GNOME Bugzilla – Bug 728738
Depending on undefined C behaviour
Last modified: 2017-11-20 14:50:25 UTC
When running the orc tests with -fsanitize=undefined, the following errors are output. Not 100% how much of a problem most of them are, but at least the multiplications look like potential problems as even with overflow we want to get the correct lower bits. orcemulateopcodes.c:1960:23: runtime error: signed integer overflow: 1768407051 + 1414659664 cannot be represented in type 'int' orcemulateopcodes.c:2422:24: runtime error: signed integer overflow: 1077310071 * 2123950917 cannot be represented in type 'int' orcemulateopcodes.c:2655:23: runtime error: signed integer overflow: 1784749336 - -920376017 cannot be represented in type 'int' orcemulateopcodes.c:3054:23: runtime error: signed integer overflow: -8341237286373564365 + -6921298289332063230 cannot be represented in type 'long int' orcemulateopcodes.c:3083:23: runtime error: signed integer overflow: 8561192227864709142 - -6631631716088947336 cannot be represented in type 'long int' orcemulateopcodes.c:3871:37: runtime error: signed integer overflow: 46422 * 56385 cannot be represented in type 'int' orcemulateopcodes.c:3972:23: runtime error: signed integer overflow: -1507101779 + -1313781769 cannot be represented in type 'int' orcemulateopcodes.c:3974:40: runtime error: signed integer overflow: 1202747562 + 1746615961 cannot be represented in type 'int'
I will look into this. Thanks slomo!
Found anything?
commit 45957a71c26285ee097029706100e8555ff6189f Author: Wim Taymans <wtaymans@redhat.com> Date: Wed Sep 17 16:06:35 2014 +0200 opcodes: avoid undefined operations on signed ints Cast to unsigned int when doing addition and subtraction that can overflow. Cast to unsigned int when doing the lower part of a multiplication. Cast to unsigned int when doing left shifts into the sign bit. Regenerate the emulation code. This should avoid multiple warnings reported with clang and -fsanitize=undefined. See https://bugzilla.gnome.org/show_bug.cgi?id=728738 commit 4a7f1c0c1d9418e7d220110c5a0ec732f755c284 Author: Wim Taymans <wtaymans@redhat.com> Date: Wed Sep 17 15:36:47 2014 +0200 compiler: do << and | on unsigned ints only commit 42a1f65a23f5f51ace2b125741890723bede9606 Author: Wim Taymans <wtaymans@redhat.com> Date: Wed Sep 17 15:19:46 2014 +0200 utils: convert to uin32 before doing | In ORC_READ_UINT32_LE, convert each byte to uint32 before or-ing them together. This avoids | with signed ints.
We have this left: orcemulateopcodes.c:5045:27: runtime error: division by zero -> we rely on the fact that this returns clamped values orcemulateopcodes.c:4872: runtime error: value -6.46834e+16 is outside the range of representable values of type 'int' -> we rely on the fact that this returns clamped values as well
Doesn't fix bug #728129 yet btw, no difference there :)
Removing me from being assigned to this bug since Wim is handling it. Thanks Wim!
Wim, any news on this? See also bug #775112
Re-ran all unit tests with clang's fsanitize=undefined, with the backup backend and the regular backend and it's no longer complaining. Marking as obsolete. Please re-open if you can reproduce this