[Bug tree-optimization/121320] New: UBSAN error in tree-ssa-sccvn (signed integer overflow: 2305843009213693952 * 8 cannot be represented in type 'long int')

[sjames at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121320

            Bug ID: 121320
           Summary: UBSAN error in tree-ssa-sccvn (signed integer
                    overflow: 2305843009213693952 * 8 cannot be
                    represented in type 'long int')
           Product: gcc
           Version: 16.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: sjames at gcc dot gnu.org
            Blocks: 63426
  Target Milestone: ---

```
$ export
UBSAN_OPTIONS="halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1"
$ g++ -c ./tests/CMakeFiles/DOMTest.dir/src/DOM/DOMTest/DTest.cpp.ii -O3
/var/tmp/portage/sys-devel/gcc-16.0.9999/work/gcc-16.0.9999/gcc/poly-int.h:1026:5:
runtime error: signed integer overflow: 2305843009213693952 * 8 cannot be
represented in type 'long int'
    #0 0x5637dd28f257 in poly_int<1u, poly_result<long, if_nonpoly<int, int,
poly_int_traits<int>::is_poly>::type, poly_coeff_pair_traits<long,
if_nonpoly<int, int, poly_int_traits<int>::is_poly>::type>::result_kind>::type>
operator*<1u, long, int>(poly_int<1u, long> const&, int const&)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/poly-int.h:1026
    #1 0x5637dd28f257 in ao_ref_init_from_vn_reference(ao_ref*, int, int,
tree_node*, vec<vn_reference_op_struct, va_heap, vl_ptr> const&)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-sccvn.cc:1273
    #2 0x5637dd2962db in vn_reference_lookup_pieces(tree_node*, int, int,
tree_node*, vec<vn_reference_op_struct, va_heap, vl_ptr>, vn_reference_s**,
vn_lookup_kind)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-sccvn.cc:3982
    #3 0x5637dd1994fd in phi_translate_1
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-pre.cc:1582
    #4 0x5637dd19c368 in phi_translate
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-pre.cc:1706
    #5 0x5637dd19d442 in phi_translate_set
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-pre.cc:1751
    #6 0x5637dd1adb86 in compute_partial_antic_aux
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-pre.cc:2314
    #7 0x5637dd1adb86 in compute_antic
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-pre.cc:2489
    #8 0x5637dd1adb86 in execute
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-pre.cc:4497
    #9 0x5637dc224f30 in execute_one_pass(opt_pass*)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/passes.cc:2648
    #10 0x5637dc227db0 in execute_pass_list_1
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/passes.cc:2757
    #11 0x5637dc227df7 in execute_pass_list_1
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/passes.cc:2758
    #12 0x5637dc227ebc in execute_pass_list(function*, opt_pass*)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/passes.cc:2768
    #13 0x5637dae43a8e in cgraph_node::expand()
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cgraphunit.cc:1859
    #14 0x5637dae43a8e in cgraph_node::expand()
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cgraphunit.cc:1812
    #15 0x5637dae557ed in expand_all_functions
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cgraphunit.cc:2042
    #16 0x5637dae557ed in symbol_table::compile()
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cgraphunit.cc:2419
    #17 0x5637dae565b0 in symbol_table::compile()
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cgraphunit.cc:2329
    #18 0x5637dae565b0 in symbol_table::finalize_compilation_unit()
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cgraphunit.cc:2608
    #19 0x5637dc888690 in compile_file
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/toplev.cc:480
    #20 0x5637d9c4b814 in do_compile
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/toplev.cc:2220
    #21 0x5637d9c4b814 in toplev::main(int, char**)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/toplev.cc:2383
    #22 0x5637d9c4f024 in main
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/main.cc:39
    #23 0x7fbf9b6277ca  (/usr/lib64/libc.so.6+0x277ca)
    #24 0x7fbf9b627879 in __libc_start_main (/usr/lib64/libc.so.6+0x27879)
    #25 0x5637d9c4f524 in _start
(/usr/libexec/gcc/x86_64-pc-linux-gnu/16/cc1plus+0x7b67524)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/var/tmp/portage/sys-devel/gcc-16.0.9999/work/gcc-16.0.9999/gcc/poly-int.h:1026:5
 
during GIMPLE pass: pre
/var/tmp/portage/dev-libs/xerces-c-3.3.0/work/xerces-c-3.3.0/tests/src/DOM/DOMTest/DTest.cpp:
In member function ‘bool DOMTest::testUtilFunctions()’:
/var/tmp/portage/dev-libs/xerces-c-3.3.0/work/xerces-c-3.3.0/tests/src/DOM/DOMTest/DTest.cpp:5712:6:
internal compiler error: Aborted
 5712 | bool DOMTest::testUtilFunctions()
      |      ^~~~~~~
0x5637e21cf9ef internal_error(char const*, ...)
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/diagnostic-global-context.cc:534
0x5637dc8862d7 crash_signal
        /usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/toplev.cc:323
0x5637d9c47c2e __sanitizer::Abort()
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:163
0x5637e2697e6b __sanitizer::Die()
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/libsanitizer/sanitizer_common/sanitizer_termination.cpp:58
0x5637e2698ab6 __ubsan::ScopedReport::~ScopedReport()
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/libsanitizer/ubsan/ubsan_diag.cpp:402
0x5637e268da0e handleIntegerOverflowImpl<__ubsan::Value>
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/libsanitizer/ubsan/ubsan_handlers.cpp:231
0x5637e269197c __ubsan_handle_mul_overflow
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/libsanitizer/ubsan/ubsan_handlers.cpp:246
0x5637dd28f257 poly_int<1u, poly_result<long, if_nonpoly<int, int,
poly_int_traits<int>::is_poly>::type, poly_coeff_pair_traits<long,
if_nonpoly<int, int, poly_int_traits<int>::is_poly>::type>::result_kind>::type>
operator*<1u, long, int>(poly_int<1u, long> const&, int const&)
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/poly-int.h:1026
0x5637dd28f257 ao_ref_init_from_vn_reference(ao_ref*, int, int, tree_node*,
vec<vn_reference_op_struct, va_heap, vl_ptr> const&)
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-sccvn.cc:1273
0x5637dd2962db vn_reference_lookup_pieces(tree_node*, int, int, tree_node*,
vec<vn_reference_op_struct, va_heap, vl_ptr>, vn_reference_s**, vn_lookup_kind)
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-sccvn.cc:3982
0x5637dd1994fd phi_translate_1
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-pre.cc:1582
0x5637dd19c368 phi_translate
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-pre.cc:1706
0x5637dd19d442 phi_translate_set
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-pre.cc:1751
0x5637dd1adb86 compute_partial_antic_aux
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-pre.cc:2314
0x5637dd1adb86 compute_antic
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-pre.cc:2489
0x5637dd1adb86 execute
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/tree-ssa-pre.cc:4497
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://bugs.gentoo.org/> for instructions.
```

```
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/16/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-pc-linux-gnu
Configured with:
/var/tmp/portage/sys-devel/gcc-16.0.9999/work/gcc-16.0.9999/configure
--host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --prefix=/usr
--bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/16
--includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/16/include
--datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/16
--mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/16/man
--infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/16/info
--with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/16/include/g++-v16
--disable-silent-rules --disable-dependency-tracking
--with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/16/python
--enable-libphobos --enable-objc-gc
--enable-languages=c,c++,d,objc,obj-c++,fortran,ada,rust --enable-obsolete
--enable-secureplt --disable-werror --with-system-zlib --enable-nls
--without-included-gettext --disable-libunwind-exceptions
--enable-checking=release --with-bugurl=https://bugs.gentoo.org/
--with-pkgversion='Gentoo 16.0.9999 p, commit
8cda62318174b911a7cba57fcf70efd38f265f0e' --with-gcc-major-version-only
--enable-libstdcxx-time --enable-lto --disable-libstdcxx-pch --enable-shared
--enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu
--enable-multilib --with-multilib-list=m32,m64 --disable-fixed-point
--enable-targets=all --enable-offload-defaulted
--enable-offload-targets=nvptx-none --enable-libgomp --disable-libssp
--enable-libada --enable-cet --disable-systemtap --enable-valgrind-annotations
--disable-vtable-verify --disable-libvtv --with-zstd --without-isl
--enable-default-pie --enable-host-pie --enable-host-bind-now
--enable-default-ssp --disable-fixincludes
--with-gxx-libcxx-include-dir=/usr/include/c++/v1
--with-build-config='bootstrap-ubsan bootstrap-cet'
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 16.0.0 20250730 (experimental)
7aa9565a62ea2ce04e2ddf61e1932bc123374988 (Gentoo 16.0.9999 p, commit
8cda62318174b911a7cba57fcf70efd38f265f0e)
```


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63426
[Bug 63426] [meta-bug] Issues found with -fsanitize=undefined