VRP miscompiles the following testcase at -O2 (on a machine with 32-bit ints):
#include <stdlib.h>
void test(unsigned int a, unsigned int b)
{
if (a < 5)
abort();
if (b < 5)
abort();
if (a + b != 0)
abort();
}
int main()
{
unsigned int x = 0x80000000;
test(x, x);
}
The t27.vrp dump shows why:
...
D.1824_3: [10, 0fffffffe] EQUIVALENCES: { } (0 elements)
a_4: [5, +INF] EQUIVALENCES: { a_1 } (1 elements)
b_5: [5, +INF] EQUIVALENCES: { b_2 } (1 elements)
Folding predicate D.1824_3 != 0 to 1
...
VRP concludes that since a >= 5 and b >= 5, a + b >= 10. However, since unsigned
variables have wrapping semantics, this is incorrect. It then miscompiles test()
to include an unconditional abort.
--
Summary: VRP fails for unsigned values
Product: gcc
Version: 4.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: tree-optimization
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: rmorganl at u dot washington dot edu
CC: gcc-bugs at gcc dot gnu dot org
GCC build triplet: i686-pc-cygwin
GCC host triplet: i686-pc-cygwin
GCC target triplet: i686-pc-cygwin
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23128
