public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/35427] New: pointer subtraction in very big array
@ 2008-03-03 17:35 akr at m17n dot org
2008-03-03 17:50 ` [Bug c/35427] " pinskia at gcc dot gnu dot org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: akr at m17n dot org @ 2008-03-03 17:35 UTC (permalink / raw)
To: gcc-bugs
I found that an result of pointer subtraction in a big array is negative when
it is expected to be positive.
% cat t.i
typedef int ptrdiff_t;
typedef unsigned int size_t;
extern void *malloc (size_t __size) __attribute__ ((__malloc__));
extern void exit (int __status) __attribute__ ((__noreturn__));
extern int printf (__const char *__restrict __format, ...);
extern void perror (__const char *__s);
int main(int argc, char **argv)
{
long *p, *q;
int nelem;
ptrdiff_t s;
printf("sizeof(long) = %d\n", sizeof(long));
printf("sizeof(size_t) = %d\n", sizeof(size_t));
printf("sizeof(ptrdiff_t) = %d\n", sizeof(ptrdiff_t));
nelem = 513 * 1024 * 1024;
printf("nelem: %d\n", nelem);
q = malloc(sizeof(long) * nelem);
if (!q) { perror("malloc"); exit(1); }
p = q + (nelem-1);
s = p - q;
printf("result: %d\n", s);
return 0;
}
% bin/gcc -Wall t.i
% ./a.out
sizeof(long) = 4
sizeof(size_t) = 4
sizeof(ptrdiff_t) = 4
nelem: 537919488
result: -535822337
% uname -srv
Linux 2.6.23.12 #3 SMP PREEMPT Thu Dec 27 21:28:19 JST 2007
This program allocates a big array, 513 * 1024 * 1024 elements of longs.
After that, the program subtracts the pointer to the first element from the
last element.
Then the subtraction from the pointer to one after the last element by the
pointer to the first element.
It's result should be 513 * 1024 * 1024 - 1.
But -535822337 is printed.
Note that the expected result is representable in int because it is counted as
number of longs, not chars.
--
Summary: pointer subtraction in very big array
Product: gcc
Version: 4.2.3
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: akr at m17n dot org
GCC build triplet: i686-pc-linux-gnu
GCC host triplet: i686-pc-linux-gnu
GCC target triplet: i686-pc-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35427
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c/35427] pointer subtraction in very big array
2008-03-03 17:35 [Bug c/35427] New: pointer subtraction in very big array akr at m17n dot org
@ 2008-03-03 17:50 ` pinskia at gcc dot gnu dot org
2008-03-03 23:46 ` akr at m17n dot org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2008-03-03 17:50 UTC (permalink / raw)
To: gcc-bugs
------- Comment #1 from pinskia at gcc dot gnu dot org 2008-03-03 17:49 -------
nelem*sizeof(long)
Wraps so what do you expect? This is the correct behavior really.
--
pinskia at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |INVALID
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35427
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c/35427] pointer subtraction in very big array
2008-03-03 17:35 [Bug c/35427] New: pointer subtraction in very big array akr at m17n dot org
2008-03-03 17:50 ` [Bug c/35427] " pinskia at gcc dot gnu dot org
@ 2008-03-03 23:46 ` akr at m17n dot org
2008-03-03 23:57 ` pinskia at gcc dot gnu dot org
2008-03-04 0:18 ` akr at m17n dot org
3 siblings, 0 replies; 5+ messages in thread
From: akr at m17n dot org @ 2008-03-03 23:46 UTC (permalink / raw)
To: gcc-bugs
------- Comment #2 from akr at m17n dot org 2008-03-03 23:45 -------
(In reply to comment #1)
> nelem*sizeof(long)
>
> Wraps so what do you expect? This is the correct behavior really.
Oops. It wrapped.
But changing the type of nelem to size_t doesn't change the situation.
nelem * sizeof(long) < 2**32, so it doesn't wraps size_t.
Anyway malloc's argument is size_t.
So we can pass a size bigger than 2**31 bytes and malloc can allocates it.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35427
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c/35427] pointer subtraction in very big array
2008-03-03 17:35 [Bug c/35427] New: pointer subtraction in very big array akr at m17n dot org
2008-03-03 17:50 ` [Bug c/35427] " pinskia at gcc dot gnu dot org
2008-03-03 23:46 ` akr at m17n dot org
@ 2008-03-03 23:57 ` pinskia at gcc dot gnu dot org
2008-03-04 0:18 ` akr at m17n dot org
3 siblings, 0 replies; 5+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2008-03-03 23:57 UTC (permalink / raw)
To: gcc-bugs
------- Comment #3 from pinskia at gcc dot gnu dot org 2008-03-03 23:57 -------
ptrdiff_t is defined as a signed type so is the subtraction of two pointer
types.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35427
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c/35427] pointer subtraction in very big array
2008-03-03 17:35 [Bug c/35427] New: pointer subtraction in very big array akr at m17n dot org
` (2 preceding siblings ...)
2008-03-03 23:57 ` pinskia at gcc dot gnu dot org
@ 2008-03-04 0:18 ` akr at m17n dot org
3 siblings, 0 replies; 5+ messages in thread
From: akr at m17n dot org @ 2008-03-04 0:18 UTC (permalink / raw)
To: gcc-bugs
------- Comment #4 from akr at m17n dot org 2008-03-04 00:17 -------
The result can be representable by ptrdiff_t
because the result is number of longs.
The array is bit larger than 2**31 bytes.
So the result is bit larger than 2**29.
It is representable in signed.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35427
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2008-03-04 0:18 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-03-03 17:35 [Bug c/35427] New: pointer subtraction in very big array akr at m17n dot org
2008-03-03 17:50 ` [Bug c/35427] " pinskia at gcc dot gnu dot org
2008-03-03 23:46 ` akr at m17n dot org
2008-03-03 23:57 ` pinskia at gcc dot gnu dot org
2008-03-04 0:18 ` akr at m17n dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).