<div dir="ltr">Before filing the bug I've looked for existing bug reports and found one for exactly this problem: 27271.</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 13, 2016 at 3:35 AM, Richard Smith <span dir="ltr"><<a href="mailto:richard@metafoo.co.uk" target="_blank">richard@metafoo.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span class="">On 12 December 2016 at 14:46, Dmitry Babokin via cfe-dev <span dir="ltr"><<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>I'm using ubsan together with creduce to ensure that reduced test doesn't have UB. And I've noticed that ubsan is not detecting UB in case of large shift amount, particularly when rhs of shift has larger type that lhs. To reproduce, rhs also has to have the value that is non-zero, but after truncation to lhs type the value becomes zero.</div><div><br></div><div>Consider the following example.</div><div><br></div><div><div>#include <stdio.h></div><div><br></div><div>// 1 is in 33rd bit.</div><div>unsigned long long l = 0x100000000ULL;</div><div><br></div><div>int main() {</div><div> // Ubsan doesn't fire</div><div> int res = 123 >> 0x100000000ULL;</div><div> // Ubsan doesn't fire</div><div> res += 123 >> l;</div><div> // Ubsan does fire</div><div> res += 123ULL >> l;</div><div> printf("result = %d\n", res);</div><div> return 0;</div><div>}</div></div><div><br></div><div>Changing the constant to the value, which fit 32 bits makes ubsan firing.</div><div><br></div><div>I understand where the problem comes from - LLVM IR definition requires both operands of the shift to be of the same integer type. And ubsan actually check already truncated value. But it doesn't match C/C++ standard definition of UB in shift operation.</div><div><br></div><div>Is it possible to fix in current infrastructure? Should I file a bug for this problem?</div></div></blockquote><div><br></div></span><div>Yes and yes. I would expect that we just need to reorder the check to before we truncate the RHS.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><div dir="ltr"><div>Note, it's not a theoretical problem, it's very practical one, which pops up during automatic test reduction relatively frequently for me.</div><span class="m_-2151442878543921739HOEnZb"><font color="#888888"><div><br></div><div>Dmitry.</div></font></span></div>
<br></span><span class="">______________________________<wbr>_________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/cfe-dev</a><br>
<br></span></blockquote></div><br></div></div>
</blockquote></div><br></div>