This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: GCC turns &~ into | due to undefined bit-shift without warning

From: Moritz Strübe <moritz dot struebe at redheads dot de>
To: Andrew Haley <aph at redhat dot com>, Jakub Jelinek <jakub at redhat dot com>, "gcc at gcc dot gnu dot org" <gcc at gcc dot gnu dot org>
Date: Thu, 21 Mar 2019 08:53:48 +0000
Subject: Re: GCC turns &~ into | due to undefined bit-shift without warning
References: <4af9e251-f4c3-a5a4-e33d-fb8750c87e36@redheads.de> <20190311091449.GB7611@tucnak> <9085342b-41a6-851c-28e3-08a40cc30103@redheads.de> <20190311111702.GD7611@tucnak> <99e48024-6331-2ba6-272c-51f8cf9e9780@redheads.de> <7644f9cc-2fcd-c13c-a631-53c62c17333b@redhat.com>

Hey.

Am 20.03.2019 um 18:36 schrieb Andrew Haley:
> On 3/20/19 2:08 PM, Moritz Strübe wrote:
>> Ok, I played around a bit. Interestingly, if I set
>> -fsanitize=udefined and -fsanitize-undefined-trap-on-error the
>> compiler detects that it will always trap, and optimizes the code
>> accordingly (the code after the trap is removed).* Which kind of
>> brings me to David's argument: Shouldn't the compiler warn if there
>> is undefined behavior it certainly knows of?
> Maybe an example would help.
>
> Consider this code:
>
> for (int i = start; i < limit; i++) {
>    foo(i * 5);
> }
>
> Should GCC be entitled to turn it into
>
> int limit_tmp = i * 5;
> for (int i = start * 5; i < limit_tmp; i += 5) {
>    foo(i);
> }
>
> If you answered "Yes, GCC should be allowed to do this", would you
> want a warning? And how many such warnings might there be in a typical
> program?

Ok, let me see whether I get your point. I assume that should be "int 
limit_tmp = limit * 5;".
In the original version I have a potential integer overflow while 
passing a parameter. While in the second version, I have a potential 
overflow in limit_tmp and therefore the loop range and number of calls 
of foo is changed.
I think I start getting your point, but I none the less think it would 
be really nice to have an option(!) to warn me about such things 
nonetheless. Use cases would be libraries, or at least their interfaces 
and critical software or just support finding potential bugs. Especially 
when using third party libraries this would can help find potential issues.
Would it be possible to annotate the inserted checks with a debug symbol 
or similar? That way one could compile using LTO and then search for the 
remaining symbols? That would allow static analysis tools to search for 
these symbols and annotate the code.

Cheers
Moritz

-- 
Redheads Ltd. Softwaredienstleistungen
Schillerstr. 14
90409 Nürnberg

Telefon: +49 (0)911 180778-50
E-Mail: moritz.struebe@redheads.de | Web: www.redheads.de

Geschäftsführer: Andreas Hanke
Sitz der Gesellschaft: Lauf
Amtsgericht Nürnberg HRB 22681
Ust-ID: DE 249436843

Follow-Ups:
- Re: GCC turns &~ into | due to undefined bit-shift without warning
  - From: Andrew Haley

References:
- GCC turns &~ into | due to undefined bit-shift without warning
  - From: Moritz Strübe
- Re: GCC turns &~ into | due to undefined bit-shift without warning
  - From: Jakub Jelinek
- Re: GCC turns &~ into | due to undefined bit-shift without warning
  - From: Moritz Strübe
- Re: GCC turns &~ into | due to undefined bit-shift without warning
  - From: Jakub Jelinek
- Re: GCC turns &~ into | due to undefined bit-shift without warning
  - From: Moritz Strübe
- Re: GCC turns &~ into | due to undefined bit-shift without warning
  - From: Andrew Haley

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]