public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/51455] New: Possible uninitialized register use when array subscript is unsigned
@ 2011-12-07 18:10 frederik.deweerdt at gmail dot com
2011-12-07 19:11 ` [Bug c/51455] " pinskia at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: frederik.deweerdt at gmail dot com @ 2011-12-07 18:10 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51455
Bug #: 51455
Summary: Possible uninitialized register use when array
subscript is unsigned
Classification: Unclassified
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: frederik.deweerdt@gmail.com
This happens on 4.4, 4.5 and 4.6, with and without strict aliasing.
The following C code:
======================
#include <string.h>
#define SIZE 128
int main(void)
{
int buf[SIZE];
char offsets[SIZE];
int index = 13;
int ret;
int i;
for (i = 0; i < SIZE; i++) {
buf[i] = i;
offsets[i] = (char)i;
}
asm volatile ("mov $0xfafafafafafafafa, %%rax" : : : "rax");
asm volatile ("nop" : : : "memory");
//ret = buf[offsets[index]];
/* XXX: Unsigned subscript here */
ret = buf[((unsigned char *)offsets)[index]];
asm volatile ("nop" : : : "memory");
return ret;
}
======================
Generates the following asm for the array access:
0x0000000000400476 <+54>: movabs $0xfafafafafafafafa,%rax
0x0000000000400480 <+64>: nop
0x0000000000400481 <+65>: movzbl 0x20d(%rsp),%eax
0x0000000000400489 <+73>: mov (%rsp,%rax,4),%eax
0x000000000040048c <+76>: nop
Note how we init eax first and then use rax as an index.
On the other hand, if I remove the cast to 'unsigned char *' (commented in the
snippet above), I get:
0x0000000000400476 <+54>: movabs $0xfafafafafafafafa,%rax
0x0000000000400480 <+64>: nop
0x0000000000400481 <+65>: movsbq 0x20d(%rsp),%rax
0x000000000040048a <+74>: mov (%rsp,%rax,4),%eax
0x000000000040048d <+77>: nop
Which initalizes the full rax register, as I would expect.
The questions I have are:
- shouldn't the full rax register be set in the 'unsigned char *' version as
well?
- is there any warranty that movzbl will zero eax's upper 4 bytes in the
'unsigned char *' version? I can't get the program to crash on the systems I
tested, and I would have expected they would, as AMD's docs don't mention the
zeroing of the upper 4 bytes.
Thanks,
Frederik
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/51455] Possible uninitialized register use when array subscript is unsigned
2011-12-07 18:10 [Bug c/51455] New: Possible uninitialized register use when array subscript is unsigned frederik.deweerdt at gmail dot com
@ 2011-12-07 19:11 ` pinskia at gcc dot gnu.org
2011-12-07 19:25 ` frederik.deweerdt at gmail dot com
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2011-12-07 19:11 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51455
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> 2011-12-07 19:10:55 UTC ---
((unsigned char *)offsets)[index] still sign extends to int.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/51455] Possible uninitialized register use when array subscript is unsigned
2011-12-07 18:10 [Bug c/51455] New: Possible uninitialized register use when array subscript is unsigned frederik.deweerdt at gmail dot com
2011-12-07 19:11 ` [Bug c/51455] " pinskia at gcc dot gnu.org
@ 2011-12-07 19:25 ` frederik.deweerdt at gmail dot com
2011-12-07 19:28 ` pinskia at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: frederik.deweerdt at gmail dot com @ 2011-12-07 19:25 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51455
--- Comment #2 from frederik.deweerdt at gmail dot com 2011-12-07 19:25:30 UTC ---
(In reply to comment #1)
> ((unsigned char *)offsets)[index] still sign extends to int.
I'm not sure how to parse this. My problem is that '((unsigned char
*)offsets)[index]' uses the 'l' version of mov and eax as destination register.
I would expect the generate asm to use the 'q' version of mov and use rax as
destination register.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/51455] Possible uninitialized register use when array subscript is unsigned
2011-12-07 18:10 [Bug c/51455] New: Possible uninitialized register use when array subscript is unsigned frederik.deweerdt at gmail dot com
2011-12-07 19:11 ` [Bug c/51455] " pinskia at gcc dot gnu.org
2011-12-07 19:25 ` frederik.deweerdt at gmail dot com
@ 2011-12-07 19:28 ` pinskia at gcc dot gnu.org
2011-12-07 19:30 ` jakub at gcc dot gnu.org
2011-12-07 19:31 ` jakub at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2011-12-07 19:28 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51455
--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> 2011-12-07 19:28:29 UTC ---
movzbl 0x20d(%rsp),%eax
is the same as:
movzbq 0x20d(%rsp),%rax
as all l instructions zero extend to q.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/51455] Possible uninitialized register use when array subscript is unsigned
2011-12-07 18:10 [Bug c/51455] New: Possible uninitialized register use when array subscript is unsigned frederik.deweerdt at gmail dot com
` (2 preceding siblings ...)
2011-12-07 19:28 ` pinskia at gcc dot gnu.org
@ 2011-12-07 19:30 ` jakub at gcc dot gnu.org
2011-12-07 19:31 ` jakub at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: jakub at gcc dot gnu.org @ 2011-12-07 19:30 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51455
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> 2011-12-07 19:30:21 UTC ---
Probably time for you to read the docs.
E.g. AMD 24592 pdf, in 3.1.2 says:
"In general, byte and word operands are stored in the low 8 or 16
bits of GPRs without modifying their high 56 or 48 bits,
respectively. Doubleword operands, however, are normally
stored in the low 32 bits of GPRs and zero-extended to 64 bits."
Of course movzbl insn clears all upper 56 bits of the destination register,
like movzbq, but is one byte shorter.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/51455] Possible uninitialized register use when array subscript is unsigned
2011-12-07 18:10 [Bug c/51455] New: Possible uninitialized register use when array subscript is unsigned frederik.deweerdt at gmail dot com
` (3 preceding siblings ...)
2011-12-07 19:30 ` jakub at gcc dot gnu.org
@ 2011-12-07 19:31 ` jakub at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: jakub at gcc dot gnu.org @ 2011-12-07 19:31 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51455
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
CC| |jakub at gcc dot gnu.org
Resolution| |INVALID
--- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> 2011-12-07 19:31:10 UTC ---
Invalid.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-12-07 19:31 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-12-07 18:10 [Bug c/51455] New: Possible uninitialized register use when array subscript is unsigned frederik.deweerdt at gmail dot com
2011-12-07 19:11 ` [Bug c/51455] " pinskia at gcc dot gnu.org
2011-12-07 19:25 ` frederik.deweerdt at gmail dot com
2011-12-07 19:28 ` pinskia at gcc dot gnu.org
2011-12-07 19:30 ` jakub at gcc dot gnu.org
2011-12-07 19:31 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).