This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Undefined behavior in genautomata.c?
- From: Sebastian Pop <sebastian dot pop at cri dot ensmp dot fr>
- To: gcc at gcc dot gnu dot org, Vladimir Makarov <vmakarov at redhat dot com>
- Date: Mon, 19 Sep 2005 11:14:20 +0200
- Subject: Undefined behavior in genautomata.c?
Hi,
I was working on improving the results of scev, when VRP has broken
the bootstrap, eliminating loops that were estimated as running a
single time. These loop bound estimates come from the undefined
behavior of accessing over the bounds of statically allocated data in
genautomata.c:
*** genautomata.c.~1.66.~ 2005-07-29 17:46:30.000000000 +0200
--- genautomata.c 2005-09-19 11:11:22.000000000 +0200
***************
*** 1032,1037 ****
--- 1032,1050 ----
contains all declarations. We allocate additional entry for
special insn "cycle advancing" which is added by the automaton
generator. */
+ /* decls is statically declared as containing a single element, but
+ then, during the execution, other data is appended to the end of
+ this array, and elements over the statically allocated size are
+ accessed! This undefined behavior could affect a lot of
+ programs, now that VRP is doing its work. The problem is that
+ these cases are difficult to detect and diagnose without a
+ warning.
+
+ The fix is to declare this array as dynamically allocated as:
+
+ decl_t *decls;
+
+ then dynamically allocate its elements. */
decl_t decls [1];
};
Sebastian