|
| From: | Ivan Vučica |
| Subject: | Re: ProjectCenter Editor parenthesis highlighting segfault |
| Date: | Thu, 28 Aug 2014 13:39:50 +0100 |
On Aug 28, 2014 11:54 AM, "Riccardo Mottola" <riccardo.mottola@libero.it> wrote:
>
> Though, again, at a first glance the "-1" condition should always have caught, I fear we have here one bug showing another...
>
But only at first glance.
If both opening and closing paren are highlit, for both i=0 and i=1 the locations are not minus-one, and the _expression_ will result in true with that test. First two passes of the loop check and the loop body will execute as usual. Then before the third pass, the check will be performed with a faulty memory access.
For i=2, compiler will (let's ignore optimizer's open-ended behavior due to the violation of C standards) first test hc[2] != -1, resulting in an out of bounds access and a possible crash even before i<2 is tested.
Now let's introduce the optimizer and guess what it's doing. Optimizer does who-knows-what. Perhaps it is loop unrolling and assumes that hc[2] equals... Well, nothing, given it is an invalid memory access. Hence it neither equals nor differs from -1, hence the check is always false, hence it makes no sense to perform the now-dead comparison i<2 either? And since loop is being unrolled, perhaps the code to exit the loop is never added to these iterations of the loop?
Perhaps David and Nicola can share more details about Clang's and GCC's interpretation of the situation.
Regarding mention of the GCC's warning, I guess if we don't see it, that's the actual compiler bug. And in any case, from my experience, Clang's static analysis should scream at this.
sent from phone
| [Prev in Thread] | Current Thread | [Next in Thread] |