https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81785

Mikael Pettersson <mikpelinux at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mikpelinux at gmail dot com

--- Comment #2 from Mikael Pettersson <mikpelinux at gmail dot com> ---
Created attachment 41983
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41983&action=edit
simple test case

Simpler test case that will __builtin_abort () when the bug hits rather than
segfault.  Problem seems to be that

int * __attribute__((__noinline__, __noclone__))
foo(int x[])
{
    int k = INT_MIN;
    return &x[k - INT_MAX];
}

becomes the bogus code

foo:
        movabsq $-17179869180, %rax
        addq    %rdi, %rax
        ret

which returns a pointer to a large negative offset off x[], even though -fwrapv
has been passed to gcc.

The equivalent

int * __attribute__((__noinline__, __noclone__))
bar(int x[])
{
    return &x[INT_MIN - INT_MAX];
}

becomes the expected code

bar:
        leaq    4(%rdi), %rax
        ret

although gcc also emits an IMO unwarranted (since -fwrapv is present) warning

pr81785.c: In function 'bar':
pr81785.c:20:23: warning: integer overflow in expression of type 'int' results
in '1' [-Woverflow]
     return &x[INT_MIN - INT_MAX];

Affects every single gcc since 3.x on x86_64 as far as I can tell.

Reply via email to