The following simple cat clone fails with mudflap: $ cat mudflap_unlocked.c #include <stdio.h>
int main(int argc, char** argv) { int chr; while ((chr = fgetc_unlocked(stdin)) != EOF) fputc_unlocked(chr, stdout); return 0; } $ i686-pc-linux-gnu-gcc-4.4.1 -Wall -O1 -fmudflap \ -o mudflap_unlocked mudflap_unlocked.c -lmudflap $ ./mudflap_unlocked <<< foo ******* mudflap violation 1 (check/read): time=... ptr=0xb80b0001 size=1 pc=0xb7f826bc location=`/usr/include/bits/stdio.h:56:10 (main)' /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libmudflap.so.0(__mf_check+0x3e) ./mudflap_unlocked(main+0x2d5) /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libmudflap.so.0(__wrap_main+0x55) number of nearby objects: 0 ******* mudflap violation 2 (check/read): time=... ptr=0xb80b0002 size=1 pc=0xb7f826bc location=`/usr/include/bits/stdio.h:56:10 (main)' /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libmudflap.so.0(__mf_check+0x3e) ./mudflap_unlocked(main+0x2d5) /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libmudflap.so.0(__wrap_main+0x55) number of nearby objects: 0 ******* mudflap violation 3 (check/read): time=... ptr=0xb80b0003 size=1 pc=0xb7f826bc location=`/usr/include/bits/stdio.h:56:10 (main)' /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libmudflap.so.0(__mf_check+0x3e) ./mudflap_unlocked(main+0x2d5) /usr/lib/gcc/i686-pc-linux-gnu/4.4.1/libmudflap.so.0(__wrap_main+0x55) number of nearby objects: 0 foo $ I assume that -O1 and above inlines the fgetc_unlocked call, which then becomes some kind of access to some static buffer which mudflap fails to recognize as being readable. Unfortunately I could not reproduce this issue without at least -O1, and selectively disabling some optimizations didn't render the backtraces any more intellegible. Debugging through __mfu_check, it seems that the pointer can be associated with no memory block at all, neither valid nor invalid. Therefore the final judgement becomes -1 in the following part: /* If the judgment is still unknown at this stage, loop around at most one more time. */ if (judgement == 0) { if (heuristics++ < 2) /* XXX parametrize this number? */ judgement = __mf_heuristic_check (ptr_low, ptr_high); else judgement = -1; } -- Summary: fgetc_unlocked fails with -fmudflap -O1 Product: gcc Version: 4.4.1 Status: UNCONFIRMED Severity: minor Priority: P3 Component: libmudflap AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: Martin dot vGagern at gmx dot net GCC build triplet: i686-pc-linux-gnu GCC host triplet: i686-pc-linux-gnu GCC target triplet: i686-pc-linux-gnu http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41559