today I tried to compile Redis with clang, and a test was failing
without apparent reasons.
I investigated a bit further, and isolated the bug in the following
code fragment:
I verified the bug only in Apple's clang, I'm not 100% sure this is
the right place where to submit such a bug report. If this is the
wrong place, I'm sorry, please point me in the right direction.
I'm not subscribed to the list so if you need further informations
please include my address in CC.
If I understand this code correctly, there is a signed overflow.
Signed overflow is undefined behavior. Clang (or LLVM) apparently
takes advantage of that by optimizing (incr < 0 && value > oldvalue)
=> false.
today I tried to compile Redis with clang, and a test was failing
without apparent reasons.
I investigated a bit further, and isolated the bug in the following
code fragment:
I verified the bug only in Apple's clang, I'm not 100% sure this is
the right place where to submit such a bug report. If this is the
wrong place, I'm sorry, please point me in the right direction.
I can confirm the bug on x86_64-apple-darwin10.8.0 using clang r151042 with -O1, -O2, -O3 and -Os.
If I understand this code correctly, there is a signed overflow.
Signed overflow is undefined behavior. Clang (or LLVM) apparently
takes advantage of that by optimizing (incr < 0 && value > oldvalue)
=> false.
I Dmitri,
I understand the code is undefined, but a compiler can decide to have
different practical behaviors when an undefined condition is
encountered. I think that the best way to handle this condition in the
real world is to do the math accordingly to the underlaying
architecture, so that just the result is undefined, but avoiding to
take advantage of the fact it is undefined to optimized.
I'm not stating that clang is behavior is no correct: strictly
speaking it is following the standard. However its concrete behavior
probably does not minimize the probability of real-world (possibly
broken) code fails. That said I'm going to fix my code so that it is
standard complaint and can compile fine with clang.
If I understand this code correctly, there is a signed overflow.
Signed overflow is undefined behavior. Clang (or LLVM) apparently
takes advantage of that by optimizing (incr < 0 && value > oldvalue)
=> false.
Sure, including today's undefined behavior (not found by the static
analyzer) I fixed three bugs thanks to clang so far:
$ git log --oneline | grep clang
7c96b46 Fixed undefined behavior in *INCR style functions overflow
detection. Sorry clang!
4e97c2c Fixed another possible bug in cluster.c found by clang --analyze.
6710ff2 Fixed a non critical bug signaled by clang static analyzer
thanks to Mukund Sivaraman for reporting it: there was a not
initialized field populating the cluster message header, but it is
always fixed at later time before sending the packet.