[Cython] [cython-users] "Stack" checker for undefined behaviour in C code

Stefan Behnel stefan_ml at behnel.de
Fri Nov 1 19:53:37 CET 2013 

Lisandro Dalcin, 01.11.2013 14:52:
> On 1 November 2013 15:55, Lisandro Dalcin wrote:
>> On 31 October 2013 20:25, Stefan Behnel wrote:
>>> I just came across this paper:
>>>
>>> http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf
>>>
>>> They describe an analysis tool that checks C code for bugs that exploit
>>> undefined behaviour and that are thus up to the mercy of compiler
>>> assumptions and "optimisations" to do the right thing or not. They made it
>>> available on github:
>>>
>>> https://github.com/xiw/stack/
>>>
>>> If anyone wants to take the time to set it up for checking some Cython
>>> generated code, I'd be interested to see if it finds something.
>>
>> I tested with mpi4py and got 0 warnings. I'll run it on Cython's testsuite.
> 
> I got two warnings out of 'python setup.py build'

Thanks for testing!


> Analyzing ./build/temp.linux-x86_64-2.7/home/dalcinl/Devel/cython-dev/Cython/Plex/Scanners.17387.ll
> Analyzing ./build/temp.linux-x86_64-2.7/home/dalcinl/Devel/cython-dev/Cython/Plex/Actions.17412.ll
> Analyzing ./build/temp.linux-x86_64-2.7/home/dalcinl/Devel/cython-dev/Cython/Runtime/refnanny.17706.ll
> Analyzing ./build/temp.linux-x86_64-2.7/home/dalcinl/Devel/cython-dev/Cython/Compiler/Code.17659.ll
> Analyzing ./build/temp.linux-x86_64-2.7/home/dalcinl/Devel/cython-dev/Cython/Compiler/FlowControl.17614.ll
> Analyzing ./build/temp.linux-x86_64-2.7/home/dalcinl/Devel/cython-dev/Cython/Compiler/Lexicon.17437.ll
> Analyzing ./build/temp.linux-x86_64-2.7/home/dalcinl/Devel/cython-dev/Cython/Compiler/Visitor.17577.ll
> Analyzing ./build/temp.linux-x86_64-2.7/home/dalcinl/Devel/cython-dev/Cython/Compiler/Scanning.17462.ll
> Analyzing ./build/temp.linux-x86_64-2.7/home/dalcinl/Devel/cython-dev/Cython/Compiler/Parsing.17489.ll
> Generated 2 warnings, see pstack.txt for details.
> [dalcinl at kw2060 build.bak]$ cat pstack.txt
> ---
> bug: anti-dce
> model: |
>   %523 = icmp ne i64 %522, 0, !dbg !1139
>   -->  false
>   ************************************************************
>   :
>   %518 = load %struct._object** @PyExc_UnboundLocalError, align 8, !dbg !1140
>   %519 = call %struct._object* (%struct._object*, i8*, ...)*
> @PyErr_Format(%struct._object* %518, i8* getelementptr inbounds ([49 x
> i8]* @.str100, i32 0, i32 0), i8* getelementptr inbounds ([6 x i8]*
> @.str52, i32 0, i32 0)), !dbg !1140
>   br label %605, !dbg !1143
> stack:
>   - /home/dalcinl/Devel/cython-dev/Cython/Plex/Scanners.c:6651:0
>   - /home/dalcinl/Devel/cython-dev/Cython/Plex/Scanners.c:1752:0
> ncore: 1
> core:
>   - /home/dalcinl/Devel/cython-dev/Cython/Plex/Scanners.c:6511:0
>     - null pointer dereference
> ---
> bug: anti-simplify
> model: |
>   %7699 = icmp ne %struct._object* %78, null, !dbg !4455
>   -->  true
> stack:
>   - /home/dalcinl/Devel/cython-dev/Cython/Compiler/FlowControl.c:16304:0
> ncore: 1
> core:
>   - /home/dalcinl/Devel/cython-dev/Cython/Compiler/FlowControl.c:30198:0
>     - null pointer dereference

Erm - interesting. I looked through the code lines above and couldn't find
anything that looked suspicious. I hope I used the same source version as
you did (latest master?). Maybe I was just blinded by macros, but what I
saw looked rather reasonable...

Stefan

More information about the cython-devel mailing list