https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108885
Bug ID: 108885
Summary: Missing sanitization checks for optimized integer
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: cbossut21 at gatech dot edu
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
I noticed the following behavior for the following code in test.c:
=====
#include "stdio.h"
int a = 6;
int main() {
int c = a * 936722028;
printf("%d\n", a);
}
=====
$ gcc-trunk -fsanitize=signed-integer-overflow -O3 -msse4.2 test.c -o test
$ ./test
6
$ gcc-trunk -v
gcc version 13.0.1 20230218 (experimental) [master r13-6132-g32b5875c911] (GCC)
There are no sanitization checks inserted in this case, despite overflow
occurring on the first line of main. It seems like the check is optimized out.
However, the same code produces a signed integer overflow error at runtime when
compiled with clang using the same flags.
Is this expected behavior for GCC? Thanks!
