Bug 90213 - UBSAN: signed integer overflow: -5621332293356458048 * 8 cannot be represented in type 'long int'
Summary: UBSAN: signed integer overflow: -5621332293356458048 * 8 cannot be represente...
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 9.0
: P3 normal
Target Milestone: 7.5
Assignee: Richard Biener
URL:
Keywords: wrong-code
Depends on:
Blocks: ubsan
  Show dependency treegraph
 
Reported: 2019-04-23 12:47 UTC by Martin Liška
Modified: 2019-08-30 16:46 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Known to work: 7.4.1, 8.3.1, 9.0
Known to fail:
Last reconfirmed: 2019-04-24 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Liška 2019-04-23 12:47:13 UTC
Fails for:

$ cat ubsan.c
int a[4];
void f()
{
  long int b = 7818038963515661296;
  a[0xA699ECD2C348A3A0] = a[b];
}

$ ~/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/objdir/gcc/xgcc -B ~/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/objdir/gcc/  ubsan.c -c -O
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/poly-int.h:753:21: runtime error: signed integer overflow: -5621332293356458048 * 8 cannot be represented in type 'long int'
    #0 0x139a5ef in if_nonpoly<int, poly_int<1u, long>, poly_int_traits<int>::is_poly>::type& poly_int<1u, long>::operator*=<int>(int const&) /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/poly-int.h:753
    #1 0x139a5ef in fold_const_aggregate_ref_1(tree_node*, tree_node* (*)(tree_node*)) /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/gimple-fold.c:6992
    #2 0x139bfd0 in gimple_fold_stmt_to_constant_1(gimple*, tree_node* (*)(tree_node*), tree_node* (*)(tree_node*)) /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/gimple-fold.c:6426
    #3 0x25df8ec in ccp_fold /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/tree-ssa-ccp.c:1257
    #4 0x25df8ec in evaluate_stmt /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/tree-ssa-ccp.c:1785
    #5 0x25e449c in visit_assignment /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/tree-ssa-ccp.c:2355
    #6 0x284805d in ssa_propagation_engine::simulate_stmt(gimple*) /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/tree-ssa-propagate.c:230
    #7 0x284900c in ssa_propagation_engine::simulate_block(basic_block_def*) /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/tree-ssa-propagate.c:337
    #8 0x284ddc1 in ssa_propagation_engine::ssa_propagate() /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/tree-ssa-propagate.c:802
    #9 0x25c726f in do_ssa_ccp /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/tree-ssa-ccp.c:2474
    #10 0x25c726f in execute /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/tree-ssa-ccp.c:2518
    #11 0x1c6d018 in execute_one_pass(opt_pass*) /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/passes.c:2487
    #12 0x1c70921 in execute_pass_list_1 /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/passes.c:2573
    #13 0x1c70964 in execute_pass_list_1 /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/passes.c:2574
    #14 0x1c70a18 in execute_pass_list(function*, opt_pass*) /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/passes.c:2584
    #15 0x1c67cd6 in do_per_function_toporder(void (*)(function*, void*), void*) /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/passes.c:1705
    #16 0x1c72d7d in execute_ipa_pass_list(opt_pass*) /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/passes.c:2932
    #17 0xdb75c8 in ipa_passes /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/cgraphunit.c:2484
    #18 0xdb75c8 in symbol_table::compile() /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/cgraphunit.c:2620
    #19 0xdc0d5b in symbol_table::compile() /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/cgraphunit.c:2599
    #20 0xdc0d5b in symbol_table::finalize_compilation_unit() /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/cgraphunit.c:2865
    #21 0x2148fc4 in compile_file /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/toplev.c:481
    #22 0x7bf43a in do_compile /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/toplev.c:2205
    #23 0x7bf43a in toplev::main(int, char**) /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/toplev.c:2340
    #24 0x83062e in main /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/build/gcc/main.c:39
    #25 0x7ffff7976b7a in __libc_start_main ../csu/libc-start.c:308
    #26 0x834749 in _start (/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-ubsan/objdir/gcc/cc1+0x834749)
Comment 1 Richard Biener 2019-04-24 12:22:20 UTC
The code even says

                  /* TODO: This code seems wrong, multiply then check
                     to see if it fits.  */
                  offset *= tree_to_uhwi (unit_size);
                  offset *= BITS_PER_UNIT;

it might be as simple as moving the multiplication above the to_shwi
check.
Comment 2 Richard Biener 2019-04-24 12:22:36 UTC
Lemme fix it.
Comment 3 Richard Biener 2019-04-25 11:17:49 UTC
Fixed on trunk sofar.
Comment 4 Richard Biener 2019-04-25 11:18:20 UTC
Author: rguenth
Date: Thu Apr 25 11:17:49 2019
New Revision: 270570

URL: https://gcc.gnu.org/viewcvs?rev=270570&root=gcc&view=rev
Log:
2019-04-24  Richard Biener  <rguenther@suse.de>

	PR middle-end/90213
	* gimple-fold.c (fold_const_aggregate_ref_1): Do multiplication
	by size and BITS_PER_UNIT on poly-wide-ints.

Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/gimple-fold.c
Comment 5 Martin Liška 2019-08-27 14:06:53 UTC
@Richi: Can we close this?
Comment 6 Richard Biener 2019-08-27 14:11:22 UTC
Hmm, I think I eventually wanted to backport it...
Comment 7 Richard Biener 2019-08-30 07:58:22 UTC
Author: rguenth
Date: Fri Aug 30 07:57:47 2019
New Revision: 275060

URL: https://gcc.gnu.org/viewcvs?rev=275060&root=gcc&view=rev
Log:
2019-08-30  Richard Biener  <rguenther@suse.de>

	Backport from mainline
	2019-04-24  Richard Biener  <rguenther@suse.de>

	PR middle-end/90213
	* gimple-fold.c (fold_const_aggregate_ref_1): Do multiplication
	by size and BITS_PER_UNIT on poly-wide-ints.

	2019-04-11  Richard Biener  <rguenther@suse.de>

	PR tree-optimization/90020
	* tree-ssa-sccvn.c (vn_reference_may_trap): New function.
	* tree-ssa-sccvn.h (vn_reference_may_trap): Declare.
	* tree-ssa-pre.c (compute_avail): Use it to not put
	possibly trapping references after a call that might not
	return into EXP_GEN.
	* gcse.c (compute_hash_table_work): Do not elide
	marking a block containing a call if the call might not
	return.

	* gcc.dg/torture/pr90020.c: New testcase.

Added:
    branches/gcc-8-branch/gcc/testsuite/gcc.dg/torture/pr90020.c
Modified:
    branches/gcc-8-branch/gcc/ChangeLog
    branches/gcc-8-branch/gcc/gcse.c
    branches/gcc-8-branch/gcc/gimple-fold.c
    branches/gcc-8-branch/gcc/testsuite/ChangeLog
    branches/gcc-8-branch/gcc/tree-ssa-pre.c
    branches/gcc-8-branch/gcc/tree-ssa-sccvn.c
    branches/gcc-8-branch/gcc/tree-ssa-sccvn.h
Comment 8 Richard Biener 2019-08-30 16:44:49 UTC
Author: rguenth
Date: Fri Aug 30 16:44:17 2019
New Revision: 275208

URL: https://gcc.gnu.org/viewcvs?rev=275208&root=gcc&view=rev
Log:
2019-08-30  Richard Biener  <rguenther@suse.de>

	Backport from mainline
	2019-05-27  Richard Biener  <rguenther@suse.de>

	PR tree-optimization/90637
	* tree-ssa-sink.c (statement_sink_location): Honor the
	computed sink location for single-uses.

	* gcc.dg/gomp/pr90637.c: New testcase.

	2019-06-21  Richard Biener  <rguenther@suse.de>

	PR tree-optimization/90930
	* tree-ssa-reassoc.c (rewrite_expr_tree_parallel): Set visited
	flag on new stmts to avoid re-processing them.

	2019-05-15  Richard Biener  <rguenther@suse.de>

	PR c/90474
	* c-common.c (c_common_mark_addressable_vec): Also mark
	a COMPOUND_LITERAL_EXPR_DECL addressable similar to
	c_mark_addressable.

	2019-04-25  Richard Biener  <rguenther@suse.de>

	PR middle-end/90194
	* match.pd: Add pattern to simplify view-conversion of an
	empty constructor.

	* g++.dg/torture/pr90194.C: New testcase.

	2019-04-24  Richard Biener  <rguenther@suse.de>

	PR middle-end/90213
	* gimple-fold.c (fold_const_aggregate_ref_1): Do multiplication
	by size and BITS_PER_UNIT on poly-wide-ints.

	2019-04-15  Richard Biener  <rguenther@suse.de>

	PR tree-optimization/90071
	* tree-ssa-reassoc.c (init_range_entry): Do not pick up
	abnormal operands from def stmts.

	* gcc.dg/torture/pr90071.c: New testcase.

	2019-03-13  Richard Biener  <rguenther@suse.de>

	PR middle-end/89677
	* tree-scalar-evolution.c (simplify_peeled_chrec): Do not
	throw FP expressions at tree-affine.

	* gcc.dg/torture/pr89677.c: New testcase.

Added:
    branches/gcc-7-branch/gcc/testsuite/g++.dg/torture/pr90194.C
    branches/gcc-7-branch/gcc/testsuite/gcc.dg/torture/pr89677.c
    branches/gcc-7-branch/gcc/testsuite/gcc.dg/torture/pr90071.c
Modified:
    branches/gcc-7-branch/gcc/ChangeLog
    branches/gcc-7-branch/gcc/c-family/ChangeLog
    branches/gcc-7-branch/gcc/c-family/c-common.c
    branches/gcc-7-branch/gcc/gimple-fold.c
    branches/gcc-7-branch/gcc/match.pd
    branches/gcc-7-branch/gcc/testsuite/ChangeLog
    branches/gcc-7-branch/gcc/tree-scalar-evolution.c
    branches/gcc-7-branch/gcc/tree-ssa-reassoc.c
    branches/gcc-7-branch/gcc/tree-ssa-sink.c
Comment 9 Richard Biener 2019-08-30 16:46:13 UTC
Fixed.