Re: Defect in linearization of short circuit &&

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Bernd Petrovitsch <bernd@petrovitsch.priv.at>
To: Christopher Li <sparse@chrisli.org>
Cc: "Jacek Śliwerski" <sliwers@googlemail.com>, linux-sparse@vger.kernel.org
Subject: Re: Defect in linearization of short circuit &&
Date: Tue, 16 Feb 2010 10:28:02 +0100	[thread overview]
Message-ID: <1266312482.3433.33.camel@thorin> (raw)
In-Reply-To: <70318cbf1002151311g103dbc27q3b89ae9804747684@mail.gmail.com>

On Mon, 2010-02-15 at 13:11 -0800, Christopher Li wrote:
> 2010/2/15 Jacek Śliwerski <sliwers@googlemail.com>:
> >
> > Please, check my case.  The condition is:
> 
> I did, I did not see any thing wrong with it.
> 
> >
> > if (st && st->other && st->value > i && i > 0)...
> >
> > Obviously, if st is NULL, then the execution should be transferred
> > immediately to the else branch.  But it does not.  It skips the second test
> > and goes directly to the third one: st->value > i.  If a compiler was built
> > with sparse as a frontend, execution of the generated code would end up with
> > a segmentation fault.  And this code is perfectly valid.
> 
> I totally agree the source code is valid.
> I just haven't see the seg fault part.
> 
> $ ./test-linearize parser_check.c
> parser_check:
> .L0x7f4e12de3130:
> 	<entry-point>
> 	br          %arg1, .L0x7f4e12de32e0, .L0x7f4e12de3250
I assume this means "if %arg1 == NULL goto .L0x7f4e12de32e0 else goto .L0x7f4e12de3250"

> .L0x7f4e12de32e0:
> 	load.32     %r3 <- 4[%arg1]
> 	br          %r3, .L0x7f4e12de3208, .L0x7f4e12de3250
> 
> .L0x7f4e12de3208:
> 	load.32     %r5 <- 0[%arg1]
> 	setgt.32    %r7 <- %r5, %arg2
> 	phisrc.1    %phi1 <- %r7
> 	br          .L0x7f4e12de3298
> 
> .L0x7f4e12de3250:
I assume this is the "i > 0" check.
> 	phisrc.1    %phi2 <- $0
> 	br          .L0x7f4e12de3298
> 
> .L0x7f4e12de3298:
> 	phi.1       %r8 <- %phi1, %phi2
> 	setgt.32    %r10 <- %arg2, $0
> 	and-bool.1  %r11 <- %r8, %r10
> 	br          %r11, .L0x7f4e12de3178, .L0x7f4e12de31c0
> 
> .L0x7f4e12de3178:
> 	call        execute_a, %arg1, %arg2
> 	br          .L0x7f4e12de3328
> 
> .L0x7f4e12de31c0:
> 	call        execute_b, %arg1
> 	br          .L0x7f4e12de3328
> 
> .L0x7f4e12de3328:
> 	ret
> 
> In the fast test, the false branch is L0x7f4e12de3250.
> Which is doing the (i > 0) part and it is safe to do so.
Are saying that he "i >0 " test done while "st == NULL"?
This is actually wrong as it shouldn't be done (independent of the used
variables and especially if the expression has side effects).

> It skip the two load.32 operation. It will not generate the seg fault.
> I still don't see where the is seg fault part. Please let me know if I am
> missing some thing obvious.

Or am I missing something (presumbly) obvious?

	Bernd
-- 
Bernd Petrovitsch                  Email : bernd@petrovitsch.priv.at
                     LUGA : http://www.luga.at

--
To unsubscribe from this list: send the line "unsubscribe linux-sparse" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2010-02-16  9:39 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-02-14 13:39 Defect in linearization of short circuit && Jacek Śliwerski
2010-02-14 21:04 ` Jacek Śliwerski
2010-02-14 23:09   ` Christopher Li
2010-02-15 19:12     ` Jacek Śliwerski
2010-02-15 19:41       ` Christopher Li
2010-02-15 20:18         ` Jacek Śliwerski
2010-02-15 21:11           ` Christopher Li
2010-02-16  9:28             ` Bernd Petrovitsch [this message]
2010-02-16 19:02               ` Christopher Li
2010-02-16 19:10                 ` Christopher Li
2010-02-16 19:19                 ` Jacek Śliwerski
2010-02-16 19:36                   ` Christopher Li
2010-02-16 20:11                     ` enum warning patch (was Re: Defect in linearization of short circuit &&) Kamil Dudka
2010-02-16 20:18                       ` Kamil Dudka
2010-02-16 22:44                         ` Christopher Li
2010-02-17 14:00                           ` Kamil Dudka
2010-02-17 11:47                 ` Defect in linearization of short circuit && Bernd Petrovitsch
2010-02-17 20:22                   ` Christopher Li

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1266312482.3433.33.camel@thorin \
    --to=bernd@petrovitsch.priv.at \
    --cc=linux-sparse@vger.kernel.org \
    --cc=sliwers@googlemail.com \
    --cc=sparse@chrisli.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.