flat assembler
Message board for the users of flat assembler.

Index > Heap > Bug in GCC?

Author
Thread Post new topic Reply to topic
Plue



Joined: 15 Dec 2005
Posts: 151
Plue
Code:
unsigned int __stdcall UnlockFrame(unsigned int Frame) {
  Frame = Frame |~ (1 << Frame);
  return Frame;
}    


Code:
_UnlockFrame@4:
     push    ebp
 mov     eax, -2
     mov     ebp, esp
    mov     ecx, DWORD PTR [ebp+8]
      pop     ebp
 rol     eax, cl
     or      ecx, eax
    mov     eax, ecx
    ret     4
    


The bug is that the stack frame is
1) Created too late
2) Destroyed too early
which means a crash will potentially be reported in the wrong function. Is it a bug?

The other thing is, why does it rotate?

_________________
Roses are red
Violets are blue
Some poems rhyme
And some don't.
Post 05 Dec 2007, 21:37
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Since the only instruction that can really make an exception is "mov ecx, DWORD PTR [ebp+8]", there is no real problem in handling the stack frame in this quasi-unconventional way.

As for the rotate, gcc realized that using it with constant "-2" saves you of using the NOT instruction later.
Post 05 Dec 2007, 22:04
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
BTW, there is a possibe bug still. "1 shl 32" is 0 but since the CPU only uses the modulo 32 it is interpreted as "1 shl 0". So, the "Frame = Frame | -1;" situation is not contemplated, GCC assumed that "<<" should be strictly fully compatible with the SHL instruction and hence, ROL is suitable for the task.

Does the C/C++ language states that "<<" will work as the target architecture or even specifies explicitely that "A << B" is in fact "A << (B & 0x1F)" for unsigned long?
Post 06 Dec 2007, 02:07
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Quote:
Does the C/C++ language states that "<<" will work as the target architecture or even specifies explicitely that "A << B" is in fact "A << (B & 0x1F)" for unsigned long?

My guess would be that this case is not defined, and is "implementation dependent". In other words, you can't use this reliably.

I tried following on MSVC and MinGW GCC, and both used SHL
Code:
int shl(int a, int b)
{
  return a << b;
}    
Post 06 Dec 2007, 03:14
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
confirmed: standard only quarantess shifting by less bits than number has.
Post 06 Dec 2007, 12:35
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Plue



Joined: 15 Dec 2005
Posts: 151
Plue
LocoDelAssembly wrote:
Since the only instruction that can really make an exception is "mov ecx, DWORD PTR [ebp+8]", there is no real problem in handling the stack frame in this quasi-unconventional way.
But it does it even if there's a memory access afterwards.
Code:
unsigned int Frames;
unsigned int __stdcall UnlockFrame(unsigned int Frame) {
    unsigned int index = Frame / 32;
    unsigned int offset = Frame % 32;
    Frame = Frame &~ (1 << offset);
    Frames = Frame;
}    

Code:
_UnlockFrame@4:
    push    ebp
 mov     eax, -2
     mov     ebp, esp
    mov     edx, DWORD PTR [ebp+8]
      pop     ebp
 mov     ecx, edx
    and     ecx, 31
     rol     eax, cl
     and     edx, eax
    mov     DWORD PTR _Frames, edx
      ret     4
    


Quote:
As for the rotate, gcc realized that using it with constant "-2" saves you of using the NOT instruction later.
That's probably correct, but why?

_________________
Roses are red
Violets are blue
Some poems rhyme
And some don't.
Post 06 Dec 2007, 13:18
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Why is correct? Note that the "~ (1 << Frame)" is "I want all 1s except for a 0 at Frame position". So if we rotate -2 we are going to have this effect.

As for the second code, if "mov DWORD PTR _Frames, edx" actually fails you have much more important things to check, like how is possible that a bss variable that is allocated before even the program starts is not accessible and the program started anyway.

Code:
        and     ecx, 31 
        rol     eax, cl     

The AND is very useless here...
Post 06 Dec 2007, 13:36
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.