public inbox for gcc-prs@sourceware.org
help / color / mirror / Atom feed
* Re: c/8268: no compile time array index checking
@ 2002-10-18 10:26 Falk Hueffner
0 siblings, 0 replies; 5+ messages in thread
From: Falk Hueffner @ 2002-10-18 10:26 UTC (permalink / raw)
To: nobody; +Cc: gcc-prs
The following reply was made to PR c/8268; it has been noted by GNATS.
From: Falk Hueffner <falk.hueffner@student.uni-tuebingen.de>
To: gcc-gnats@gcc.gnu.org
Cc:
Subject: Re: c/8268: no compile time array index checking
Date: 18 Oct 2002 19:22:53 +0200
--=-=-=
Hi,
ages ago, I wrote a patch for c-typeck.c that does this. Jeff Law
suggested to place it in expr.c, so other languages would catch it,
too. Here's a patch. Does it look like I'm on the right track?
--
Falk
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=array-bounds.patch
Index: expr.c
===================================================================
RCS file: /cvs/gcc/gcc/gcc/expr.c,v
retrieving revision 1.488
diff -u -r1.488 expr.c
--- expr.c 15 Oct 2002 20:09:32 -0000 1.488
+++ expr.c 18 Oct 2002 15:59:49 -0000
@@ -5634,6 +5634,19 @@
tree low_bound = (domain ? TYPE_MIN_VALUE (domain) : 0);
tree unit_size = TYPE_SIZE_UNIT (TREE_TYPE (TREE_TYPE (array)));
+ if (domain && TREE_CODE (index) == INTEGER_CST)
+ {
+ if ((TREE_CODE (low_bound) == INTEGER_CST
+ && tree_int_cst_lt(index, low_bound))
+ || (TREE_CODE (TYPE_MAX_VALUE (domain)) == INTEGER_CST
+ && tree_int_cst_lt (TYPE_MAX_VALUE (domain), index)
+ /* Accesses after the end of arrays of size 0 (gcc
+ extension) and 1 are likely intentional. */
+ && !tree_int_cst_lt (TYPE_MAX_VALUE (domain),
+ build_int_2 (2, 0))))
+ warning ("array subscript out of range");
+ }
+
/* We assume all arrays have sizes that are a multiple of a byte.
First subtract the lower bound, if any, in the type of the
index, then convert to sizetype and multiply by the size of the
--=-=-=--
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: c/8268: no compile time array index checking
@ 2003-01-28 0:46 Wolfgang Bangerth
0 siblings, 0 replies; 5+ messages in thread
From: Wolfgang Bangerth @ 2003-01-28 0:46 UTC (permalink / raw)
To: nobody; +Cc: gcc-prs
The following reply was made to PR c/8268; it has been noted by GNATS.
From: Wolfgang Bangerth <bangerth@ticam.utexas.edu>
To: David Binderman <d.binderman@virgin.net>,
<falk.hueffner@student.uni-tuebingen.de>
Cc: gcc-gnats@gcc.gnu.org
Subject: Re: c/8268: no compile time array index checking
Date: Mon, 27 Jan 2003 18:45:53 -0600 (CST)
David,
thanks for checking this out. This seems like if the patch was going in
the right direction. Falk, regarding the abort, can you take a look at it?
Thanks
W.
> I tried out the suggested patch, and it seems ok, until I run
> the gcc test suite, where I get problems on test
>
> gcc.c-torture/execute/20010924-1.c
>
> as shown
>
> (gdb) r /tmp/1.i
> Starting program:
> /home/dcb/gnu/gcc321/results.check/lib/gcc-lib/i686-pc-linux-gnu/3.2.1/cc1
> /tmp/1.i
> main
> Program received signal SIGSEGV, Segmentation fault.
> 0x080f12d3 in get_inner_reference (exp=0x40271700, pbitsize=0xbffff1ec,
> pbitpos=0xbffff1f0, poffset=0xbffff1f4, pmode=0x0,
> punsignedp=0x40016c60,
> pvolatilep=0xbffff1fc) at ../../src/gcc-3.2.1/gcc/expr.c:5338
> 5338 || (TREE_CODE (TYPE_MAX_VALUE (domain)) ==
> INTEGER_CST(gdb) list
> 5333
> 5334 if (domain && TREE_CODE (index) == INTEGER_CST)
> 5335 {
> 5336 if ((TREE_CODE (low_bound) == INTEGER_CST
> 5337 && tree_int_cst_lt(index, low_bound))
> 5338 || (TREE_CODE (TYPE_MAX_VALUE (domain)) ==
> INTEGER_CST5339 && tree_int_cst_lt (TYPE_MAX_VALUE
> (domain), index)
> 5340 /* Accesses after the end of arrays of size 0
> (gcc5341 extension) and 1 are likely
> intentional. */
> 5342 && !tree_int_cst_lt (TYPE_MAX_VALUE (domain),
> (gdb)
>
>
> Further, it seems a good idea if the warning message produced could be
> enhanced to give a clue about the index value and the size of the array.
>
> Something like
>
> warning: array index '10' in array 'fred' of size '5' is not valid.
>
> A possible second enhancement is to make sure that all six bugs in my
> original demonstration case are found. The current version of the patch
> only finds four of the six problems.
>
> The supplied patch does seem to find bugs in the gcc321 source code,
> however.
>
> Regards
>
> dcb
>
>
> ----- Original Message -----
> From: <bangerth@dealii.org>
> To: <d.binderman@virgin.net>; <gcc-bugs@gcc.gnu.org>; <gcc-prs@gcc.gnu.org>;
> <nobody@gcc.gnu.org>
> Sent: Wednesday, January 08, 2003 2:40 AM
> Subject: Re: c/8268: no compile time array index checking
>
>
> > Synopsis: no compile time array index checking
> >
> > State-Changed-From-To: open->analyzed
> > State-Changed-By: bangerth
> > State-Changed-When: Tue Jan 7 18:40:02 2003
> > State-Changed-Why:
> > Valid request. Falk even has a patch for that, but it
> > does not seem to be in.
> >
> > In fact, the category should not be accepts-illegal, since
> > the code is perfectly legal. It just does something
> > undefined.
> >
> > W.
> >
> >
> http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&p
> r=8268
> >
>
-------------------------------------------------------------------------
Wolfgang Bangerth email: bangerth@ticam.utexas.edu
www: http://www.ticam.utexas.edu/~bangerth/
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: c/8268: no compile time array index checking
@ 2003-01-26 16:06 David Binderman
0 siblings, 0 replies; 5+ messages in thread
From: David Binderman @ 2003-01-26 16:06 UTC (permalink / raw)
To: nobody; +Cc: gcc-prs
The following reply was made to PR c/8268; it has been noted by GNATS.
From: "David Binderman" <d.binderman@virgin.net>
To: <bangerth@dealii.org>,
<gcc-prs@gcc.gnu.org>,
<nobody@gcc.gnu.org>,
<gcc-gnats@gcc.gnu.org>,
<gcc-bugs@gcc.gnu.org>
Cc:
Subject: Re: c/8268: no compile time array index checking
Date: Sun, 26 Jan 2003 16:08:53 -0000
Hello there,
I tried out the suggested patch, and it seems ok, until I run
the gcc test suite, where I get problems on test
gcc.c-torture/execute/20010924-1.c
as shown
(gdb) r /tmp/1.i
Starting program:
/home/dcb/gnu/gcc321/results.check/lib/gcc-lib/i686-pc-linux-gnu/3.2.1/cc1
/tmp/1.i
main
Program received signal SIGSEGV, Segmentation fault.
0x080f12d3 in get_inner_reference (exp=0x40271700, pbitsize=0xbffff1ec,
pbitpos=0xbffff1f0, poffset=0xbffff1f4, pmode=0x0,
punsignedp=0x40016c60,
pvolatilep=0xbffff1fc) at ../../src/gcc-3.2.1/gcc/expr.c:5338
5338 || (TREE_CODE (TYPE_MAX_VALUE (domain)) ==
INTEGER_CST(gdb) list
5333
5334 if (domain && TREE_CODE (index) == INTEGER_CST)
5335 {
5336 if ((TREE_CODE (low_bound) == INTEGER_CST
5337 && tree_int_cst_lt(index, low_bound))
5338 || (TREE_CODE (TYPE_MAX_VALUE (domain)) ==
INTEGER_CST5339 && tree_int_cst_lt (TYPE_MAX_VALUE
(domain), index)
5340 /* Accesses after the end of arrays of size 0
(gcc5341 extension) and 1 are likely
intentional. */
5342 && !tree_int_cst_lt (TYPE_MAX_VALUE (domain),
(gdb)
Further, it seems a good idea if the warning message produced could be
enhanced to give a clue about the index value and the size of the array.
Something like
warning: array index '10' in array 'fred' of size '5' is not valid.
A possible second enhancement is to make sure that all six bugs in my
original demonstration case are found. The current version of the patch
only finds four of the six problems.
The supplied patch does seem to find bugs in the gcc321 source code,
however.
Regards
dcb
----- Original Message -----
From: <bangerth@dealii.org>
To: <d.binderman@virgin.net>; <gcc-bugs@gcc.gnu.org>; <gcc-prs@gcc.gnu.org>;
<nobody@gcc.gnu.org>
Sent: Wednesday, January 08, 2003 2:40 AM
Subject: Re: c/8268: no compile time array index checking
> Synopsis: no compile time array index checking
>
> State-Changed-From-To: open->analyzed
> State-Changed-By: bangerth
> State-Changed-When: Tue Jan 7 18:40:02 2003
> State-Changed-Why:
> Valid request. Falk even has a patch for that, but it
> does not seem to be in.
>
> In fact, the category should not be accepts-illegal, since
> the code is perfectly legal. It just does something
> undefined.
>
> W.
>
>
http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&p
r=8268
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: c/8268: no compile time array index checking
@ 2003-01-08 2:40 bangerth
0 siblings, 0 replies; 5+ messages in thread
From: bangerth @ 2003-01-08 2:40 UTC (permalink / raw)
To: d.binderman, gcc-bugs, gcc-prs, nobody
Synopsis: no compile time array index checking
State-Changed-From-To: open->analyzed
State-Changed-By: bangerth
State-Changed-When: Tue Jan 7 18:40:02 2003
State-Changed-Why:
Valid request. Falk even has a patch for that, but it
does not seem to be in.
In fact, the category should not be accepts-illegal, since
the code is perfectly legal. It just does something
undefined.
W.
http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=8268
^ permalink raw reply [flat|nested] 5+ messages in thread
* c/8268: no compile time array index checking
@ 2002-10-17 14:26 d.binderman
0 siblings, 0 replies; 5+ messages in thread
From: d.binderman @ 2002-10-17 14:26 UTC (permalink / raw)
To: gcc-gnats
>Number: 8268
>Category: c
>Synopsis: no compile time array index checking
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: unassigned
>State: open
>Class: accepts-illegal
>Submitter-Id: net
>Arrival-Date: Thu Oct 17 14:26:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: d.binderman@virgin.net
>Release: gcc 3.2
>Organization:
>Environment:
>Description:
# include <stdlib.h>
// some compilers can find fault with this
// simple case
int a[ 10];
void
f()
{
a[ -1] = -1; // bug
a[ 0] = 0;
a[ 9] = 9;
a[ 10] = 10; // bug
}
// bit more complex
void
g()
{
int b[ 10];
const int n = 5;
b[ 2 * n - 11] = -1; // bug
b[ 2 * n - 10] = 0;
b[ n + 4] = 9;
b[ n + 5] = 10; // bug
}
// Can any compiler find fault with this ?
void
h()
{
int * const c = (int *) malloc( 10 * sizeof( int));
int n = 5;
c[ 2 * n - 11] = -1; // bug
c[ 2 * n - 10] = 0;
c[ n + 4] = 9;
c[ n + 5] = 10; // bug
free( c);
}
>How-To-Repeat:
I tried to compile the above source code with
gcc 3.2 -g -O2 -Wall.
It produced no warnings. I count six bugs in the code.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2003-01-28 0:46 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-10-18 10:26 c/8268: no compile time array index checking Falk Hueffner
-- strict thread matches above, loose matches on Subject: below --
2003-01-28 0:46 Wolfgang Bangerth
2003-01-26 16:06 David Binderman
2003-01-08 2:40 bangerth
2002-10-17 14:26 d.binderman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).