From: Kyle Moffett <mrmacman_g4@mac.com>
To: Paulo Marques <pmarques@grupopie.com>
Cc: Shankar Unni <shankarunni@netscape.net>,
akpm@osdl.org, linux-kernel@vger.kernel.org, bunk@stusta.de,
khali@linux-fr.org
Subject: Big GCC bug!!! [Was: Re: Do not misuse Coverity please]
Date: Wed, 30 Mar 2005 18:11:43 -0500 [thread overview]
Message-ID: <aae129062f1e3992c8ec025d5f239be9@mac.com> (raw)
In-Reply-To: <424AFA98.9080402@grupopie.com>
On Mar 30, 2005, at 14:14, Paulo Marques wrote:
> Just a minor nitpick, though: wouldn't it be possible for an
> application to catch the SIGSEGV and let the code proceed,
> making invalid the assumption made by gcc?
Uhh, it's even worse than that. Have a look at the following code:
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> #include <errno.h>
> #include <sys/types.h>
> #include <sys/mman.h>
>
> struct test {
> int code;
> };
> int test_check_first(struct test *a) {
> int ret;
> if (!a) return -1;
> ret = a->code;
> return ret;
> }
> int test_check_last(struct test *a) {
> int ret;
> ret = a->code;
> if (!a) return -1;
> return ret;
> }
>
> int main() {
> int i;
> struct test *nullmem = mmap(NULL, 4096, PROT_READ|PROT_WRITE,
> MAP_ANON|MAP_FIXED|MAP_PRIVATE, -1, 0);
> if (nullmem == MAP_FAILED) {
> fprintf(stderr,"mmap: %s\n",strerror(errno));
> exit(1);
> }
> for (i = 0; i < 2; i++) {
> nullmem[i].code = i;
> printf("nullmem[%d].code = %d\n",i,i);
> printf("test_check_first(&nullmem[%d]) = %d\n",i,
> test_check_first(&nullmem[i]));
> printf("test_check_last(&nullmem[%d]) = %d\n",i,
> test_check_last(&nullmem[i]));
> }
> munmap(nullmem,4096);
> exit(0);
> }
Without optimization:
> king:~# gcc -o mmapnull mmapnull.c
> king:~# ./mmapnull
> nullmem[0].code = 0
> test_check_first(&nullmem[0]) = -1
> test_check_last(&nullmem[0]) = -1
> nullmem[1].code = 1
> test_check_first(&nullmem[1]) = 1
> test_check_last(&nullmem[1]) = 1
With optimization:
> king:~# gcc -O2 -o mmapnull mmapnull.c
> king:~# ./mmapnull
> nullmem[0].code = 0
> test_check_first(&nullmem[0]) = -1
> test_check_last(&nullmem[0]) = 0
BUG ==> ^^^
> nullmem[1].code = 1
> test_check_first(&nullmem[1]) = 1
> test_check_last(&nullmem[1]) = 1
This is on multiple platforms, including PPC Linux, X86 Linux, and
PPC Mac OS X. All exhibit the exact same behavior and output. I
think I'll probably go report a GCC bug now :-D
Dereferencing null pointers is relied upon by a number of various
emulators and such, and is "platform-defined" in the standard, so
since Linux allows mmap at NULL, GCC shouldn't optimize that case
any differently.
Cheers,
Kyle Moffett
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM/CS/IT/U d- s++: a18 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r
!y?(-)
------END GEEK CODE BLOCK------
next prev parent reply other threads:[~2005-03-30 23:13 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-27 20:50 [2.6 patch] sound/oss/cs46xx.c: fix a check after use Adrian Bunk
2005-03-27 21:21 ` Do not misuse Coverity please (Was: sound/oss/cs46xx.c: fix a check after use) Jean Delvare
2005-03-27 21:43 ` Adrian Bunk
2005-03-27 22:34 ` Jean Delvare
2005-03-27 22:45 ` Russell King
2005-03-28 12:54 ` Matthias-Christian Ott
2005-03-28 23:57 ` L. A. Walsh
2005-03-29 6:05 ` Daniel Barkalow
2005-03-29 6:23 ` Andrew Morton
2005-03-29 10:46 ` Jean Delvare
2005-03-29 14:12 ` Chris Friesen
2005-03-30 1:25 ` Horst von Brand
2005-03-30 7:53 ` Do not misuse Coverity please Jean Delvare
2005-03-30 17:09 ` Horst von Brand
2005-04-11 20:23 ` Pavel Machek
2005-03-30 18:29 ` Shankar Unni
2005-03-30 18:55 ` Olivier Galibert
2005-03-31 2:01 ` Patrick McFarland
2005-03-30 19:14 ` Paulo Marques
2005-03-30 23:11 ` Kyle Moffett [this message]
2005-03-30 23:38 ` Not a GCC bug (was Re: Big GCC bug!!! [Was: Re: Do not misuse Coverity please]) Jakub Jelinek
2005-03-31 0:58 ` Kyle Moffett
2005-03-31 1:12 ` Nick Piggin
2005-03-31 1:27 ` Kyle Moffett
2005-03-29 14:22 ` Do not misuse Coverity please (Was: sound/oss/cs46xx.c: fix a check after use) Daniel Jacobowitz
2005-03-29 22:37 ` Kyle Moffett
[not found] <3NC4e-1X1-21@gated-at.bofh.it>
[not found] ` <3NGrd-5rX-21@gated-at.bofh.it>
[not found] ` <3NQgW-5h6-41@gated-at.bofh.it>
[not found] ` <3NR3q-5YI-59@gated-at.bofh.it>
[not found] ` <3NUDL-DU-13@gated-at.bofh.it>
2005-03-30 23:57 ` Big GCC bug!!! [Was: Re: Do not misuse Coverity please] Robert Hancock
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aae129062f1e3992c8ec025d5f239be9@mac.com \
--to=mrmacman_g4@mac.com \
--cc=akpm@osdl.org \
--cc=bunk@stusta.de \
--cc=khali@linux-fr.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pmarques@grupopie.com \
--cc=shankarunni@netscape.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.