This slightly strangely written program (it's distilled down from frame_offset_overflow in the gcc source itself) should print "bigger" if the first argument is bigger than 10 (or negative, but let's ignore that please):
#include <stdlib.h>
#include <stdio.h>
int a[2] = { 10, 20 };
int
is_bigger (long offset, int index)
{
unsigned long size = -offset;
if (size > a[index])
{
printf("bigger\n");
return 1;
}
return 0;
}
int
main (int argc, char** argv)
{
long v;
v = atol(argv[1]);
is_bigger(-v, 0);
return 0;
}
When compiled at -O1 or above (and with inlining disabled at -O2 and above), though, it bungles the 0 case:
Hi,
This slightly strangely written program (it's distilled down from frame_offset_ overflow in the gcc source itself) should print "bigger" if the first argument is bigger than 10 (or negative, but let's ignore that please):
#include <stdlib.h>
#include <stdio.h>
int a[2] = { 10, 20 };
int
is_bigger (long offset, int index)
{
unsigned long size = -offset;
if (size > a[index]) "bigger\ n");
{
printf(
return 1;
}
return 0;
}
int
main (int argc, char** argv)
{
long v;
v = atol(argv[1]);
is_bigger(-v, 0);
return 0;
}
When compiled at -O1 or above (and with inlining disabled at -O2 and above), though, it bungles the 0 case:
(t-doko) mwhudson@ arm64:~ $ gcc-4.9 -O3 test.c -o test -fno-inline -Wall mwhudson@ arm64:~ $ ./test 1 mwhudson@ arm64:~ $ ./test 11 mwhudson@ arm64:~ $ ./test 0 mwhudson@ arm64:~ $ gcc-4.9 -O0 test.c -o test -Wall mwhudson@ arm64:~ $ ./test 1 mwhudson@ arm64:~ $ ./test 11 mwhudson@ arm64:~ $ ./test 0 mwhudson@ arm64:~ $
(t-doko)
(t-doko)
bigger
(t-doko)
bigger
(t-doko)
(t-doko)
(t-doko)
bigger
(t-doko)
(t-doko)
What's going on? Here's the disassembly of is_bigger (at O3):
0000000000400608 <is_bigger>: OFFSET_ TABLE_+ 0x28>
400608: b0000082 adrp x2, 411000 <_GLOBAL_
40060c: 91010042 add x2, x2, #0x40
400610: a9bf7bfd stp x29, x30, [sp,#-16]!
400614: 52800003 mov w3, #0x0 // #0
400618: 910003fd mov x29, sp
40061c: b8a1d841 ldrsw x1, [x2,w1,sxtw #2]
400620: ab00003f cmn x1, x0
400624: 540000a2 b.cs 400638 <is_bigger+0x30>
400628: 90000000 adrp x0, 400000 <_init-0x3f8>
40062c: 911b6000 add x0, x0, #0x6d8
400630: 97ffff90 bl 400470 <puts@plt>
400634: 52800023 mov w3, #0x1 // #1
400638: 2a0303e0 mov w0, w3
40063c: a8c17bfd ldp x29, x30, [sp],#16
400640: d65f03c0 ret
Basically it seems that the condition "-offset > val" is being compiled as "val + offset does not overflow", which is not valid for offset == 0.