subject:"\[issue23999\] Undefined behavior in dtoa.c \(rshift 32 of 32bit data type\)"

[issue23999] Undefined behavior in dtoa.c (rshift 32 of 32bit data type)

2015-04-19 Thread Christian Heimes


Christian Heimes added the comment:

You could be right. I didn't track all paths manually. All this bit shifting is 
making my head dizzy... :)

Anyways I have sent you an invite for Coverity, so you can check the result 
yourself. The Python test suite passes with assert(k  32); inside the 
problematic block, too.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23999
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23999] Undefined behavior in dtoa.c (rshift 32 of 32bit data type)

2015-04-19 Thread Mark Dickinson


Mark Dickinson added the comment:

Ah, sorry; I see it.  Fix on the way.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23999
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23999] Undefined behavior in dtoa.c (rshift 32 of 32bit data type)

2015-04-19 Thread Mark Dickinson


Mark Dickinson added the comment:

Looking more closely, the report doesn't make sense to me:  `k` is the return 
value from a call to `lo0bits`.  From the source of `lo0bits`, I don't see any 
way that `k` can be 32: it's always going to be in the range [0, 31].  
Christian: do you have any more information from Coverity?  This looks like a 
false positive to me.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23999
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23999] Undefined behavior in dtoa.c (rshift 32 of 32bit data type)

2015-04-19 Thread Mark Dickinson


Mark Dickinson added the comment:

Okay, so after looking more closely, this *still* looks like a false positive:  
`lo0bits` *can* return 32, but only for an input of zero.  In the code in 
question, we're doing `k = lo0bits(y)`, so the only way we can get a `k` of 
`32` is if `y = 0`.  But the whole thing is inside an if block that looks 
like `if ((y = word1(d))) { ... }` (yep, completely with the extra parentheses 
and the misleading equality-test-lookalike assignment), so that `if` block 
won't be executed if `y` is zero.

I edited the code to print out debugging information if `k` is ever 32 at that 
point, and saw no output.  So I don't think that line ever gets executed with 
`k = 32`.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23999
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23999] Undefined behavior in dtoa.c (rshift 32 of 32bit data type)

2015-04-19 Thread Mark Dickinson


Mark Dickinson added the comment:

 saw no output

Bah; missed a bit.  I saw no output when running the Python test suite, that 
is.  That's not definitive, of course.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23999
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23999] Undefined behavior in dtoa.c (rshift 32 of 32bit data type)

2015-04-19 Thread Mark Dickinson


Mark Dickinson added the comment:

I'm pretty sure that our code was based on something rather more recent than 
2001: it was the most recent version available at the time (around 2008?), and 
it incorporates subsequent fixes from David Gay.

Please don't replace our dtoa.c with a current version: ours has diverged from 
the original, and includes fixes that aren't available upstream.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23999
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23999] Undefined behavior in dtoa.c (rshift 32 of 32bit data type)

2015-04-18 Thread Christian Heimes


New submission from Christian Heimes:

Coverity has found undefined behavior in dtoa.c:d2b(). lo0bits() can return 32 
which z = 32, where z is an uint32. I've talked to doku at PyCon. He 
suggested to update dtoa.c to a more recent version. Our copy is based on a 
version from 2001. There are more modern versions available, e.g. 
https://searchcode.com/codesearch/view/52748288/ from 2006.

CID 1202735 (#1 of 1): Bad bit shift operation (BAD_SHIFT)
large_shift: In expression z = k, right shifting by more than 31 bits has 
undefined behavior. The shift amount, k, is 32.

--
messages: 241464
nosy: christian.heimes, doko, eric.smith, mark.dickinson, serhiy.storchaka
priority: normal
severity: normal
stage: needs patch
status: open
title: Undefined behavior in dtoa.c (rshift 32 of 32bit data type)
type: behavior
versions: Python 2.7, Python 3.3, Python 3.4, Python 3.5

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23999
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23999] Undefined behavior in dtoa.c (rshift 32 of 32bit data type)

[issue23999] Undefined behavior in dtoa.c (rshift 32 of 32bit data type)

[issue23999] Undefined behavior in dtoa.c (rshift 32 of 32bit data type)

[issue23999] Undefined behavior in dtoa.c (rshift 32 of 32bit data type)

[issue23999] Undefined behavior in dtoa.c (rshift 32 of 32bit data type)

[issue23999] Undefined behavior in dtoa.c (rshift 32 of 32bit data type)

[issue23999] Undefined behavior in dtoa.c (rshift 32 of 32bit data type)

7 matches

Site Navigation

Mail list logo

Footer information