Open llvmbot opened 10 years ago
alternative variant that still fails pointer-casting based code
You mean this:
shlist.c:21:27: runtime error: index -16 out of bounds for type 'char const[1]' shlist.c:27:27: runtime error: index -16 out of bounds for type 'char const[1]'
clang does not allow flex arrays there, is it really allowed to skip pointer arithmetic because of that?
Anyway, the bug was found on code that did casts to (char*) and then does pointer arithmetic. I converted to union when I thought this was more standards-compliant, but bug was still there. Now attached pointer-arithmentic variant of the same code.
I needed to download new binary from llvm.org to get -fsanitize=undefined to work. Fyi, the bug is in clang 3.2 too.
$ /opt/apps/llvm34/bin/clang -v clang version 3.4.2 (tags/RELEASE_34/dot2-rc1) Target: x86_64-unknown-linux-gnu $ /opt/apps/llvm34/bin/clang -O shlist2.c $ ./a.out after remove: list: 16 / 16 node: 0 / 0 fail: list $ /opt/apps/llvm34/bin/clang -O -fsanitize=undefined shlist2.c $ ./a.out after remove: list: 16 / 0 node: 0 / 0 fail: list
Try compiling with -fsanitize=undefined ...
Extended Description
clang miscompiles shlist_remove() function in attached code.
when removing only element from list, both structs should end up with zeroes, but clang code fails.
uncommenting the magic printf() or disabling optimizations will fix it.
$ clang -v Ubuntu clang version 3.4.1-1~exp1 (branches/release_34) (based on LLVM 3.4.1) Target: x86_64-pc-linux-gnu $ clang -O shlist.c $ ./a.out after remove: list: 16 / 16 node: 0 / 0 fail: list $ clang -O0 shlist.c $ ./a.out after remove: list: 0 / 0 node: 0 / 0 OK