https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113702
Bug ID: 113702
Summary: -fsanitize=undefined missed a check under GCC 12.2.0
compared to 13.2.0
Product: gcc
Version: 12.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: jiajing_zheng at 163 dot com
Target Milestone: ---
Created attachment 57278
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57278&action=edit
source C file causing the problem
I'm sorry, but I'm not sure which component causes this problem.
The sub expression '(int)(g_B * g_A[1])' in source.c has a signed overflow
problem. I checked the file using 'gcc source.c -fsanitize=undefined
<optimization level> && ./a.out' at the -O0,-O1,-O2,-O3,-Os optimization levels
under GCC12.2.0 and GCC13.2.0. The results showed that 'signed integer
overflow' was given under GCC13.2.0, but missed under GCC12.2.0.
I then compared the assembly parts of '(int)(g_B * g_A[1])' of the two GCC
versions at the -O0 level using 'gcc source.c -fsanitize=undefined -O0 -S'.
Under GCC13.2.0:
.L13:
movzbl g_A(%rip), %r12d
movzbl g_A+1(%rip), %eax
movzbl %al, %eax
movl g_B(%rip), %edx
movl %eax, %ebx
imull %edx, %ebx
jno .L3
movslq %edx, %rdx
cltq
movq %rax, %rsi
movl $.Lubsan_data3, %edi
call __ubsan_handle_mul_overflow
Under GCC12.2.0:
.L11:
movzbl g_A(%rip), %edx
movzbl g_A+1(%rip), %eax
movl g_B(%rip), %ecx
imull %ecx, %eax
Under GCC12.2.0, it shows that it lacks overflow judgment after 'imul'
operation. So I modified the last line 'imull %ecx, %eax ' to the follwing
lines that I expected:
movl %eax, %ebx
imull %ecx, %eax
jno .L20
movslq %ecx, %rdx
cltq
movq %rbx, %rsi
movl $.Lubsan_data3, %edi
call __ubsan_handle_mul_overflow
.L20:
Then I run 'gcc source.s -fsanitize=undefined -O0 && ./a.out', and it gave the
expected 'signed integer overflow' message.
I wonder why GCC12.2.0 not perform overflow judgment after imull., and what
components of 13.2.0 were modified for this issue.
