489707 – Conditional jump or move depends on uninitialised value(s)" shouldn't apply to assertions.

Bug 489707 - Conditional jump or move depends on uninitialised value(s)" shouldn't apply to assertions.

Summary: Conditional jump or move depends on uninitialised value(s)" shouldn't apply t...

Status:	RESOLVED NOT A BUG

Alias:	None

Product:	valgrind
Classification:	Developer tools
Component:	memcheck (show other bugs)
Version:	3.23.0
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Julian Seward

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-07-04 00:42 UTC by Daniel Black
Modified:	2024-07-04 09:08 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Black 2024-07-04 00:42:28 UTC

SUMMARY

Defensive code can use assertions around uninitialised values to protect against undefined behaviour. While valgrind does the same thing, to do both there is now a different compile option to test under valgrind.

STEPS TO REPRODUCE

1. t.c

#include <assert.h>

int main()
{
  unsigned long n;
  char *b = (char *) &n;

  *b = 1;
  assert((n & ~0xFFUL) == 0);

}

2.  gcc -o /tmp/t /tmp/t.c
3. valgrind /tmp/t

OBSERVED RESULT

==1111332== Conditional jump or move depends on uninitialised value(s)
==1111332==    at 0x401147: main (in /tmp/t)

EXPECTED RESULT

no error.

SOFTWARE/OS VERSIONS

Linux (Fedora 40)
(gcc 14.1.1)

ADDITIONAL INFORMATION

This didn't trigger as error on valgrind 3.18.1.

ref: https://jira.mariadb.org/browse/MDEV-34502
and workaround: https://github.com/MariaDB/server/pull/3378
notably: valgrind didn't error on the subsequent statements reading n

Comment 1 Paul Floyd 2024-07-04 08:10:25 UTC

First, are you certain that it was only the change from Valgrind 3.18.1 to Valgrind 3.23 that caused the change?

I just checked out the code for 3.18.1 and using GCC 14.1 on RHEL 7..6 I get the same error with both that version and git HEAD.

Second, there is no way for us to know when an expression is used in an assert. On amd64 your example code produces

  40114a:       c6 00 01                movb   $0x1,(%rax)
  40114d:       48 8b 45 f0             mov    -0x10(%rbp),%rax
  401151:       48 3d ff 00 00 00       cmp    $0xff,%rax
  401157:       76 19                   jbe    401172 <main+0x3c>
  401159:       b9 23 20 40 00          mov    $0x402023,%ecx
  40115e:       ba 09 00 00 00          mov    $0x9,%edx
  401163:       be 04 20 40 00          mov    $0x402004,%esi
  401168:       bf 10 20 40 00          mov    $0x402010,%edi
  40116d:       e8 be fe ff ff          call   401030 <__assert_fail@plt>
  401172:       b8 00 00 00 00          mov    $0x0,%eax
  401177:       c9                      leave
  401178:       c3                      ret

where the opcodes
  401151:       48 3d ff 00 00 00       cmp    $0xff,%rax
  401157:       76 19                   jbe    401172 <main+0x3c>
are triggering the error. At the moment of the error we can't tell that the false case leads to a call to __assert_fail.

Thirdly, and this is the really fundamental problem, you don't seem to understand the nature of Undefined Behaviour.

There are two possibilities. Either your program text is well-formed or it is ill-formed. If it is well-formed then you can reason about it. You can say things like "if A is true then B should happen". If it is ill-formed then that is it. You cannot reason about ill-formed code.

See
https://en.cppreference.com/w/c/language/behavior
and
https://youtu.be/yG1OZ69H_-o?feature=shared

So, in summary
1. this would be difficult to impllement
2. I think that it would be a serious mistake for us to do anything that masks UB.

Comment 2 Daniel Black 2024-07-04 09:08:47 UTC

Might have been a compiler change.

Agree with other statements.

Thanks for your time.