[Bug rtl-optimization/61657] New: Undefined behavior in loop-iv.c

jakub at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Mon Jun 30 11:29:00 GMT 2014


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61657

            Bug ID: 61657
           Summary: Undefined behavior in loop-iv.c
           Product: gcc
           Version: 4.10.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: rtl-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: jakub at gcc dot gnu.org
                CC: rakdver at gcc dot gnu.org, rguenth at gcc dot gnu.org

Seen during bootstrap-ubsan bootstrap/regtest.  E.g.
./cc1 -O3 -fomit-frame-pointer -funroll-loops gcc.c-torture/compile/pr42049.c
../../gcc/loop-iv.c:2626:14: runtime error: signed integer overflow:
9223372036854775806 - -9223372036854775808 cannot be represented in type 'long
int'
../../gcc/loop-iv.c:2288:24: runtime error: signed integer overflow:
9223372036854775807 - -9223372036854775808 cannot be represented in type 'long
int'
but seen also during the bootstrap itself.
E.g. on line 2626:
          inc = INTVAL (iv0.step) - INTVAL (iv1.step);
          if (CONST_INT_P (iv1.base))
            up = INTVAL (iv1.base);
          else
            up = INTVAL (mode_mmax) - inc;
          down = INTVAL (CONST_INT_P (iv0.base)
                         ? iv0.base
                         : mode_mmin);
          max = (up - down) / inc + 1;
inc is 1, both iv0.base and iv1.base are non-CONST_INT and thus up is
0x7ffffffffffffffeLL and down is 0x8000000000000000LL (-LONG_MIN).
The subtraction and division surely can be performed in UHWI, or perhaps
widest_int, just not sure what is the right thing if there is any overflow or
if max is negative in the end - shall we just not record the bound at all?



More information about the Gcc-bugs mailing list