From: Pascal Cuoq <cuoq@trust-in-soft.com>
To: "musl@lists.openwall.com" <musl@lists.openwall.com>
Subject: Documentation of memcpy and undefined behavior in memset
Date: Thu, 6 Jul 2017 14:15:25 +0000 [thread overview]
Message-ID: <0F9B48AD-C5B3-44B6-8D82-0985CF8604A0@trust-in-soft.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2022 bytes --]
Hello all,
when I started testing parts of musl with TIS Interpreter, I made sure to use TIS Interpreter versions of low-level functions such as memcpy and memset, while testing higher-level functions. Musl's functions can provide guarantees beyond the standard, and it is fair game to rely on these guarantees elsewhere in musl since musl's versions of these functions are called, but I thought it would be interesting to know that musl provides additional guarantees and relies on them.
That was informative. It turned out that musl's implementation of fwrite() can call memcpy() with a length of 0 and a pointer one-past, inside __fwritex:
https://git.musl-libc.org/cgit/musl/tree/src/stdio/fwrite.c?id=a08910fc2cc739f631b75b2d09b8d72a0d64d285#n23
It can be argued that C11 does not define the behavior of memcpy in this case: https://stackoverflow.com/questions/25390577/is-memcpya-1-b-1-0-defined-in-c11
For this reason, it may be worth documenting that musl's memcpy does not require valid pointers when invoked with a size of 0, and any future memcpy implementation (e.g. in assembly) should continue to do so.
Changing course and using musl's implementation of memcpy and memset to analyse higher-level functions, we found what I think is an undefined behavior in memset. The following line in the implementation of memset can be reached with n = 1:
s[0] = s[n-1] = c;
https://git.musl-libc.org/cgit/musl/tree/src/string/memset.c?id=a08910fc2cc739f631b75b2d09b8d72a0d64d285#n14
I think this is undefined because i = i++;, which is equivalent to i = i = i + 1;, is the canonical example for the “unsequenced side-effect in expression” undefined behavior(*), and what makes this latter example undefined is the “i = i =” part, not the “i + 1” part. Musl's “s[0] = s[n-1] =” is identical to that when n == 1.
The same problem occurs in the next lines of memset for other values of n.
Pascal
(*) https://en.wikipedia.org/wiki/Sequence_point#Examples_of_ambiguity
[-- Attachment #2: Type: text/html, Size: 3572 bytes --]
next reply other threads:[~2017-07-06 14:15 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-06 14:15 Pascal Cuoq [this message]
2017-07-06 15:52 ` Alexander Monakov
2017-07-06 16:23 ` Rich Felker
2017-07-06 17:02 ` Alexander Monakov
2017-07-06 17:11 ` Rich Felker
2017-07-06 17:17 ` Alexander Monakov
2017-07-06 17:22 ` Rich Felker
2017-07-06 17:38 ` Alexander Monakov
2017-07-06 18:13 ` Rich Felker
2017-07-06 18:52 ` Jens Gustedt
2017-07-06 19:23 ` Szabolcs Nagy
2017-07-06 23:52 ` Jens Gustedt
2017-07-06 19:05 ` Bartosz Brachaczek
2017-07-06 19:10 ` Leah Neukirchen
2017-07-06 19:28 ` Szabolcs Nagy
2017-07-06 16:29 ` Szabolcs Nagy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0F9B48AD-C5B3-44B6-8D82-0985CF8604A0@trust-in-soft.com \
--to=cuoq@trust-in-soft.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).