[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [csmith-bugs] 2.0.0: read from and write to the same location within two sequence points

To: csmith-bugs@flux.utah.edu
Subject: Re: [csmith-bugs] 2.0.0: read from and write to the same location within two sequence points
From: John Regehr <regehr@cs.utah.edu>
Date: Wed, 18 May 2011 22:57:53 -0600
In-reply-to: <00a301cc15cd$1f2e0390$5d8a0ab0$@utah.edu>
List-archive: </listarchives/csmith-bugs>
List-help: <mailto:csmith-bugs-request@flux.utah.edu?subject=help>
List-id: Csmith Bugs Mailing List <csmith-bugs.flux.utah.edu>
List-post: <mailto:csmith-bugs@flux.utah.edu>
List-subscribe: <http://www.flux.utah.edu/mailman/listinfo/csmith-bugs>, <mailto:csmith-bugs-request@flux.utah.edu?subject=subscribe>
List-unsubscribe: <http://www.flux.utah.edu/mailman/listinfo/csmith-bugs>, <mailto:csmith-bugs-request@flux.utah.edu?subject=unsubscribe>
References: <BANLkTin_ju9+XS2Rtzp6h9e6ZJsNR1OR_w@mail.gmail.com> <00a301cc15cd$1f2e0390$5d8a0ab0$@utah.edu>
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10

I haven't looked at the original example, but it sounds to me likeXuejun's analysis is correct.

Pascal, could we ask you to upgrade to the latest version of Csmith ongithub? Xuejun has fixed several problems since the 2.0.0 release andhopefully the newer version will work better for you.


John




On 5/18/11 8:33 PM, Xuejun Yang wrote:

In essence, line 61 is doing something like:

*p = func_10(g_2, g_2)

where p points to g_2 and func_10 modifies g_2.

I think the accesses to g_2 constitute no ambiguity: firstly function
parameters are evaluated before the function; secondly a function are
evaluated before its return value is used. In other words, the accesses to
g_2 follow the sequence:

read g_2
read g_2
sequence point
write g_2 (in func_10)
sequence point
write g_2 (through *p)

The first two reads can be re-arranged. But that doesn't introduce
ambiguity.

-Xuejun


Hello,

Csmith 2.0.0 generated the attached program.

If instrumented with a printf() statement before and after line 61, a

compilation

on a 64-bit little-endian platform shows that line 61 is reached, and the
functions called there all terminate.
It only takes a cursory glance at func_10() to see that if it terminates,

it

terminates having modified g_2.
Therefore it seems to me that line 61 contains undefined behavior, as
g_2 is accessed there multiple times for reading and for writing in

addition to

the modification by func_10().

References:
- [csmith-bugs] 2.0.0: read from and write to the same location within two sequence points
  - From: Pascal Cuoq <pascal.cuoq@gmail.com>
- Re: [csmith-bugs] 2.0.0: read from and write to the same location within two sequence points
  - From: "Xuejun Yang" <jxyang@cs.utah.edu>

Prev by Date: Re: [csmith-bugs] 2.0.0: read from and write to the same location within two sequence points
Next by Date: Re: [csmith-bugs] 2.0.0: read from and write to the same location within two sequence points
Previous by thread: Re: [csmith-bugs] 2.0.0: read from and write to the same location within two sequence points
Next by thread: Re: [csmith-bugs] 2.0.0: read from and write to the same location within two sequence points
Index(es):
- Date
- Thread