Bug 80875 - [7 Regression] UBSAN: compile time crash in fold_binary_loc at fold-const.c:9817
Summary: [7 Regression] UBSAN: compile time crash in fold_binary_loc at fold-const.c:9817
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: sanitizer (show other bugs)
Version: 8.0
: P2 normal
Target Milestone: 7.2
Assignee: Marek Polacek
URL:
Keywords: ice-on-valid-code
Depends on:
Blocks: yarpgen
  Show dependency treegraph
 
Reported: 2017-05-24 18:08 UTC by Dmitry Babokin
Modified: 2021-11-01 23:07 UTC (History)
4 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2017-05-24 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry Babokin 2017-05-24 18:08:54 UTC 
gcc rev248384, x86_64.

> cat f.cpp
void foo() {
    ~2147483647 * (0 / 0);
}

> g++ -fsanitize=undefined -w -c f.cpp
f.cpp: In function ‘void foo()’:
f.cpp:3:1: internal compiler error: tree check: expected class ‘constant’, have ‘unary’ (negate_expr) in fold_binary_loc, at fold-const.c:9817
 }
 ^
0x10384a7 tree_class_check_failed(tree_node const*, tree_code_class, char const*, int, char const*)
        ../../gcc_svn/gcc/tree.c:9909
<...>
Comment 1 Marek Polacek 2017-05-24 18:20:08 UTC 
Confirmed.
Comment 2 Marek Polacek 2017-05-24 18:23:48 UTC 
commit 0123775a88c6cf1035e4633fde7823a3e9889809
Author: rguenth <rguenth@138bc75d-0d04-0410-961f-82ee72b054a4>
Date:   Wed Oct 28 13:41:25 2015 +0000

    2015-10-28  Richard Biener  <rguenther@suse.de>
    
            * fold-const.c (negate_expr_p): Adjust the division case to
            properly avoid introducing undefined overflow.
            (fold_negate_expr): Likewise.
    
    
    git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@229484 138bc75d-0d04-0410-961f-82ee72b054a4
Comment 3 Marek Polacek 2017-05-24 18:26:28 UTC 
I'll look.
Comment 4 Richard Biener 2017-05-26 07:00:48 UTC 
9810                  && negate_expr_p (op0)
9811                  && (tem = negate_expr (op1)) != op1

should probaby use negate_expr_p (op1) to guard this.
Comment 5 Marek Polacek 2017-05-26 08:11:48 UTC 
(In reply to Richard Biener from comment #4)
> 9810                  && negate_expr_p (op0)
> 9811                  && (tem = negate_expr (op1)) != op1
> 
> should probaby use negate_expr_p (op1) to guard this.

Yea, I sent a patch doing exactly that yesterday:
https://gcc.gnu.org/ml/gcc-patches/2017-05/msg01971.html
Comment 6 Marek Polacek 2017-05-26 09:32:08 UTC 
Author: mpolacek
Date: Fri May 26 09:31:36 2017
New Revision: 248485

URL: https://gcc.gnu.org/viewcvs?rev=248485&root=gcc&view=rev
Log:
	PR sanitizer/80875
	* fold-const.c (fold_binary_loc) <case MULT_EXPR>: Check if OP1
	can be negated.

	* c-c++-common/ubsan/pr80875.c: New test.

Added:
    trunk/gcc/testsuite/c-c++-common/ubsan/pr80875.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/fold-const.c
    trunk/gcc/testsuite/ChangeLog
Comment 7 Marek Polacek 2017-05-26 09:33:04 UTC 
Fixed on trunk so far.
Comment 8 Marek Polacek 2017-05-26 11:16:23 UTC 
Author: mpolacek
Date: Fri May 26 11:15:37 2017
New Revision: 248490

URL: https://gcc.gnu.org/viewcvs?rev=248490&root=gcc&view=rev
Log:
	PR sanitizer/80875
	* fold-const.c (fold_binary_loc) <case MULT_EXPR>: Check if OP1
	can be negated.

	* c-c++-common/ubsan/pr80875.c: New test.

Added:
    branches/gcc-7-branch/gcc/testsuite/c-c++-common/ubsan/pr80875.c
Modified:
    branches/gcc-7-branch/gcc/ChangeLog
    branches/gcc-7-branch/gcc/fold-const.c
    branches/gcc-7-branch/gcc/testsuite/ChangeLog
Comment 9 Marek Polacek 2017-05-26 11:18:19 UTC 
Fixed.