https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106469
Bug ID: 106469
Summary: Undefined behavior triggered on Mersenne Twister
engine due to unsigned integer overflow
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: hbucher at gmail dot com
Target Milestone: ---
1. the exact version of GCC, as shown by "gcc -v"
This triggers from gcc 9.4.0 (standard Ubuntu 20.04) up to gcc trunk.
2. the system type
This is reproducible from my Ubuntu 20.04 LTS install to godbolt.org
3. the options when GCC was configured/built
Configured with: ../src/configure -v --with-pkgversion='Ubuntu
9.4.0-1ubuntu1~20.04.1' --with-bugurl=file:///usr/share/doc/gcc-9/README.Bugs
--enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++,gm2 --prefix=/usr
--with-gcc-major-version-only --program-suffix=-9
--program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--libdir=/usr/lib --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug
--enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new
--enable-gnu-unique-object --disable-vtable-verify --enable-plugin
--enable-default-pie --with-system-zlib --with-target-system-zlib=auto
--enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686
--with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib
--with-tune=generic
--enable-offload-targets=nvptx-none=/build/gcc-9-Av3uEd/gcc-9-9.4.0/debian/tmp-nvptx/usr,hsa
--without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu
4. the exact command line passed to the gcc program triggering the bug
clang++ -fsanitize=unsigned-integer-overflow test.cpp -o test
5. a collection of source files for reproducing the bug, preferably a minimal
https://godbolt.org/z/Kr3rr5n8j
#include <random>
int main() {
std::random_device rd;
std::mt19937 gen(rd());
std::uniform_int_distribution<uint64_t> ds(1, 8);
size_t size = ds(gen);
}
6. a description of the expected behavior
The program should run and terminate silent.
7. a description of actual behavior.
The program runs and prints the following message:
Program returned: 0
/opt/compiler-explorer/gcc-snapshot/lib/gcc/x86_64-linux-gnu/13.0.0/../../../../include/c++/13.0.0/bits/random.tcc:416:33:
runtime error: unsigned integer overflow: 397 - 624 cannot be represented in
type 'unsigned long'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/opt/compiler-explorer/gcc-snapshot/lib/gcc/x86_64-linux-gnu/13.0.0/../../../../include/c++/13.0.0/bits/random.tcc:416:33
in
/opt/compiler-explorer/gcc-snapshot/lib/gcc/x86_64-linux-gnu/13.0.0/../../../../include/c++/13.0.0/bits/random.tcc:416:26:
runtime error: unsigned integer overflow: 227 + 18446744073709551389 cannot be
represented in type 'unsigned long'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/opt/compiler-explorer/gcc-snapshot/lib/gcc/x86_64-linux-gnu/13.0.0/../../../../include/c++/13.0.0/bits/random.tcc:416:26
in
The problem is discussed on stack overflow:
https://stackoverflow.com/questions/73157920/undefined-behavior-on-libstdc-stdrandom-due-to-negative-index-on-mersenne-tw
This does not exactly seem to be undefined behavior but it is wrong enough that
it triggers the message.
The problem is line 416 on /usr/include/c++/13.0.0/bits/random.tcc where there
is this expression:
__k + (__m - __n)
where __k is a variable and __m and __n are template parameters.
In the mre example __m=397 and __n=624 so (__m-__n) is negative although summed
with __k it becomes positive.
This is so far the ONLY place where ubsan triggers a message in my entire
codebase.
The message goes away when I compile my code with clang's libc++
(-stdlib=libc++).
