanitize=undefined, here's a list of issues I've found.

combine.c:8204:6: runtime error: negation of -9223372036854775808 cannot be represented in type 'long int'; cast to an unsigned type to negate this value to itself
combine.c:8204:6: runtime error: negation of -9223372036854775808 cannot be represented in type 'long int'; cast to an unsigned type to negate this value to itself
double-int.c:141:17: runtime error: negation of -9223372036854775808 cannot be represented in type 'long int'; cast to an unsigned type to negate this value to itself
double-int.c:141:17: runtime error: negation of -9223372036854775808 cannot be represented in type 'long int'; cast to an unsigned type to negate this value to itself
double-int.c:141:17: runtime error: negation of -9223372036854775808 cannot be represented in type 'long int'; cast to an unsigned type to negate this value to itself
double-int.c:141:17: runtime error: negation of -9223372036854775808 cannot be represented in type 'long int'; cast to an unsigned type to negate this value to itself
genattrtab.c:622:27: runtime error: signed integer overflow: 4568797 * 613 cannot be represented in type 'int'
genautomata.c:3497:23: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int'
ifcvt.c:1116:18: runtime error: signed integer overflow: -9223372036854775808 - 9223372036854775807 cannot be represented in type 'long int'
ifcvt.c:1116:18: runtime error: signed integer overflow: -9223372036854775808 - 9223372036854775807 cannot be represented in type 'long int'
ira-color.c:1508:29: runtime error: signed integer overflow: -12123975 * 185 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -128583990 * 811 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -128583990 * 811 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -128583990 * 811 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -128583990 * 811 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -131071000 * 1000 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -131071000 * 1000 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -131071000 * 1000 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -131071000 * 1000 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -131071000 * 1000 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -131071000 * 1000 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -131071000 * 590 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -131071000 * 590 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -131071000 * 590 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -131071000 * 590 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -13238070 * 808 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -134813175 * 122 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -14909212 * 910 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -15417108 * 941 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -16383750 * 1000 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -16383750 * 1000 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -16383750 * 1000 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -16383750 * 1000 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -16383750 * 250 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -17664042 * 500 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -17664042 * 500 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -19958478 * 219 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -20479687 * 1000 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -20659906 * 194 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -20971200 * 320 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -22908412 * 127 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -230460334 * 19 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -230460334 * 19 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -262140400 * 125 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -262140400 * 125 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -263662610 * 52 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -26473766 * 129 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -26698580 * 250 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -28163857 * 191 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -28163857 * 191 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -28163857 * 191 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -28163857 * 191 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -28163857 * 191 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -28163857 * 191 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -28163857 * 191 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -28163857 * 191 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -28163857 * 191 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -28163857 * 191 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -28163857 * 191 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -28163857 * 191 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -4095937 * 1000 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -4095937 * 1000 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -57072202 * 311 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -65535000 * 61 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -7659400 * 394 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -8847224 * 270 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -8847224 * 270 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -8847224 * 270 cannot be represented in type 'int'
ira-color.c:1508:29: runtime error: signed integer overflow: -8847224 * 270 cannot be represented in type 'int'
postreload.c:1770:24: runtime error: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 11 - -9223372036854775808 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 20 - -9223372036854775808 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 20 - -9223372036854775808 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 7378697629483820646 - -1844674407370955162 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: -8446744073709551617 - 999999999999999999 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 8646911284551352320 - -9223372036854775808 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 9223372036854775807 - -281474976710656 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 9223372036854775807 - -281474976710656 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 9223372036854775807 - -9223090561878065153 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 9223372036854775807 - -9223090561878065153 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 9223372036854775807 - -9223090561878065153 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 9223372036854775807 - -9223090561878065153 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 9223372036854775807 - -9223090561878065153 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 9223372036854775807 - -9223090561878065153 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 9223372036854775807 - -9223090561878065153 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 9223372036854775807 - -9223090561878065153 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 9223372036854775807 - -9223090561878065153 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 9223372036854775807 - -9223372036854775808 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: -9223372036854775808 - 8935141660703064064 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: -9223372036854775808 - 8935141660703064064 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: -9223372036854775808 - 9223372036854775807 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 999999999999999 - -9223372036854775808 cannot be represented in type 'long int'
postreload.c:1770:24: runtime error: signed integer overflow: 9999999999999999 - -9223372036854775808 cannot be represented in type 'long int'
simplify-rtx.c:1650:16: runtime error: negation of -9223372036854775808 cannot be represented in type 'long int'; cast to an unsigned type to negate this value to itself
simplify-rtx.c:1650:16: runtime error: negation of -9223372036854775808 cannot be represented in type 'long int'; cast to an unsigned type to negate this value to itself
simplify-rtx.c:1650:16: runtime error: negation of -9223372036854775808 cannot be represented in type 'long int'; cast to an unsigned type to negate this value to itself
simplify-rtx.c:1650:16: runtime error: negation of -9223372036854775808 cannot be represented in type 'long int'; cast to an unsigned type to negate this value to itself
simplify-rtx.c:1650:16: runtime error: negation of -9223372036854775808 cannot be represented in type 'long int'; cast to an unsigned type to negate this value to itself
simplify-rtx.c:1650:16: runtime error: negation of -9223372036854775808 cannot be represented in type 'long int'; cast to an unsigned type to negate this value to itself
simplify-rtx.c:1650:16: runtime error: negation of -9223372036854775808 cannot be represented in type 'long int'; cast to an unsigned type to negate this value to itself
simplify-rtx.c:1650:16: runtime error: negation of -9223372036854775808 cannot be represented in type 'long int'; cast to an unsigned type to negate this value to itself
simplify-rtx.c:4124:23: runtime error: signed integer overflow: 1844674407370955161 - -9223372036854775808 cannot be represented in type 'long int'
simplify-rtx.c:4124:23: runtime error: signed integer overflow: -9223372036854775808 - 1 cannot be represented in type 'long int'
simplify-rtx.c:4124:23: runtime error: signed integer overflow: -9223372036854775808 - 1 cannot be represented in type 'long int'
stor-layout.c:2529:13: runtime error: signed integer overflow: -9223372036854775808 + -1 cannot be represented in type 'long int'

Comment 1 Marc Glisse 2013-12-18 22:30:01 UTC

Dup of PR 57324? (yes, I know, gcc vs clang)

Comment 2 Jakub Jelinek 2013-12-19 08:16:14 UTC

Perhaps it would be nice to compare on the same codebase what clang and gcc catch (it would have to be --disable-bootstrap build and start with separately built same version of gcc, installed into some temp directory and just use -fsanitize=undefined in stage1 flags (or wrap both compilers)?)

Comment 3 Markus Trippelsdorf 2013-12-19 10:05:04 UTC

FWIW here's the list issues clang catches on r206105:

gcc/combine.c:11867:14: runtime error: left shift of negative value -4096
gcc/config/i386/i386.c:21805:37: runtime error: left shift of negative value -1073807360
gcc/config/i386/i386.c:21805:37: runtime error: left shift of negative value -65537
gcc/config/i386/i386.c:21805:44: runtime error: left shift of negative value -140739635838976
gcc/config/i386/i386.c:21805:44: runtime error: left shift of negative value -2305983746702049280
gcc/cp/error.c:448:7: runtime error: call to function pp_cxx_type_specifier_seq(cxx_pretty_printer*, tree_node*) through pointer to incorrect function type 'void (*)(c_pretty
_printer *, tree_node *)'
gcc/cselib.c:1121:43: runtime error: signed integer overflow: 4224 + 9223372036854775807 cannot be represented in type 'long'
gcc/dce.c:278:16: runtime error: left shift of negative value -1
gcc/double-int.c:141:13: runtime error: negation of -9223372036854775808 cannot be represented in type 'long'; cast to an unsigned type to negate this value to itself
gcc/dwarf2out.c:11516:61: runtime error: left shift of negative value -1
gcc/dwarf2out.c:11531:54: runtime error: left shift of negative value -1
gcc/expmed.c:2986:15: runtime error: left shift of negative value -1
gcc/expr.c:3986:17: runtime error: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
gcc/genattrtab.c:622:27: runtime error: signed integer overflow: 4568797 * 613 cannot be represented in type 'int'
gcc/genautomata.c:3497:23: runtime error: shift exponent 64 is too large for 64-bit type 'set_el_t' (aka 'unsigned long')
gcc/ggc-common.c:133:7: runtime error: call to function gt_ggc_m_S(void const*) through pointer to incorrect function type 'void (*)(void *)'
gcc/ggc-common.c:501:2: runtime error: call to function gt_pch_n_S(void const*) through pointer to incorrect function type 'void (*)(void *)'
gcc/haifa-sched.c:1160:24: runtime error: left shift of negative value -1
gcc/haifa-sched.c:1423:26: runtime error: left shift of negative value -1
gcc/ipa-split.c:1051:20: runtime error: load of value 100, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 108, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 116, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 124, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 12, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 132, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 140, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 156, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 164, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 172, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 188, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 196, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 204, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 20, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 212, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 220, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 224, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 228, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 236, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 244, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 252, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 28, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 36, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 44, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 4, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 52, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 60, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 76, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 84, which is not a valid value for type 'bool'
gcc/ipa-split.c:1051:20: runtime error: load of value 92, which is not a valid value for type 'bool'
gcc/ira-color.c:1508:29: runtime error: signed integer overflow: -128583990 * 811 cannot be represented in type 'int'
gcc/ira-color.c:1508:29: runtime error: signed integer overflow: -131071000 * 1000 cannot be represented in type 'int'
gcc/ira-color.c:1508:29: runtime error: signed integer overflow: -131071000 * 590 cannot be represented in type 'int'
gcc/ira-color.c:1508:29: runtime error: signed integer overflow: -17664042 * 500 cannot be represented in type 'int'
gcc/ira-color.c:1508:29: runtime error: signed integer overflow: -20495925 * 135 cannot be represented in type 'int'
gcc/ira-color.c:1508:29: runtime error: signed integer overflow: -262140400 * 125 cannot be represented in type 'int'
gcc/ira-color.c:1508:29: runtime error: signed integer overflow: -28163857 * 191 cannot be represented in type 'int'
gcc/ira-color.c:1508:29: runtime error: signed integer overflow: -33685247 * 90 cannot be represented in type 'int'
gcc/ira-color.c:1508:29: runtime error: signed integer overflow: -4095937 * 1000 cannot be represented in type 'int'
gcc/ira-color.c:1508:29: runtime error: signed integer overflow: -4190144 * 1023 cannot be represented in type 'int'
gcc/ira-color.c:1508:29: runtime error: signed integer overflow: -6373278 * 389 cannot be represented in type 'int'
gcc/ira-color.c:1508:29: runtime error: signed integer overflow: -8191875 * 500 cannot be represented in type 'int'
gcc/ira-color.c:1508:29: runtime error: signed integer overflow: -8847224 * 270 cannot be represented in type 'int'
gcc/passes.c:1627:8: runtime error: call to function execute_pass_list(opt_pass*) through pointer to incorrect function type 'void (*)(void *)'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: 105553116266496 - -9223372036854775808 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: 11 - -9223372036854775808 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: 20 - -9223372036854775808 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: 4611123068473966592 - -9223090561878065153 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: 4611404543450677248 - -9223372036854775808 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: 7378697629483820646 - -1844674407370955162 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: -8446744073709551617 - 999999999999999999 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: 8646911284551352320 - -9223372036854775808 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: -9223090561878065152 - 9223090561878065151 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: -9223372036854775784 - 9223372036854775800 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: 9223372036854775807 - -281474976710656 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: 9223372036854775807 - -9223090561878065153 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: 9223372036854775807 - -9223372036854775808 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: -9223372036854775808 - 8935141660703064064 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: -9223372036854775808 - 9223372036854775807 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: 999999999999999 - -9223372036854775808 cannot be represented in type 'long'
gcc/postreload.c:1769:44: runtime error: signed integer overflow: 9999999999999999 - -9223372036854775808 cannot be represented in type 'long'
gcc/real.c:2812:25: runtime error: left shift of negative value -1
gcc/real.c:2812:25: runtime error: left shift of negative value -102
gcc/real.c:2812:25: runtime error: left shift of negative value -1021
gcc/real.c:2812:25: runtime error: left shift of negative value -111
gcc/real.c:2812:25: runtime error: left shift of negative value -113
gcc/real.c:2812:25: runtime error: left shift of negative value -114
gcc/real.c:2812:25: runtime error: left shift of negative value -16277
gcc/real.c:2812:25: runtime error: left shift of negative value -16381
gcc/real.c:2812:25: runtime error: left shift of negative value -19
gcc/real.c:2812:25: runtime error: left shift of negative value -2
gcc/real.c:2812:25: runtime error: left shift of negative value -21
gcc/real.c:2812:25: runtime error: left shift of negative value -225
gcc/real.c:2812:25: runtime error: left shift of negative value -23
gcc/real.c:2812:25: runtime error: left shift of negative value -3
gcc/real.c:2812:25: runtime error: left shift of negative value -30
gcc/real.c:2812:25: runtime error: left shift of negative value -31
gcc/real.c:2812:25: runtime error: left shift of negative value -44
gcc/real.c:2812:25: runtime error: left shift of negative value -48
gcc/real.c:2812:25: runtime error: left shift of negative value -54
gcc/real.c:2812:25: runtime error: left shift of negative value -59
gcc/real.c:2812:25: runtime error: left shift of negative value -6
gcc/real.c:2812:25: runtime error: left shift of negative value -63
gcc/real.c:2812:25: runtime error: left shift of negative value -9
gcc/sched-deps.c:110:20: runtime error: left shift of negative value -1
gcc/simplify-rtx.c:1650:10: runtime error: negation of -9223372036854775808 cannot be represented in type 'long'; cast to an unsigned type to negate this value to itself
gcc/simplify-rtx.c:4120:16: runtime error: signed integer overflow: -1844674407370955161 + -9223372036854775808 cannot be represented in type 'long'
gcc/simplify-rtx.c:4124:16: runtime error: signed integer overflow: 1844674407370955161 - -9223372036854775808 cannot be represented in type 'long'
gcc/simplify-rtx.c:4128:16: runtime error: signed integer overflow: 3 * -6148914691236517205 cannot be represented in type 'long'
gcc/stor-layout.c:2524:45: runtime error: signed integer overflow: -9223372036854775808 - 1 cannot be represented in type 'long'
gcc/stor-layout.c:2537:34: runtime error: left shift of negative value -1
gcc/stor-layout.c:2539:5: runtime error: left shift of negative value -1
libcpp/files.c:675:30: runtime error: left shift of negative value -1
libcpp/symtab.c:235:6: runtime error: call to function count_defs(cpp_reader*, cpp_hashnode*, void*) through pointer to incorrect function type 'int (*)(cpp_reader *, ht_iden
tifier *, const void *)'
libcpp/symtab.c:235:6: runtime error: call to function dump_macro(cpp_reader*, cpp_hashnode*, void*) through pointer to incorrect function type 'int (*)(cpp_reader *, ht_iden
tifier *, const void *)'
libcpp/symtab.c:235:6: runtime error: call to function save_idents(cpp_reader*, cpp_hashnode*, void*) through pointer to incorrect function type 'int (*)(cpp_reader *, ht_ide
ntifier *, const void *)'
libcpp/symtab.c:235:6: runtime error: call to function undefine_macros(cpp_reader*, cpp_hashnode*, void*) through pointer to incorrect function type 'int (*)(cpp_reader *, ht
_identifier *, const void *)'
libcpp/symtab.c:235:6: runtime error: call to function write_defs(cpp_reader*, cpp_hashnode*, void*) through pointer to incorrect function type 'int (*)(cpp_reader *, ht_iden
tifier *, const void *)'
libcpp/symtab.c:235:6: runtime error: call to function write_macdef(cpp_reader*, cpp_hashnode*, void*) through pointer to incorrect function type 'int (*)(cpp_reader *, ht_id
entifier *, const void *)'
../libiberty/md5.c:336:7: runtime error: load of misaligned address 0x7fff2f8e77da for type 'const md5_uint32' (aka 'const unsigned int'), which requires 4 byte alignment
...
libiberty/md5.c:351:7: runtime error: load of misaligned address 0x7fffafc1d7f6 for type 'const md5_uint32' (aka 'const unsigned int'), which requires 4 byte alignment
libiberty/regex.c:6970:11: runtime error: left shift of negative value -1
libiberty/regex.c:7165:4: runtime error: left shift of negative value -1

Comment 4 Jakub Jelinek 2013-12-19 21:27:52 UTC

Author: jakub
Date: Thu Dec 19 21:27:51 2013
New Revision: 206134

URL: http://gcc.gnu.org/viewcvs?rev=206134&root=gcc&view=rev
Log:
	PR other/59545
	* genattrtab.c (struct attr_hash): Change hashcode type to unsigned.
	(attr_hash_add_rtx, attr_hash_add_string): Change hashcode parameter
	to unsigned.
	(attr_rtx_1): Change hashcode variable to unsigned.
	(attr_string): Likewise.  Perform first multiplication in unsigned
	type.
	* ifcvt.c (noce_try_store_flag_constants): Avoid signed integer
	overflows.
	* double-int.c (neg_double): Likewise.
	* stor-layout.c (set_min_and_max_values_for_integral_type): Likewise.
	* combine.c (force_to_mode): Likewise.
	* postreload.c (move2add_use_add2_insn, move2add_use_add3_insn,
	reload_cse_move2add, move2add_note_store): Likewise.
	* simplify-rtx.c (simplify_const_unary_operation,
	simplify_const_binary_operation): Likewise.
	* ipa-split.c (find_split_points): Initialize first.can_split
	and first.non_ssa_vars.
	* gengtype-state.c (read_state_files_list): Fix up check.
	* genautomata.c (reserv_sets_hash_value): Use portable rotation
	idiom.
java/
	* class.c (hashUtf8String): Compute hash in unsigned type.
	* javaop.h (WORD_TO_INT): Avoid signed integer overflow.

Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/combine.c
    trunk/gcc/double-int.c
    trunk/gcc/genattrtab.c
    trunk/gcc/genautomata.c
    trunk/gcc/gengtype-state.c
    trunk/gcc/ifcvt.c
    trunk/gcc/ipa-split.c
    trunk/gcc/java/ChangeLog
    trunk/gcc/java/class.c
    trunk/gcc/java/javaop.h
    trunk/gcc/postreload.c
    trunk/gcc/simplify-rtx.c
    trunk/gcc/stor-layout.c

Comment 5 Markus Trippelsdorf 2013-12-20 07:07:26 UTC

Thanks Jakub, it looks much better now. What is left are mostly left shifts of negative values:

gcc/combine.c:11865:14: runtime error: left shift of negative value -4096
gcc/config/i386/i386.c:21800:37: runtime error: left shift of negative value -1073807360
... (3 times with different values)
gcc/cp/error.c:448:7: runtime error: call to function pp_cxx_type_specifier_seq(cxx_pretty_printer*, tree_node*) through pointer to incorrect function type 'void (*)(c_pretty
_printer *, tree_node *)'
gcc/cselib.c:1121:43: runtime error: signed integer overflow: 4224 + 9223372036854775806 cannot be represented in type 'long'
gcc/cselib.c:1121:43: runtime error: signed integer overflow: 4224 + 9223372036854775807 cannot be represented in type 'long'
gcc/dce.c:278:16: runtime error: left shift of negative value -1
gcc/dwarf2out.c:11516:61: runtime error: left shift of negative value -1
gcc/dwarf2out.c:11531:54: runtime error: left shift of negative value -1
gcc/expmed.c:2986:15: runtime error: left shift of negative value -1
gcc/expr.c:3986:17: runtime error: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
gcc/ggc-common.c:133:7: runtime error: call to function gt_ggc_m_S(void const*) through pointer to incorrect function type 'void (*)(void *)'
gcc/ggc-common.c:501:2: runtime error: call to function gt_pch_n_S(void const*) through pointer to incorrect function type 'void (*)(void *)'
gcc/haifa-sched.c:1160:24: runtime error: left shift of negative value -1
gcc/haifa-sched.c:1423:26: runtime error: left shift of negative value -1
gcc/ira-color.c:1508:29: runtime error: signed integer overflow: -128583990 * 811 cannot be represented in type 'int'
... (13 times with different values)
gcc/passes.c:1627:8: runtime error: call to function execute_pass_list(opt_pass*) through pointer to incorrect function type 'void (*)(void *)'
gcc/real.c:2812:25: runtime error: left shift of negative value -1
... (22 times with different values)
gcc/recog.h:283:43: runtime error: call to function gen_pause() through pointer to incorrect function type 'rtx_def *(*)(rtx_def *)'
gcc/recog.h:283:43: runtime error: call to function gen_xend() through pointer to incorrect function type 'rtx_def *(*)(rtx_def *)'
gcc/sched-deps.c:110:20: runtime error: left shift of negative value -1
gcc/stor-layout.c:2539:5: runtime error: left shift of negative value -1
libcpp/files.c:675:30: runtime error: left shift of negative value -1
libcpp/symtab.c:235:6: runtime error: call to function count_defs(cpp_reader*, cpp_hashnode*, void*) through pointer to incorrect function type 'int (*)(cpp_reader *, ht_iden
tifier *, const void *)'
libcpp/symtab.c:235:6: runtime error: call to function save_idents(cpp_reader*, cpp_hashnode*, void*) through pointer to incorrect function type 'int (*)(cpp_reader *, ht_ide
ntifier *, const void *)'
libcpp/symtab.c:235:6: runtime error: call to function undefine_macros(cpp_reader*, cpp_hashnode*, void*) through pointer to incorrect function type 'int (*)(cpp_reader *, ht
_identifier *, const void *)'
libcpp/symtab.c:235:6: runtime error: call to function write_defs(cpp_reader*, cpp_hashnode*, void*) through pointer to incorrect function type 'int (*)(cpp_reader *, ht_iden
tifier *, const void *)'
libcpp/symtab.c:235:6: runtime error: call to function write_macdef(cpp_reader*, cpp_hashnode*, void*) through pointer to incorrect function type 'int (*)(cpp_reader *, ht_id
entifier *, const void *)'
libiberty/regex.c:6970:11: runtime error: left shift of negative value -1
libiberty/regex.c:7165:4: runtime error: left shift of negative value -1

Comment 6 Jakub Jelinek 2013-12-20 08:50:16 UTC

(In reply to Markus Trippelsdorf from comment #5)
> Thanks Jakub, it looks much better now. What is left are mostly left shifts
> of negative values:
> 
> gcc/combine.c:11865:14: runtime error: left shift of negative value -4096

Left shifts of negative value we apparently only warn for C++11 and C++14, not for C++98 (is that because the C++98 wording is fuzzy, don't remember), and for C99 and C11 the even stronger check where for signed left shifts not only all negative values shifted up by any amount are invalid, but also positive values shifted up such that the result is negative or any bits are shifted away.

Perhaps we should fix that in preparation for C++11 anyway, just trying to understand why GCC hasn't reported it.

> gcc/cp/error.c:448:7: runtime error: call to function
> pp_cxx_type_specifier_seq(cxx_pretty_printer*, tree_node*) through pointer
> to incorrect function type 'void (*)(c_pretty
> _printer *, tree_node *)'

Haven't seen this error, perhaps we don't instrument it (yet)?  Marek?

> gcc/cselib.c:1121:43: runtime error: signed integer overflow: 4224 +
> 9223372036854775806 cannot be represented in type 'long'
> gcc/cselib.c:1121:43: runtime error: signed integer overflow: 4224 +
> 9223372036854775807 cannot be represented in type 'long'
> gcc/expr.c:3986:17: runtime error: signed integer overflow: 0 -
> -9223372036854775808 cannot be represented in type 'long'

I wonder why I haven't seen these with GCC (for clang I used some random svn snapshot and the compiler was so terribly slow and occassionally hanging that I gave up on it).  What exact configuration you've used?

Comment 7 Markus Trippelsdorf 2013-12-20 09:01:06 UTC

(In reply to Jakub Jelinek from comment #6)
> (In reply to Markus Trippelsdorf from comment #5)
> 
> > gcc/cselib.c:1121:43: runtime error: signed integer overflow: 4224 +
> > 9223372036854775806 cannot be represented in type 'long'
> > gcc/cselib.c:1121:43: runtime error: signed integer overflow: 4224 +
> > 9223372036854775807 cannot be represented in type 'long'
> > gcc/expr.c:3986:17: runtime error: signed integer overflow: 0 -
> > -9223372036854775808 cannot be represented in type 'long'
> 
> I wonder why I haven't seen these with GCC (for clang I used some random svn
> snapshot and the compiler was so terribly slow and occassionally hanging
> that I gave up on it).  What exact configuration you've used?

You're right that clang is terribly slow (e.g. compiling insn-extract takes over 5 minutes on my machine).
I'm using the LLVM 3.4 branch (they are close to release).
Config:
 % CC="clang -fsanitize=undefined -fno-sanitize=bounds -w" CXX="clang++ -fsanitize=undefined -fno-sanitize=bounds -w" ../gcc/configure --disable-bootstrap --disable-werror --disable-multilib --enable-languages=c,c++,fortran

Comment 8 Marek Polacek 2013-12-20 10:56:30 UTC

(In reply to Jakub Jelinek from comment #6)
> > gcc/cp/error.c:448:7: runtime error: call to function
> > pp_cxx_type_specifier_seq(cxx_pretty_printer*, tree_node*) through pointer
> > to incorrect function type 'void (*)(c_pretty
> > _printer *, tree_node *)'
> 
> Haven't seen this error, perhaps we don't instrument it (yet)?  Marek?

Yeah, we don't instrument this at all.

Comment 9 Marek Polacek 2014-03-26 06:46:59 UTC

Author: mpolacek
Date: Wed Mar 26 06:46:27 2014
New Revision: 208834

URL: http://gcc.gnu.org/viewcvs?rev=208834&root=gcc&view=rev
Log:
	PR other/59545
	* ira-color.c (update_conflict_hard_regno_costs): Perform the
	multiplication in unsigned type.


Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/ira-color.c

Comment 10 Jakub Jelinek 2014-03-26 09:09:48 UTC

During bootstrap-ubsan, I'm still seeing tons of:
../../gcc/go/gofrontend/expressions.cc:3652:18: runtime error: load of value 196636864, which is not a valid value for type 'Operator'
and similar errors (something for Ian), plus PR60667, and in the testsuite e.g.
../../gcc/ira.c:2597:24: runtime error: signed integer overflow: -2144862208 + -62586880 cannot be represented in type 'int'
../../gcc/tree-data-ref.c:2334:38: runtime error: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int'
../../gcc/tree-ssa-loop-ivopts.c:4148:24: runtime error: signed integer overflow: -1 * -9223372036854775808 cannot be represented in type 'long long int'
../../libiberty/cp-demangle.c:4039:40: runtime error: variable length array bound evaluates to non-positive value 0
../../gcc/fortran/interface.c:2667:43: runtime error: load of value 1818451807, which is not a valid value for type 'expr_t'
../../gcc/fortran/trans-array.c:2207:9: runtime error: load of value 100, which is not a valid value for type 'bool'

just to name some unique ones for which I don't have a fix.

Comment 11 Jakub Jelinek 2014-03-26 19:33:12 UTC

Author: jakub
Date: Wed Mar 26 19:32:40 2014
New Revision: 208848

URL: http://gcc.gnu.org/viewcvs?rev=208848&root=gcc&view=rev
Log:
	PR other/59545
	* real.c (real_to_integer2): Change type of low to UHWI.

Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/real.c

Comment 12 ian@gcc.gnu.org 2014-03-28 05:21:20 UTC

Author: ian
Date: Fri Mar 28 05:20:48 2014
New Revision: 208888

URL: http://gcc.gnu.org/viewcvs?rev=208888&root=gcc&view=rev
Log:
	PR other/59545
compiler: Fix bogus invalid static_cast to Unary_expression.

Modified:
    trunk/gcc/go/gofrontend/expressions.cc

Comment 13 Markus Trippelsdorf 2014-10-01 09:23:36 UTC

*** Bug 57324 has been marked as a duplicate of this bug. ***

Comment 14 Martin Liška 2018-03-01 11:49:52 UTC

Marek and Markus can we close this. Or do you still see any of these UBSAN errors?

Comment 15 Marek Polacek 2018-03-01 11:52:25 UTC

I haven't run bootstrap-ubsan in a while so I don't know, but those old logs are definitely useless now.  So we can close this I think.

Comment 16 Martin Liška 2018-03-01 11:54:01 UTC

Then marking as fixed.