Top of the trunk gcc on x86_64 > cat f.cpp extern const long long int var_20; void foo() { int((var_20 & 50 | 051UL) << 0) << 0; } > g++ -fsanitize=undefined -w -O0 -c f.cpp f.cpp: In function ‘void foo()’: f.cpp:2:6: error: type mismatch in binary expression void foo() { int((var_20 & 50 | 051UL) << 0) << 0; } ^~~ long long unsigned int long long int long long unsigned int _11 = var_20.2_10 & 18; f.cpp:2:6: internal compiler error: verify_gimple failed 0xdae9ad verify_gimple_in_seq(gimple*) ../../gcc_svn_intel/gcc/tree-cfg.c:4934 0xafe2bd gimplify_body(tree_node*, bool) ../../gcc_svn_intel/gcc/gimplify.c:12500 0xafe624 gimplify_function_tree(tree_node*) ../../gcc_svn_intel/gcc/gimplify.c:12590 0x96e9df cgraph_node::analyze() ../../gcc_svn_intel/gcc/cgraphunit.c:657 0x9719c9 analyze_functions ../../gcc_svn_intel/gcc/cgraphunit.c:1118 0x972a82 symbol_table::finalize_compilation_unit() ../../gcc_svn_intel/gcc/cgraphunit.c:2603 Please submit a full bug report, with preprocessed source if appropriate. Please include the complete backtrace with any bug report. See <https://gcc.gnu.org/bugs/> for instructions.
Confirmed.
Same as PR80348, started with r230365 (Merge C++ delayed folding branch.).
PR80348 is fixed, but this still fails.
Created attachment 41178 [details] gcc7-pr80349.patch Untested fix.
Author: jakub Date: Wed Apr 12 06:12:26 2017 New Revision: 246865 URL: https://gcc.gnu.org/viewcvs?rev=246865&root=gcc&view=rev Log: PR sanitizer/80349 * fold-const.c (fold_binary_loc) <case BIT_IOR_EXPR>: Convert arg0's first argument to type. * g++.dg/ubsan/pr80349.C: New test. Added: trunk/gcc/testsuite/g++.dg/ubsan/pr80349.C Modified: trunk/gcc/ChangeLog trunk/gcc/fold-const.c trunk/gcc/testsuite/ChangeLog
Fixed on the trunk so far.
One more. GCC r247062. > cat f.cpp unsigned long int ll; int foo() { return (2036854775807 >> ll & char(207648476159223) | 502810590243120797UL) << 0; } > g++ -fsanitize=undefined -O0 -c f.cpp f.cpp: In function ‘int foo()’: f.cpp:2:5: error: type mismatch in binary expression int foo() { ^~~ long unsigned int long int long unsigned int D.2746 = _2 | 502810590243120797; f.cpp:2:5: internal compiler error: verify_gimple failed
I also see crashes reporting problems with ^ operator.
I've got a fix for Comment 7. (In reply to Dmitry Babokin from comment #8) > I also see crashes reporting problems with ^ operator. Please provide a complete testcase, I've been unable to reproduce another crash with modified Comment 7 testcase.
Author: mpolacek Date: Tue Apr 25 16:39:57 2017 New Revision: 247257 URL: https://gcc.gnu.org/viewcvs?rev=247257&root=gcc&view=rev Log: PR sanitizer/80349 * fold-const.c (fold_binary_loc) <case BIT_IOR_EXPR>: Convert arg0's first argument to type. * g++.dg/ubsan/pr80349-2.C: New test. Added: trunk/gcc/testsuite/g++.dg/ubsan/pr80349-2.C Modified: trunk/gcc/ChangeLog trunk/gcc/fold-const.c trunk/gcc/testsuite/ChangeLog
Author: mpolacek Date: Tue Apr 25 17:02:27 2017 New Revision: 247260 URL: https://gcc.gnu.org/viewcvs?rev=247260&root=gcc&view=rev Log: PR sanitizer/80349 * fold-const.c (fold_binary_loc) <case BIT_IOR_EXPR>: Convert arg0's first argument to type. * g++.dg/ubsan/pr80349-2.C: New test. Added: branches/gcc-7-branch/gcc/testsuite/g++.dg/ubsan/pr80349-2.C Modified: branches/gcc-7-branch/gcc/ChangeLog branches/gcc-7-branch/gcc/fold-const.c branches/gcc-7-branch/gcc/testsuite/ChangeLog
int var; long a; long foo() { int i = !(1 & 808U ^ 1 & var) >> 0; long l = 0 % ((a & 1) != (3053241240409UL & 1)); return i+l; }
Thanks, reproduced, will look into it.
I believe this all section needs fixing and new testcases: 10793 tree arg00 = TREE_OPERAND (arg0, 0); 10794 tree arg01 = TREE_OPERAND (arg0, 1); 10795 tree arg10 = TREE_OPERAND (arg1, 0); 10796 tree arg11 = TREE_OPERAND (arg1, 1); 10797 tree itype = TREE_TYPE (arg0); 10798 10799 if (operand_equal_p (arg01, arg11, 0)) 10800 return fold_build2_loc (loc, code, type, 10801 fold_build2_loc (loc, BIT_AND_EXPR, itype, 10802 fold_build2_loc (loc, 10803 BIT_XOR_EXPR, itype, 10804 arg00, arg10), 10805 arg01), 10806 build_zero_cst (itype)); 10807 10808 if (operand_equal_p (arg01, arg10, 0)) 10809 return fold_build2_loc (loc, code, type, 10810 fold_build2_loc (loc, BIT_AND_EXPR, itype, 10811 fold_build2_loc (loc, 10812 BIT_XOR_EXPR, itype, 10813 arg00, arg11), 10814 arg01), 10815 build_zero_cst (itype)); 10816 10817 if (operand_equal_p (arg00, arg11, 0)) 10818 return fold_build2_loc (loc, code, type, 10819 fold_build2_loc (loc, BIT_AND_EXPR, itype, 10820 fold_build2_loc (loc, 10821 BIT_XOR_EXPR, itype, 10822 arg01, arg10), 10823 arg00), 10824 build_zero_cst (itype)); 10825 10826 if (operand_equal_p (arg00, arg10, 0)) 10827 return fold_build2_loc (loc, code, type, 10828 fold_build2_loc (loc, BIT_AND_EXPR, itype, 10829 fold_build2_loc (loc, 10830 BIT_XOR_EXPR, itype, 10831 arg01, arg11), 10832 arg00), 10833 build_zero_cst (itype));
Author: mpolacek Date: Thu Apr 27 21:12:29 2017 New Revision: 247352 URL: https://gcc.gnu.org/viewcvs?rev=247352&root=gcc&view=rev Log: PR sanitizer/80349 * fold-const.c (fold_binary_loc) <case EQ_EXPR, NE_EXPR>: Convert arg10 and arg11 to itype. * c-c++-common/ubsan/pr80349.c: New test. Added: trunk/gcc/testsuite/c-c++-common/ubsan/pr80349.c Modified: trunk/gcc/ChangeLog trunk/gcc/fold-const.c trunk/gcc/testsuite/ChangeLog
Author: jakub Date: Fri May 5 21:55:29 2017 New Revision: 247702 URL: https://gcc.gnu.org/viewcvs?rev=247702&root=gcc&view=rev Log: Backported from mainline 2017-04-12 Jakub Jelinek <jakub@redhat.com> PR sanitizer/80349 * fold-const.c (fold_binary_loc) <case BIT_IOR_EXPR>: Convert arg0's first argument to type. * g++.dg/ubsan/pr80349.C: New test. Added: branches/gcc-6-branch/gcc/testsuite/g++.dg/ubsan/pr80349.C Modified: branches/gcc-6-branch/gcc/ChangeLog branches/gcc-6-branch/gcc/fold-const.c branches/gcc-6-branch/gcc/testsuite/ChangeLog
Fixed.