http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47937
Summary: possible integer bug
Product: gcc
Version: 4.6.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassig...@gcc.gnu.org
ReportedBy: reg...@cs.utah.edu
Host: i686-pc-linux-gnu
Target: i686-pc-linux-gnu
Build: i686-pc-linux-gnu
Created attachment 23498
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=23498
test case
The attached program, compiled using r170512 on x86, produces the following
output:
regehr@home:~$ current-gcc -O overflow.c -o overflow
regehr@home:~$ ./overflow
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0
I believe this output is correct. However, at -O2 the function foo() is
compiled to return constant true:
foo:
movl $1, %eax
ret
I believe this is a miscompilation. The C99 standard says:
The expression ++E is equivalent to (E+=1).
Thus, x is promoted to integer before being incremented, and so no signed
overflow can happen. Therefore, foo() must check for the case where the
incremented integer is truncated when cast back to char, instead of simply
returning true.
