Re: Do not misuse Coverity please

[Paulo Marques <pmarques@grupopie.com>]

Shankar Unni wrote:
> Jean Delvare wrote:
> 
>>     v = p->field;
>>     if (!p) return;
>>
>> can be seen as equivalent to
>>
>>     if (!p) return;
>>     v = p->field;
> 
> 
> Heck, no.
> 
> You're missing the side-effect of a null pointer dereference crash (for 
> p->field) (even though v is unused before the return). The optimizer is 
> not allowed to make exceptions go away as a result of the hoisting.

I just had to try this out :)

Using gcc 3.3.2 this code sample:

> struct test {
>   int code;
> };
> 
> int test_func(struct test *a)
> {
>   int ret;
>   if (!a) return -1;
>   ret = a->code;
>   return ret;
> }

is compiled into:

>    0:   8b 54 24 04             mov    0x4(%esp,1),%edx
>    4:   83 c8 ff                or     $0xffffffff,%eax
>    7:   85 d2                   test   %edx,%edx
>    9:   74 02                   je     d <test_func+0xd>
>    b:   8b 02                   mov    (%edx),%eax
>    d:   c3                      ret

whereas this one:

> int test_func(struct test *a)
> {
>   int ret;
>   ret = a->code;
>   if (!a) return -1;
>   return ret;
> }

is simply compiled into:

>    0:   8b 44 24 04             mov    0x4(%esp,1),%eax
>    4:   8b 00                   mov    (%eax),%eax
>    6:   c3                      ret

It seems that gcc is smart enough to know that after we've dereferenced 
a pointer, if it was NULL, it doesn't matter any more. So it just 
assumes that if execution reaches that "if" statement then the pointer 
can not be NULL at all.

So the 2 versions aren't equivalent, and gcc doesn't treat them as such 
either.

Just a minor nitpick, though: wouldn't it be possible for an application 
to catch the SIGSEGV and let the code proceed, making invalid the 
assumption made by gcc?

-- 
Paulo Marques - www.grupopie.com

All that is necessary for the triumph of evil is that good men do nothing.
Edmund Burke (1729 - 1797)