public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/54907] New: post increasing a value pointed by p in subexpression of an expression modifying p saves the increased value in the wrong place
@ 2012-10-12 10:11 yangzhe1990 at gmail dot com
2012-10-12 10:24 ` [Bug c/54907] " graham.stott at btinternet dot com
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: yangzhe1990 at gmail dot com @ 2012-10-12 10:11 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54907
Bug #: 54907
Summary: post increasing a value pointed by p in subexpression
of an expression modifying p saves the increased value
in the wrong place
Classification: Unclassified
Product: gcc
Version: 4.7.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: yangzhe1990@gmail.com
#include <stdio.h>
int main() {
char s[] = "axxxxx";
char *p = s;
printf("s = %s in the beginning.\n"
"p is pointed at the %d-th char.\n", s, p - s);
//p = p + (*p)++ * 3 + 2 - 'a' * 3; // (1)
p += (*p)++ * 3 + 2 - 'a' * 3; // (2)
printf("p is moved ahead by %d steps\n", p - s);
printf("s = %s after the operation.\n", s);
return 0;
}
The expected result is "bxxxxx". But the output is "axbxxx".
Maybe in the wrong code, when it saves the value, it lookups the address again
by *p, but p is modified in the expression.
As discussed in stackoverflow,
http://stackoverflow.com/questions/12823663/would-p-p-p-3-c-cause-an-undefined-behavior?answertab=votes#tab-top
most people think it's a bug of gcc.
Bug found in gcc 4.4.6, 4.7.1, g++ 4.4.6. g++ 4.7.1 produces the correct
result.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/54907] post increasing a value pointed by p in subexpression of an expression modifying p saves the increased value in the wrong place
2012-10-12 10:11 [Bug c/54907] New: post increasing a value pointed by p in subexpression of an expression modifying p saves the increased value in the wrong place yangzhe1990 at gmail dot com
@ 2012-10-12 10:24 ` graham.stott at btinternet dot com
2012-10-12 11:21 ` yangzhe1990 at gmail dot com
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: graham.stott at btinternet dot com @ 2012-10-12 10:24 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54907
--- Comment #1 from graham.stott at btinternet dot com 2012-10-12 10:24:30 UTC ---
Not a bug p is modified twice without a seqence point the result is undefined
________________________________
From: yangzhe1990 at gmail dot com <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Sent: Friday, 12 October 2012, 11:10
Subject: [Bug c/54907] New: post increasing a value pointed by p in
subexpression of an expression modifying p saves the increased value in the
wrong place
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54907
Bug #: 54907
Summary: post increasing a value pointed by p in subexpression
of an expression modifying p saves the increased value
in the wrong place
Classification: Unclassified
Product: gcc
Version: 4.7.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: yangzhe1990@gmail.com
#include <stdio.h>
int main() {
char s[] = "axxxxx";
char *p = s;
printf("s = %s in the beginning.\n"
"p is pointed at the %d-th char.\n", s, p - s);
//p = p + (*p)++ * 3 + 2 - 'a' * 3; // (1)
p += (*p)++ * 3 + 2 - 'a' * 3; // (2)
printf("p is moved ahead by %d steps\n", p - s);
printf("s = %s after the operation.\n", s);
return 0;
}
The expected result is "bxxxxx". But the output is "axbxxx".
Maybe in the wrong code, when it saves the value, it lookups the address again
by *p, but p is modified in the expression.
As discussed in stackoverflow,
http://stackoverflow.com/questions/12823663/would-p-p-p-3-c-cause-an-undefined-behavior?answertab=votes#tab-top
most people think it's a bug of gcc.
Bug found in gcc 4.4.6, 4.7.1, g++ 4.4.6. g++ 4.7.1 produces the correct
result.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/54907] post increasing a value pointed by p in subexpression of an expression modifying p saves the increased value in the wrong place
2012-10-12 10:11 [Bug c/54907] New: post increasing a value pointed by p in subexpression of an expression modifying p saves the increased value in the wrong place yangzhe1990 at gmail dot com
2012-10-12 10:24 ` [Bug c/54907] " graham.stott at btinternet dot com
@ 2012-10-12 11:21 ` yangzhe1990 at gmail dot com
2012-10-12 11:24 ` redi at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: yangzhe1990 at gmail dot com @ 2012-10-12 11:21 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54907
--- Comment #2 from yangzhe1990 at gmail dot com 2012-10-12 11:20:39 UTC ---
No, p is not modified twice.
p is modified once,
*p is modified once.
(In reply to comment #1)
> Not a bug p is modified twice without a seqence point the result is undefined
>
>
>
> ________________________________
> From: yangzhe1990 at gmail dot com <gcc-bugzilla@gcc.gnu.org>
> To: gcc-bugs@gcc.gnu.org
> Sent: Friday, 12 October 2012, 11:10
> Subject: [Bug c/54907] New: post increasing a value pointed by p in
> subexpression of an expression modifying p saves the increased value in the
> wrong place
>
>
> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54907
>
> Bug #: 54907
> Summary: post increasing a value pointed by p in subexpression
> of an expression modifying p saves the increased value
> in the wrong place
> Classification: Unclassified
> Product: gcc
> Version: 4.7.1
> Status: UNCONFIRMED
> Severity: normal
> Priority: P3
> Component: c
> AssignedTo: unassigned@gcc.gnu.org
> ReportedBy: yangzhe1990@gmail.com
>
>
> #include <stdio.h>
>
> int main() {
> char s[] = "axxxxx";
> char *p = s;
>
> printf("s = %s in the beginning.\n"
> "p is pointed at the %d-th char.\n", s, p - s);
> //p = p + (*p)++ * 3 + 2 - 'a' * 3; // (1)
> p += (*p)++ * 3 + 2 - 'a' * 3; // (2)
> printf("p is moved ahead by %d steps\n", p - s);
> printf("s = %s after the operation.\n", s);
> return 0;
> }
>
> The expected result is "bxxxxx". But the output is "axbxxx".
>
> Maybe in the wrong code, when it saves the value, it lookups the address again
> by *p, but p is modified in the expression.
>
> As discussed in stackoverflow,
> http://stackoverflow.com/questions/12823663/would-p-p-p-3-c-cause-an-undefined-behavior?answertab=votes#tab-top
> most people think it's a bug of gcc.
>
> Bug found in gcc 4.4.6, 4.7.1, g++ 4.4.6. g++ 4.7.1 produces the correct
> result.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/54907] post increasing a value pointed by p in subexpression of an expression modifying p saves the increased value in the wrong place
2012-10-12 10:11 [Bug c/54907] New: post increasing a value pointed by p in subexpression of an expression modifying p saves the increased value in the wrong place yangzhe1990 at gmail dot com
2012-10-12 10:24 ` [Bug c/54907] " graham.stott at btinternet dot com
2012-10-12 11:21 ` yangzhe1990 at gmail dot com
@ 2012-10-12 11:24 ` redi at gcc dot gnu.org
2012-10-12 15:40 ` joseph at codesourcery dot com
2021-08-12 14:41 ` pinskia at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: redi at gcc dot gnu.org @ 2012-10-12 11:24 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54907
--- Comment #3 from Jonathan Wakely <redi at gcc dot gnu.org> 2012-10-12 11:23:52 UTC ---
On the RHS of the assignment *p is modified, not p
The difference in behaviour between gcc and g++ is probably due to
http://gcc.gnu.org/viewcvs?view=revision&revision=176072
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/54907] post increasing a value pointed by p in subexpression of an expression modifying p saves the increased value in the wrong place
2012-10-12 10:11 [Bug c/54907] New: post increasing a value pointed by p in subexpression of an expression modifying p saves the increased value in the wrong place yangzhe1990 at gmail dot com
` (2 preceding siblings ...)
2012-10-12 11:24 ` redi at gcc dot gnu.org
@ 2012-10-12 15:40 ` joseph at codesourcery dot com
2021-08-12 14:41 ` pinskia at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: joseph at codesourcery dot com @ 2012-10-12 15:40 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54907
--- Comment #4 from joseph at codesourcery dot com <joseph at codesourcery dot com> 2012-10-12 15:40:05 UTC ---
I believe this code is well-defined.
There are two objects modified, p and *p. p is modified by the
assignment, and C11 6.5.16#3 says "The side effect of updating the stored
value of the left operand is sequenced after the value computations of the
left and right operands.". For postfix increment, which modifies *p, "The
value computation of the result is sequenced before the side effect of
updating the stored value of the operand.". Each object is modified only
once, so there is no issue of two side effects on the same object being
unsequenced. And the value computation of the RHS, using p, is sequenced
before p is updated by the assignment; furthermore, 5.1.2.3#2 says "Value
computation for an lvalue expression includes determining the identity of
the designated object.". So I don't think either case of undefinedness in
6.5#2, "If a side effect on a scalar object is unsequenced relative to
either a different side effect on the same scalar object or a value
computation using the value of the same scalar object, the behavior is
undefined.", applies here.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/54907] post increasing a value pointed by p in subexpression of an expression modifying p saves the increased value in the wrong place
2012-10-12 10:11 [Bug c/54907] New: post increasing a value pointed by p in subexpression of an expression modifying p saves the increased value in the wrong place yangzhe1990 at gmail dot com
` (3 preceding siblings ...)
2012-10-12 15:40 ` joseph at codesourcery dot com
@ 2021-08-12 14:41 ` pinskia at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2021-08-12 14:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=54907
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |wrong-code
Status|UNCONFIRMED |NEW
Known to work| |4.8.1
Ever confirmed|0 |1
Known to fail| |4.6.4, 4.7.4
Last reconfirmed| |2021-08-12
--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
The C part of this bug was fixed with r0-120559.
I don't know what fixed the C++ side of things though because it was before
4.7.x.
A testcase for this should definitely be put in.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-08-12 14:41 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-10-12 10:11 [Bug c/54907] New: post increasing a value pointed by p in subexpression of an expression modifying p saves the increased value in the wrong place yangzhe1990 at gmail dot com
2012-10-12 10:24 ` [Bug c/54907] " graham.stott at btinternet dot com
2012-10-12 11:21 ` yangzhe1990 at gmail dot com
2012-10-12 11:24 ` redi at gcc dot gnu.org
2012-10-12 15:40 ` joseph at codesourcery dot com
2021-08-12 14:41 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).