https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100213
Bug ID: 100213
Summary: Signed integer overflow in poly-int.h via
alias.c:memrefs_conflict_p
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: rtl-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: acoplan at gcc dot gnu.org
Target Milestone: ---
Bootstrapping on aarch64 --with-build-config=bootstrap-ubsan shows the
following issue (reduced from Wstringop-overflow-50.c):
$ cat alias_bug.c
void f() {
__builtin_memset((void*)0x7fffffffffffffff, 0, 3);
}
$ gcc/xgcc -B gcc alias_bug.c -c -O
alias_bug.c: In function ‘f’:
alias_bug.c:2:3: warning: ‘__builtin_memset’ writing 3 bytes into a region of
size 0 overflows the destination [-Wstringop-overflow=]
2 | __builtin_memset((void*)0x7fffffffffffffff, 0, 3);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/alecop01/toolchain/src/gcc/gcc/poly-int.h:944:5: runtime error: signed
integer overflow: -9223372036854775807 - 9223372036854775807 cannot be
represented in type 'long int'
#0 0x9f1cb4 in poly_int<2u, poly_result<long, long,
poly_coeff_pair_traits<long, long>::result_kind>::type> operator-<2u, long,
long>(poly_int_pod<2u, long> const&, poly_int_pod<2u, long> const&)
/home/alecop01/toolchain/src/gcc/gcc/poly-int.h:944
#1 0x9f1cb4 in memrefs_conflict_p
/home/alecop01/toolchain/src/gcc/gcc/alias.c:2698
#2 0x9f6c98 in write_dependence_p
/home/alecop01/toolchain/src/gcc/gcc/alias.c:3166
#3 0x4945680 in check_dependence
/home/alecop01/toolchain/src/gcc/gcc/cse.c:1815
#4 0x4945680 in invalidate /home/alecop01/toolchain/src/gcc/gcc/cse.c:1952
#5 0x495d414 in cse_insn /home/alecop01/toolchain/src/gcc/gcc/cse.c:5860
#6 0x496e198 in cse_extended_basic_block
/home/alecop01/toolchain/src/gcc/gcc/cse.c:6590
#7 0x496e198 in cse_main /home/alecop01/toolchain/src/gcc/gcc/cse.c:6769
#8 0x4972808 in rest_of_handle_cse
/home/alecop01/toolchain/src/gcc/gcc/cse.c:7599
#9 0x4972808 in execute /home/alecop01/toolchain/src/gcc/gcc/cse.c:7642
#10 0x1b5ec1c in execute_one_pass(opt_pass*)
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2567
#11 0x1b623b8 in execute_pass_list_1
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2656
#12 0x1b623f0 in execute_pass_list_1
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2657
#13 0x1b624d4 in execute_pass_list(function*, opt_pass*)
/home/alecop01/toolchain/src/gcc/gcc/passes.c:2667
#14 0xc7b2a4 in cgraph_node::expand()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:1830
#15 0xc7ff24 in expand_all_functions
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:1994
#16 0xc7ff24 in symbol_table::compile()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2358
#17 0xc8b81c in symbol_table::compile()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2271
#18 0xc8b81c in symbol_table::finalize_compilation_unit()
/home/alecop01/toolchain/src/gcc/gcc/cgraphunit.c:2539
#19 0x1f97478 in compile_file
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:482
#20 0x68d9b0 in do_compile
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:2201
#21 0x68d9b0 in toplev::main(int, char**)
/home/alecop01/toolchain/src/gcc/gcc/toplev.c:2340
#22 0x6910d0 in main /home/alecop01/toolchain/src/gcc/gcc/main.c:39
#23 0xffffab78f6dc in __libc_start_main
(/lib/aarch64-linux-gnu/libc.so.6+0x206dc)
#24 0x691b2c (/data/alecop01/builds/bstrap-ubsan/gcc/cc1+0x691b2c)
