[Bug c/56589] New: [4.8 regression] Array bounds violation is very end-user unfriendly
ppluzhnikov at google dot com
gcc-bugzilla@gcc.gnu.org
Sun Mar 10 16:08:00 GMT 2013
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56589
Bug #: 56589
Summary: [4.8 regression] Array bounds violation is very
end-user unfriendly
Classification: Unclassified
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: ppluzhnikov@google.com
Consider this program with undefined behavior:
#include <stdio.h>
typedef int Array[3][2];
void bar (Array a)
{
int i, j;
for (i = 0; i < 3; ++i)
for (j = 0; j < 2; ++j)
printf (" %d", a[i][j]);
puts("");
}
void foo ()
{
Array a;
int j;
for (j = 0; j < 6; ++j) {
a[0][j] = 1; // User hand-optimized two loops into one :-(
}
bar (a);
}
int main ()
{
foo ();
return 0;
}
With gcc-4.7, this produces:
gcc overflow.c && ./a.out
1 1 1 1 1 1
gcc overflow.c -O2 && ./a.out
1 1 1 1 1 1
With gcc-4.8 (r196557):
gcc overflow.c && ./a.out
1 1 1 1 1 1
gcc overflow.c -O2 && ./a.out
1 1 4195396 0 -263006800 32767
No warnings are emitted with -Wall and -Wextra.
The disassembly for foo() shows that only the first two elements of the array
are initialized:
subq $40, %rsp
movq %rsp, %rdi
movl $1, (%rsp)
movl $1, 4(%rsp)
call bar
addq $40, %rsp
ret
I've now seen 3 instances of similar buggy code in our code base, and the loop
there was transformed into an infinite loop instead.
This way of signaling the problem to end-user is *exceedingly* unfriendly.
More information about the Gcc-bugs
mailing list