NEW 25857
new dtoa.cpp strict-aliasing issues with gcc 4.4 
https://bugs.webkit.org/show_bug.cgi?id=25857
Summary new dtoa.cpp strict-aliasing issues with gcc 4.4
Craig Schlenter
Reported 2009-05-18 11:39:00 PDT
dtoa.cpp is getting strict aliasing warnings again in trunk with gcc 4.4 after the latest changes. I'm running this in chromium but it's the same code as far as I can tell. /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp: In function 'void WTF::mult(WTF::BigInt&, const WTF::BigInt&)': /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:505: warning: dereferencing pointer '<anonymous>' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:505: note: initialized from here /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:505: warning: dereferencing pointer 'xc.43' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:505: note: initialized from here /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:517: warning: dereferencing pointer '<anonymous>' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:517: note: initialized from here /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:517: warning: dereferencing pointer 'xc.43' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:517: note: initialized from here /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp: In function 'void WTF::dtoa(char*, double, int, int*, int*, char**)': /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:293: warning: '<anonymous>' may be used uninitialized in this function /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:2135: note: '<anonymous>' was declared here Compiling /home/craig/chromium.git/src/sconsbuild/Release/obj/third_party/WebKit/JavaScriptCore/pcre/pcre_compile.os Compiling /home/craig/chromium.git/src/sconsbuild/Release/obj/third_party/WebKit/JavaScriptCore/pcre/pcre_exec.os /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp: In function 'double WTF::strtod(const char*, char**)': /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:736: warning: dereferencing pointer 'xc.62' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:736: note: initialized from here /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:736: warning: dereferencing pointer '<anonymous>' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:736: note: initialized from here /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:743: warning: dereferencing pointer 'xc.62' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:743: note: initialized from here /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:743: warning: dereferencing pointer '<anonymous>' does break strict-aliasing rules /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:743: note: initialized from here Rolling back to r42264 makes things happy - I have not tried the in-between revisions yet. Thank you. The 42264 changes here were discussed here: https://bugs.webkit.org/show_bug.cgi?id=25033
Attachments
Add attachment proposed patch, testcase, etc.
Evan Martin
Comment 1 2009-05-19 12:55:33 PDT
CC'ing Darin since he had comments on the other strict aliasing bug. This one is in JSC, which he said should be strict-aliasing-safe?
Darin Adler
Comment 2 2009-05-19 13:00:00 PDT
(In reply to comment #1) > CC'ing Darin since he had comments on the other strict aliasing bug. > This one is in JSC, which he said should be strict-aliasing-safe? Yes, JavaScriptCore is intended to be compiled with strict aliasing. So this bug seems real and should be fixed, unlike strict aliasing issues in WebCore. Making WebCore compiled with strict aliasing is entering new territory, but this is not.
Xan Lopez
Comment 3 2009-05-20 05:27:21 PDT
FWIW, the only strict aliasing warnings I get are the ones on lines 505 and 517.
Maciej Stachowiak
Comment 4 2009-05-20 05:42:09 PDT
If these are all due to the Storeinc macro (which does appear to break strict aliasing), it is preceded by a commented out aliasing-safe definition that looks like it would also be more efficient on modern CPUs: #define Storeinc(a,b,c) (*a++ = b << 16 | c & 0xffff)
Craig Schlenter
Comment 5 2009-05-20 06:36:48 PDT
Excellent suggestion! Using the alternate Storeinc macro kills the strict aliasing warnings completely for me. There are some parentheses warnings which appear harmless. The anonymous/uninitialized warning below appears to be technically correct but I haven't looked at whether it matters in practice yet. Here's the new compiler output: ( Line numbers are probably off by 1 as I added an extra line with the macro ) Compiling /home/craig/chromium.git/src/sconsbuild/Release/obj/third_party/WebKit/JavaScriptCore/wtf/dtoa.os /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp: In function 'void WTF::mult(WTF::BigInt&, const WTF::BigInt&)': /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:506: warning: suggest parentheses around arithmetic in operand of '|' /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:518: warning: suggest parentheses around arithmetic in operand of '|' /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp: In function 'void WTF::diff(WTF::BigInt&, const WTF::BigInt&, const WTF::BigInt&)': /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:737: warning: suggest parentheses around arithmetic in operand of '|' /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:744: warning: suggest parentheses around arithmetic in operand of '|' /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp: In function 'int WTF::quorem(WTF::BigInt&, WTF::BigInt&)': /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:1745: warning: suggest parentheses around arithmetic in operand of '|' /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:1785: warning: suggest parentheses around arithmetic in operand of '|' /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp: In function 'void WTF::dtoa(char*, double, int, int*, int*, char**)': /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:294: warning: '<anonymous>' may be used uninitialized in this function /home/craig/chromium.git/src/third_party/WebKit/JavaScriptCore/wtf/dtoa.cpp:2136: note: '<anonymous>' was declared here
Ben Laurie
Comment 6 2009-06-30 05:20:31 PDT
Index: wtf/dtoa.cpp =================================================================== --- wtf/dtoa.cpp (revision 45352) +++ wtf/dtoa.cpp (working copy) @@ -1876,9 +1876,15 @@ /* Infinity or NaN */ *decpt = 9999; if (!word1(&u) && !(word0(&u) & 0xfffff)) - strcpy(result, "Infinity"); - else - strcpy(result, "NaN"); + { + strncpy(result, "Infinity", ndigits); + result[ndigits] = '\0'; + } + else + { + strncpy(result, "NaN", ndigits); + result[ndigits] = '\0'; + } return; } if (!dval(&u)) { Index: ChangeLog =================================================================== --- ChangeLog (revision 45352) +++ ChangeLog (working copy) @@ -1,3 +1,14 @@ +2009-06-26 Ben Laurie <benl@google.com> + + Reviewed by NOBODY. + + <https://bugs.webkit.org/show_bug.cgi?id=25857> + + If dtoa was given a small buffer and the number was either + infinite or NaN, then the buffer would be overflowed. + + * wtf/dtoa.cpp: + 2009-06-26 Oliver Hunt <oliver@apple.com> Reviewed by Dan Bernstein.
Ben Laurie
Comment 7 2009-06-30 05:21:33 PDT
Whoops, wrong bug! Sorry!
Note You need to log in before you can comment on or make changes to this bug.