使用 gcc 7.4.0 并使用 -O1 优化标志编译此示例程序,在数组 'cap' 内设置的数据正在被优化,留下未初始化的数据。
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#define CAP_TYPE_1 0x0003
#define CAP_TYPE_2 0x0004
#define CAP_COUNT 2
#define CAP2_CIP_1 0x0001
#define CAP2_CIP_2 0x0002
#define CAP2_CIP_COUNT 2
static uint16_t cap_2_cips[CAP2_CIP_COUNT] = { CAP2_CIP_1, CAP2_CIP_2 };
#define CAP1_ALG_1 0x0010
#define CAP1_ALG_COUNT 1
static uint16_t cap_1_algs[CAP1_ALG_COUNT] = { CAP1_ALG_1 };
typedef struct optests_cap_1
{
uint16_t count;
uint16_t len;
uint16_t *alg;
char *buf;
} optests_cap_1_t;
typedef struct optests_cap_2
{
uint16_t count;
uint16_t *cip;
} optests_cap_2_t;
typedef struct optests_cap
{
uint16_t type;
uint16_t size;
uint16_t flag;
void *data;
} optests_cap_t;
typedef struct optests_caps
{
uint32_t count;
optests_cap_t *structs;
} optests_caps_t;
static int populate_structs(optests_caps_t *caps)
{
optests_cap_1_t *cap_1;
optests_cap_2_t *cap_2;
optests_cap_t cap[CAP_COUNT];
cap_2 = (optests_cap_2_t*)malloc(sizeof(optests_cap_2_t));
cap_2->count = CAP2_CIP_COUNT;
cap_2->cip = cap_2_cips;
cap[0].type = CAP_TYPE_2;
cap[0].size = 6;
cap[0].flag = 0;
cap[0].data = cap_2;
cap_1 = (optests_cap_1_t*)malloc(sizeof(optests_cap_1_t));
cap_1->count = CAP1_ALG_COUNT;
cap_1->len = 4;
cap_1->alg = cap_1_algs;
cap_1->buf = "ABCD";
cap[1].type = CAP_TYPE_1;
cap[1].size = 6 + cap_1->len;
cap[1].flag = 42;
cap[1].data = cap_1;
caps->count = CAP_COUNT;
caps->structs = cap;
return 0;
}
int main(void)
{
optests_caps_t caps;
memset(&caps, 0, sizeof(optests_cap_t));
populate_structs(&caps);
printf("cap_count = %u\n", caps.count);
for(int i = 0; i < caps.count; i++)
{
printf("Type: %u\n", caps.structs[i].type);
printf("Size: %u\n", caps.structs[i].size);
printf("Flag: %u\n", caps.structs[i].flag);
}
/* Free the memory */
}
使用以下代码编译代码:
gcc -O1 -o optest_O1 optest.c
gcc -O0 -o optest_O0 optest.c
gcc -o optest optest.c
输出是这样的:
$ ./optest
cap_count = 2
Type: 4
Size: 6
Flag: 0
Type: 3
Size: 10
Flag: 42
$ ./optest_O0
cap_count = 2
Type: 4
Size: 6
Flag: 0
Type: 3
Size: 10
Flag: 42
$ ./optest_O1
cap_count = 2
Type: 2464
Size: 22561
Flag: 32596
Type: 2000
Size: 22624
Flag: 32596
Valgrind 在运行优化的二进制文件时报告以下内容:
$ valgrind --tool=memcheck --leak-check=yes ./optest_O1
…
==7316== error calling PR_SET_PTRACER, vgdb might block
cap_count = 2
==7316== Use of uninitialised value of size 8
==7316== at 0x4E9486B: _itoa_word (_itoa.c:179)
==7316== by 0x4E97F0D: vfprintf (vfprintf.c:1642)
==7316== by 0x4F6E2EB: __printf_chk (printf_chk.c:35)
==7316== by 0x10871D: main (in /opttest/optest_O1)
==7316==
==7316== Conditional jump or move depends on uninitialised value(s)
==7316== at 0x4E94875: _itoa_word (_itoa.c:179)
==7316== by 0x4E97F0D: vfprintf (vfprintf.c:1642)
==7316== by 0x4F6E2EB: __printf_chk (printf_chk.c:35)
==7316== by 0x10871D: main (in /opttest/optest_O1)
==7316==
==7316== Conditional jump or move depends on uninitialised value(s)
==7316== at 0x4E98014: vfprintf (vfprintf.c:1642)
==7316== by 0x4F6E2EB: __printf_chk (printf_chk.c:35)
==7316== by 0x10871D: main (in /opttest/optest_O1)
==7316==
==7316== Conditional jump or move depends on uninitialised value(s)
==7316== at 0x4E98B4C: vfprintf (vfprintf.c:1642)
==7316== by 0x4F6E2EB: __printf_chk (printf_chk.c:35)
==7316== by 0x10871D: main (in /opttest/optest_O1)
==7316==
Type: 2464
…
如果我将 gcc -fno-tree-dce -fno-tree-dse标志与 -O1 一起使用,我会得到正确的输出。我想了解 GCC 在做什么,它是 gcc 错误,还是有不同的方式来编写不会触发此问题的上述代码?
gcc 很好,你的代码有问题。
static int populate_structs(optests_caps_t *caps)
{
// ...
optests_cap_t cap[CAP_COUNT];
// ...
caps->structs = cap;
}
cap对函数来说是局部的populate_structs,所以在函数返回之后,对指向的内存的任何进一步访问caps->structs都是未定义的行为。
也许你想声明cap为静态的,或者用来malloc为它分配一些内存。
问题是这一行:
caps->structs = cap;
这caps->structs指向(的第一个元素)本地数组cap。
一旦函数结束,该数组的生命周期也将结束,指针将失效。在该点之后对该指针的任何取消引用都将导致未定义的行为。