https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114663
Bug ID: 114663
Summary: Several contracts test cases fail with
-fsanitize=undefined -fsanitize-trap
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Keywords: testsuite-fail, wrong-code
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: iains at gcc dot gnu.org
CC: jason at gcc dot gnu.org
Target Milestone: ---
I found this while working on -funreachable-traps (but the failure equally
occurs with -fsanitize=undefined -fsanitize-trap)
FAIL: g++.dg/contracts/contracts10.C execution test
FAIL: g++.dg/contracts/contracts18.C execution test
FAIL: g++.dg/contracts/contracts19.C execution test
FAIL: g++.dg/contracts/contracts2.C execution test
Initial analysis is that somehow the lowering of the contracts code is
exploiting UB [which has a large measure of irony if true] to make these cases
pass, for example contracts2.C optimised tree dump contains:
;; Function main (main, funcdef_no=0, decl_uid=2531, cgraph_uid=1,
symbol_order=0)
int main ()
{
int x;
int D.2551;
const struct D.2542;
int _2;
<bb 2> :
x_1 = 1;
if (x_1 < 0)
goto <bb 4>; [INV]
else
goto <bb 3>; [INV]
<bb 3> :
__builtin_unreachable ();
<bb 4> :
if (x_1 <= 0)
goto <bb 5>; [INV]
else
goto <bb 6>; [INV]
<bb 5> :
=====
When (default) the __builtin_unreachable () is replaced with nothing (i.e. it
falls though) the test case passes.
When we replace the __builtin_unreachable () with a trap (either using the
ubsan or -funreachable-traps style) the test case fails with the trap.
This seems to be unlikely to be what was intended (or if it was intended it's
terribly fragile); I'm labelling it wrong code for now.
Similar code patterns exist in the other cases mentioned.
