|
From: Tom H. <to...@co...> - 2009-01-07 15:56:42
|
Julian Seward wrote:
>> Well my experiments with ptrcheck so far have amounted to be managing to
>> run up our software under it and get lots of false positives ;-)
>
> That's not good. Are they all of any particular form? Can you show
> some details?
I just found a piece of really simple and sensible looking code that
produces a false positive:
for( i = 0; i < 12; ++i )
{
longmonth[i] = NULL;
shortmonth[i] = NULL;
}
yields this:
Expected: global array "longmonth" in object with soname "NONE"
Actual: global array "shortmonth" in object with soname "NONE"
The reason, obviously, is that the compiler has reused the same register
to hold the base address of both arrays - the compiled body of that loop
looks like this:
1388e: 8b 45 f4 mov -0xc(%rbp),%eax
13891: 48 98 cltq
13893: 48 8d 14 c5 00 00 00 lea 0x0(,%rax,8),%rdx
1389a: 00
1389b: 48 8d 05 7e 22 22 00 lea 0x22227e(%rip),%rax
# 235b20 <longmonth>
138a2: 48 c7 04 02 00 00 00 movq $0x0,(%rdx,%rax,1)
138a9: 00
138aa: 8b 45 f4 mov -0xc(%rbp),%eax
138ad: 48 98 cltq
138af: 48 8d 14 c5 00 00 00 lea 0x0(,%rax,8),%rdx
138b6: 00
138b7: 48 8d 05 c2 22 22 00 lea 0x2222c2(%rip),%rax
# 235b80 <shortmonth>
138be: 48 c7 04 02 00 00 00 movq $0x0,(%rdx,%rax,1)
So it is using rax for the base and rdx for the index on both
assignments. In fact there is then a second loop over a different array
using i as the index again which produces another warning...
The trouble is that if code as simple as that produces a false positive
then you have to wonder how much people will be prepared to try and wade
through the warnings?
Tom
--
Tom Hughes (to...@co...)
http://www.compton.nu/
|