+2017-09-04 Marek Polacek <polacek@redhat.com>
+
+ PR sanitizer/82072
+ * convert.c (do_narrow): When sanitizing signed integer overflows,
+ bail out for signed types.
+ (convert_to_integer_1) <case NEGATE_EXPR>: Likewise.
+
2017-09-04 Richard Biener <rguenther@suse.de>
PR tree-optimization/82060
typex = lang_hooks.types.type_for_size (TYPE_PRECISION (typex),
TYPE_UNSIGNED (typex));
+ /* The type demotion below might cause doing unsigned arithmetic
+ instead of signed, and thus hide overflow bugs. */
+ if ((ex_form == PLUS_EXPR || ex_form == MINUS_EXPR)
+ && !TYPE_UNSIGNED (typex)
+ && sanitize_flags_p (SANITIZE_SI_OVERFLOW))
+ return NULL_TREE;
+
/* But now perhaps TYPEX is as wide as INPREC.
In that case, do nothing special here.
(Otherwise would recurse infinitely in convert. */
TYPE_UNSIGNED (typex));
if (!TYPE_UNSIGNED (typex))
- typex = unsigned_type_for (typex);
+ {
+ /* Using unsigned arithmetic may hide overflow bugs. */
+ if (sanitize_flags_p (SANITIZE_SI_OVERFLOW))
+ break;
+ typex = unsigned_type_for (typex);
+ }
return convert (type,
fold_build1 (ex_form, typex,
convert (typex,
+2017-09-04 Marek Polacek <polacek@redhat.com>
+
+ PR sanitizer/82072
+ * c-c++-common/ubsan/pr82072.c: New test.
+
2017-09-04 Richard Biener <rguenther@suse.de>
PR tree-optimization/82060
--- /dev/null
+/* PR sanitizer/82072 */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=signed-integer-overflow" } */
+
+int
+main ()
+{
+ long long l = -__LONG_LONG_MAX__ - 1;
+ int i = 0;
+ asm volatile ("" : "+r" (i));
+ i -= l;
+ asm volatile ("" : "+r" (i));
+ i = -l;
+ asm volatile ("" : "+r" (i));
+ return 0;
+}
+
+/* { dg-output "signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long long int'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*negation of -9223372036854775808 cannot be represented in type 'long long int'\[^\n\r]*; cast to an unsigned type to negate this value to itself" } */
projects / gcc.git / commitdiff