Re: Defect in linearization of short circuit &&

linux-sparse.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Bernd Petrovitsch <bernd@petrovitsch.priv.at>
To: Christopher Li <sparse@chrisli.org>
Cc: "Jacek Śliwerski" <sliwers@googlemail.com>, linux-sparse@vger.kernel.org
Subject: Re: Defect in linearization of short circuit &&
Date: Tue, 16 Feb 2010 10:28:02 +0100	[thread overview]
Message-ID: <1266312482.3433.33.camel@thorin> (raw)
In-Reply-To: <70318cbf1002151311g103dbc27q3b89ae9804747684@mail.gmail.com>

On Mon, 2010-02-15 at 13:11 -0800, Christopher Li wrote:
> 2010/2/15 Jacek Śliwerski <sliwers@googlemail.com>:
> >
> > Please, check my case.  The condition is:
> 
> I did, I did not see any thing wrong with it.
> 
> >
> > if (st && st->other && st->value > i && i > 0)...
> >
> > Obviously, if st is NULL, then the execution should be transferred
> > immediately to the else branch.  But it does not.  It skips the second test
> > and goes directly to the third one: st->value > i.  If a compiler was built
> > with sparse as a frontend, execution of the generated code would end up with
> > a segmentation fault.  And this code is perfectly valid.
> 
> I totally agree the source code is valid.
> I just haven't see the seg fault part.
> 
> $ ./test-linearize parser_check.c
> parser_check:
> .L0x7f4e12de3130:
> 	<entry-point>
> 	br          %arg1, .L0x7f4e12de32e0, .L0x7f4e12de3250
I assume this means "if %arg1 == NULL goto .L0x7f4e12de32e0 else goto .L0x7f4e12de3250"

> .L0x7f4e12de32e0:
> 	load.32     %r3 <- 4[%arg1]
> 	br          %r3, .L0x7f4e12de3208, .L0x7f4e12de3250
> 
> .L0x7f4e12de3208:
> 	load.32     %r5 <- 0[%arg1]
> 	setgt.32    %r7 <- %r5, %arg2
> 	phisrc.1    %phi1 <- %r7
> 	br          .L0x7f4e12de3298
> 
> .L0x7f4e12de3250:
I assume this is the "i > 0" check.
> 	phisrc.1    %phi2 <- $0
> 	br          .L0x7f4e12de3298
> 
> .L0x7f4e12de3298:
> 	phi.1       %r8 <- %phi1, %phi2
> 	setgt.32    %r10 <- %arg2, $0
> 	and-bool.1  %r11 <- %r8, %r10
> 	br          %r11, .L0x7f4e12de3178, .L0x7f4e12de31c0
> 
> .L0x7f4e12de3178:
> 	call        execute_a, %arg1, %arg2
> 	br          .L0x7f4e12de3328
> 
> .L0x7f4e12de31c0:
> 	call        execute_b, %arg1
> 	br          .L0x7f4e12de3328
> 
> .L0x7f4e12de3328:
> 	ret
> 
> In the fast test, the false branch is L0x7f4e12de3250.
> Which is doing the (i > 0) part and it is safe to do so.
Are saying that he "i >0 " test done while "st == NULL"?
This is actually wrong as it shouldn't be done (independent of the used
variables and especially if the expression has side effects).

> It skip the two load.32 operation. It will not generate the seg fault.
> I still don't see where the is seg fault part. Please let me know if I am
> missing some thing obvious.

Or am I missing something (presumbly) obvious?

	Bernd
-- 
Bernd Petrovitsch                  Email : bernd@petrovitsch.priv.at
                     LUGA : http://www.luga.at

--
To unsubscribe from this list: send the line "unsubscribe linux-sparse" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2010-02-16  9:39 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-02-14 13:39 Defect in linearization of short circuit && Jacek Śliwerski
2010-02-14 21:04 ` Jacek Śliwerski
2010-02-14 23:09   ` Christopher Li
2010-02-15 19:12     ` Jacek Śliwerski
2010-02-15 19:41       ` Christopher Li
2010-02-15 20:18         ` Jacek Śliwerski
2010-02-15 21:11           ` Christopher Li
2010-02-16  9:28             ` Bernd Petrovitsch [this message]
2010-02-16 19:02               ` Christopher Li
2010-02-16 19:10                 ` Christopher Li
2010-02-16 19:19                 ` Jacek Śliwerski
2010-02-16 19:36                   ` Christopher Li
2010-02-16 20:11                     ` enum warning patch (was Re: Defect in linearization of short circuit &&) Kamil Dudka
2010-02-16 20:18                       ` Kamil Dudka
2010-02-16 22:44                         ` Christopher Li
2010-02-17 14:00                           ` Kamil Dudka
2010-02-17 11:47                 ` Defect in linearization of short circuit && Bernd Petrovitsch
2010-02-17 20:22                   ` Christopher Li

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1266312482.3433.33.camel@thorin \
    --to=bernd@petrovitsch.priv.at \
    --cc=linux-sparse@vger.kernel.org \
    --cc=sliwers@googlemail.com \
    --cc=sparse@chrisli.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).