[Bug libmudflap/41559] New: fgetc_unlocked fails with -fmudflap -O1

Martin dot vGagern at gmx dot net gcc-bugzilla@gcc.gnu.org
Sat Oct 3 21:35:00 GMT 2009 

The following simple cat clone fails with mudflap:

$ cat mudflap_unlocked.c
#include <stdio.h>

int main(int argc, char** argv) {
  int chr;
  while ((chr = fgetc_unlocked(stdin)) != EOF)
    fputc_unlocked(chr, stdout);
  return 0;
}
$ i686-pc-linux-gnu-gcc-4.4.1 -Wall -O1 -fmudflap \
                              -o mudflap_unlocked mudflap_unlocked.c -lmudflap
$ ./mudflap_unlocked <<< foo
*******
mudflap violation 1 (check/read): time=... ptr=0xb80b0001 size=1
pc=0xb7f826bc location=`/usr/include/bits/stdio.h:56:10 (main)'
      /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libmudflap.so.0(__mf_check+0x3e)
      ./mudflap_unlocked(main+0x2d5)
      /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libmudflap.so.0(__wrap_main+0x55)
number of nearby objects: 0
*******
mudflap violation 2 (check/read): time=... ptr=0xb80b0002 size=1
pc=0xb7f826bc location=`/usr/include/bits/stdio.h:56:10 (main)'
      /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libmudflap.so.0(__mf_check+0x3e)
      ./mudflap_unlocked(main+0x2d5)
      /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libmudflap.so.0(__wrap_main+0x55)
number of nearby objects: 0
*******
mudflap violation 3 (check/read): time=... ptr=0xb80b0003 size=1
pc=0xb7f826bc location=`/usr/include/bits/stdio.h:56:10 (main)'
      /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libmudflap.so.0(__mf_check+0x3e)
      ./mudflap_unlocked(main+0x2d5)
      /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libmudflap.so.0(__wrap_main+0x55)
number of nearby objects: 0
foo
$

I assume that -O1 and above inlines the fgetc_unlocked call, which then becomes
some kind of access to some static buffer which mudflap fails to recognize as
being readable. Unfortunately I could not reproduce this issue without at least
-O1, and selectively disabling some optimizations didn't render the backtraces
any more intellegible.

Debugging through __mfu_check, it seems that the pointer can be associated with
no memory block at all, neither valid nor invalid. Therefore the final
judgement becomes -1 in the following part:

            /* If the judgment is still unknown at this stage, loop
               around at most one more time.  */
            if (judgement == 0)
              {
                if (heuristics++ < 2) /* XXX parametrize this number? */
                  judgement = __mf_heuristic_check (ptr_low, ptr_high);
                else
                  judgement = -1;
              }


-- 
           Summary: fgetc_unlocked fails with -fmudflap -O1
           Product: gcc
           Version: 4.4.1
            Status: UNCONFIRMED
          Severity: minor
          Priority: P3
         Component: libmudflap
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: Martin dot vGagern at gmx dot net
 GCC build triplet: i686-pc-linux-gnu
  GCC host triplet: i686-pc-linux-gnu
GCC target triplet: i686-pc-linux-gnu


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41559

More information about the Gcc-bugs mailing list