Link time optimization 'bug' report.

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Link time optimization 'bug' report.

Gé Weijers
FYI: I compiled Lua using gcc LTO (Link Time Optimization) with optimization -O3. I got the following warning:
ldebug.c: In function ‘lua_getinfo’:
ltable.c:780:3: warning: ‘v.value_’ may be used uninitialized in this function [-Wmaybe-uninitialized]
   setobj2t(L, cell, value);
   ^
ltable.c:780:3: warning: ‘v.value_’ may be used uninitialized in this function [-Wmaybe-uninitialized]

The issue: collectvalidlines in ldebug.c contains the following code:
TValue v;
...
setbtvalue(&v);
...
luaH_setint(L, t, currentline, &v);

Because of LTO optimizes across file boundaries the compiler figured out that 'v' does not have its 'value_' field set, but it's being used by luaH_setint. This is technically true, but probably quite irrelevant. I added "v.value_.i=0;" following "setbtvalue(&v)" and the issue went away.

I debated whether I should even report this, it's probably safe to ignore, but I'm not an expert on the internals of the interpreter.

OS: Debian 10 x86_64.
Compiler: gcc 8.3.0


--

Reply | Threaded
Open this post in threaded view
|

Re: Link time optimization 'bug' report.

Roberto Ierusalimschy
> FYI: I compiled Lua using gcc LTO (Link Time Optimization) with
> optimization -O3. I got the following warning:
>
> ldebug.c: In function ‘lua_getinfo’:
> ltable.c:780:3: warning: ‘v.value_’ may be used uninitialized in this
> function [-Wmaybe-uninitialized]
>    setobj2t(L, cell, value);
>    ^
> ltable.c:780:3: warning: ‘v.value_’ may be used uninitialized in this
> function [-Wmaybe-uninitialized]
>
> [...]

The compiler only detects this instance, but Lua has had lots of
instances like that for a long time. The problem is that we have a
tagged union, and some tags don't need the union, and therefore don't
use it. In 5.4 that includes booleans, but nil is like that since
the beginning.  Whenever we copy a nil TValue, we are accessing an
uninitialized value_ field.

Strictly, this seems to be undefined behavior in C (due to trap
representations), but I doubt any machine is capable of even detecting
that without going out of its way.  (For instance, we are allowed to
assign the whole structure containing this undefined union, even if we
cannot assign only the union.)

-- Roberto
Reply | Threaded
Open this post in threaded view
|

Re: Link time optimization 'bug' report.

Gé Weijers

On Fri, Jun 12, 2020 at 11:20 Roberto Ierusalimschy <[hidden email]> wrote:
 
The compiler only detects this instance, but Lua has had lots of
instances like that for a long time. The problem is that we have a
tagged union, and some tags don't need the union, and therefore don't
use it. In 5.4 that includes booleans, but nil is like that since
the beginning.  Whenever we copy a nil TValue, we are accessing an
uninitialized value_ field.

I figured as much, but I did not want to assume my analysis was correct. I quoted 'bug' intentionally.
Thanks for the explanation.