gcc ubsan reports pointer overflow in bitsetasshortlong perhaps a false positive
#73,964 opened on Aug 15, 2022
Repository metrics
- Stars
- (17,886 stars)
- PR merge metrics
- (Avg merge 12d 11h) (661 merged PRs in 30d)
Description
Description
ubuntu linux x64 all gcc's report a runtime error with https://github.com/dotnet/runtime/blob/a85b7826d6b7d120c827b5350a962b13b095a8b8/src/coreclr/jit/bitsetasshortlong.h#L492
When ubsan complains The bs is a reference to a pointer; the pointer has value 0xff*fYULL. Adding 1 to the pointer adds sizeof (uint64)_t) to the bit value which wraps around in 64 bit integer, resulting in a new pointer with value 0x7ULL assigned to m_bsEnd.
It seems that this is OK because a while later in the code ++m_bs; is used, which will wrap in presumably the same way, and so compare == with m_bsEnd.
The code understandably works hard to save storage. Perhaps the code could be cleaned up using unions, and that would also silence ubsan.
Reproduction Steps
Compile gcc -fsanitize=undefined and run
Expected behavior
no runtime errors
Actual behavior
runtime errors from ubsan about pointer arithmetic overflowing and wrapping aound.
Regression?
No response
Known Workarounds
One can dynamically or statically suppress the ubsan error in a variety of ways
Configuration
No response
Other information
/cc @BruceForstall
category:implementation theme:bitset skill-level:beginner cost:small impact:small