Segfault only with optimization

Re: Segfault only with optimization

On Mar 17, 10:04 am, Jeff Taylor <dev.n...@spam. netwrote:What are the compile switches that you use?
Crank the warnings up to the maximum level.
Feed the code to splint:

Re: Segfault only with optimization

Jeff Taylor wrote:There are several approaches to this problem

1) The approach I usually take:
1.a Include the debug information when compiling (usually with -g)
1.b Do not strip the executable
1.c Start the gdb debugger and run your program within the debugger.
1.d When it crashes, take note of where it crashes. The specific
gdb command is "backtrace" as far as I remember.
1.e Look at the local variables. Note that the values displayed
by gdb are probably wrong since optimizations and debugging
do not mix well.
1.f Recompile the module where the crash happens WITHOUT
any optimizations
1.g Relink
1.h Rerun. Does the program crash? If no, you have found the
module where the fault is. Go to step 1.j
If yes, the fault is still there. Take another module from
the modules in the backtrace and recompile. Go to step 1.g.
1.i If you have recompiled all the modules in the backtrace and
the crash still persists, recompile one by one all other
modules until the crash disappears. The last module that
you recompiled is the module with the fault.
1.j Isolate the fault within the module. This can be tricky
unless there is a way to tell the compiler to enable/disable
optimizations in a function by function basis.

2) The approach recommended by the regulars in this group:
Read the source code. If you read hard enough the bug will be
obvious to you.
There is no free lunch. Optimized programs are more sensible to
programming errors than no optimized ones. Besides, you expose
yourself to the bugs of the optimizer, that are many.

If you are doing straight C though, it is highly unlikely that
there is a bug in the optimizer...


--
jacob navia
jacob at jacob point remcomp point fr
logiciels/informatique

Re: Segfault only with optimization

jacob navia wrote:
A program that invokes a buffer overrun, but happens to produce expected
output is surely not correct?

He means semantic errors. Or does your compiler do the programming for
the programmer? :-)

<snip>

Re: Segfault only with optimization

santosh wrote:How the hell do you know that there is a buffer
overrun if the output is not affected?

To KNOW that there is a buffer overrun the program MUST
do something it should not do, i.e. produce an output
that is different than the expected output

If the output of the program is normal you have NO WAY
to know there is a buffer overrun.

And if you hook a debugger and see some buffer being
overrun that *is* output of course.
What I mean is that such sentences are not helpful to the OP.
And we should try to be less patronizing with newcomers and
people that ask questions. I am sure the OP knows that it is the
programmer that debugs the program. He was asking us to help him
to do that, not to answer him

just do it pal...


--
jacob navia
jacob at jacob point remcomp point fr
logiciels/informatique

Re: Segfault only with optimization

jacob navia wrote:
Not if you use a memory bounds checker. You can also "know" that there
is a buffer overrun by just looking at the source.
No. The output of the debugger is not the output of the program being
debugged.

<snip>

Re: Segfault only with optimization

jacob navia <jacob@nospam.c omwrites:
By inspecting the source code.
--
Ben Pfaff

Re: Segfault only with optimization

On 17 Mar, 21:40, santosh <santosh....@gm ail.comwrote:What is the definition of "correct"? A computer program
is simply a machine for computing some function on a set
of strings from some alphabet. If the output is as expected
for all possible inputs, then the program accurately models
the function, and is thus correct. However, if it contains
a programming error, it is very likely that it does not
produce correct output on all possible inputs, but it
is generally not feasible to check all possible inputs.
So, Jacob is right in the sense that the output is the
only thing that matters in an academic sense of determining
the correctness of the program, and Santosh is right in
the practical sense that a program that contains a buffer
overflow will probably generate incorrect output on some
input string. Can't we all just get along? :)

Re: Segfault only with optimization

user923005 wrote:There are islam believers that know the koran by heart.
There are christians that know the bible by heart (down to
the line number)

Human memory can be wasted in a thousand ways. Thanks for confirming
it.

Obviously. Not everybody wants to waste effort in a stupid
thing like that guy does.

WHAT IS THE USE?

none



--
jacob navia
jacob at jacob point remcomp point fr
logiciels/informatique

Re: Segfault only with optimization

jacob navia wrote:
Er, guaranteed job? Peer admiration?
:-)

Re: Segfault only with optimization

On Mar 17, 5:45 pm, jacob navia <ja...@nospam.c omwrote:This points out that blind testing is never sufficient to prove
correctness of a program. In the data set used in test the program
seems to run fine, but a different data set in production causes it to
crash. The bug (buffer overrun or whatever) was always there. It just
was not manifested in test. Not that using the debugger would not have
helped since the data set used in the debugging session was the test
data.

So how do you know the bug is there BEFORE getting it in production?
Code reviews are one more tool. Note: this requires READING someone
else's code. Amazing how we get back to that. The review might at
least suggest a test case that triggers the bug.
You can find these bugs by inspection o9f the code (if you know what
to look for, ie experience).Not from the test. Not even a test with a debugger. You find this the
hard way in production, OR by inspecting the code (There's that Read
the code situation again).IF you see the overrun in the debugger.You snipped his suggestion to reduce the program to a smaller version
that still shows the bug. So stop harping on people to do what they
already are doing.

Ed

Re: Segfault only with optimization

jacob navia wrote:I've fixed many bugs that did not affect the program's
output, but were regarded as serious enough to warrant hot
fixes or rapid-response patches.

My favorite involved a piece of code that sorted some
data so it could turn an O(N*N) search task into O(N).
Unfortunately, the sort itself ran in O(N*N*logN) time ...

(Didn't use a debugger, either. A profiler told me
where the time was going, and code-reading did the rest.)

--
Eric.Sosman@sun .com

Re: Segfault only with optimization

Ben Pfaff wrote:.... snip ...I just did a rough line count on two of my packages, hashlib and
nmalloc. I found both added up to about 2500 lines. Now I avoid
extra lines, and like to put multiple statements in a single line,
etc., so I suspect most writers would find those code modules to
add up to about 5000 lines each. I also think there is little
redundancy in my code. I counted the main module, the header
files, the testing files, and the accessory files (added optional
abilities).

My point is that those units have never seen a debugger. They have
seen the equivalent of printfs, and they have been debugged.

--
[mail]: Chuck F (cbfalconer at maineline dot net)
[page]: <http://cbfalconer.home .att.net>
Try the download section.



--
Posted via a free Usenet account from http://www.teranews.com

Re: Segfault only with optimization

jacob navia wrote:Well, for one thing, he probably doesn't need a printed listing.
At 50 lines per page, that adds up to 10K pages for a single
listing. It would appear fair economies are possible.

--
[mail]: Chuck F (cbfalconer at maineline dot net)
[page]: <http://cbfalconer.home .att.net>
Try the download section.


--
Posted via a free Usenet account from http://www.teranews.com

Re: Segfault only with optimization

CBFalconer wrote:FANTASTIC FALCONER!

At this price, your whole brain is worth only a few bucks!


--
jacob navia
jacob at jacob point remcomp point fr
logiciels/informatique