为什么 -O4 编译器指令会产生意想不到的结果?
Why does the -O4 compiler directive give unexpected results?
我应该使用编译器指令 gcc -pedantic -Wall -ansi -O4。但是 -O4 标志给我带来了一些问题。它在没有 O4 标志的情况下工作,但有了它我得到了意想不到的结果:
$ gcc -pedantic -Wall -ansi openshell.c
$ ./a.out
'PATH' is set to /home/dac/proj/google-cloud-sdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games.
miniShell>> ls | wc -l
82
6318: child 6319 status 0x0000
Execution time 1.197 ms
miniShell>> exit
$ gcc -pedantic -Wall -ansi -O4 openshell.c
$ ./a.out
'PATH' is set to /home/dac/proj/google-cloud-sdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games.
miniShell>> ls | wc -l
./a.out:6332: Syntax error: pipe with no command following (10: No child processes)
我该怎么办?相关代码为:
static void exec_arguments(int argc, char **argv)
{
/* Split the command line into sequences of arguments */
/* Break at pipe symbols as arguments on their own */
int i = 1;
char ***cmdv = malloc(sizeof *cmdv * (argc/2));
char **args = malloc(sizeof *args * (argc+1));
int cmdn = 0;
int argn = 0;
cmdv[cmdn++] = &args[argn];
for (i=1; i < argc; i++)
{
char *arg = argv[i];
if (strcmp(arg, "|") == 0)
{
if (i == 1)
err_sysexit("Syntax error: pipe before any command");
if (args[argn-1] == 0)
err_sysexit("Syntax error: two pipes with no command between");
arg = 0;
}
args[argn++] = arg;
if (arg == 0)
cmdv[cmdn++] = &args[argn];
}
if (args[argn-1] == 0)
err_sysexit("Syntax error: pipe with no command following");
args[argn] = 0;
exec_pipeline(cmdn, cmdv);
free(cmdv);
free(args);
}
如果我用 O3 和 O4 编译而不用 O2 编译,就会发生这种情况。上面函数的调用是这段代码:
argv2[1] = line;
i = 1;
p = strtok (line, " ");
while (p != NULL)
{
array[i++] = p;
p = strtok (NULL, " ");
}
exec_arguments(i, array);
corpse_collector();
这是使用 valgrind 进行的分析:
$ valgrind --leak-check=full -v ./a.out
==9145== Memcheck, a memory error detector
==9145== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==9145== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==9145== Command: ./a.out
==9145==
--9145-- Valgrind options:
--9145-- --leak-check=full
--9145-- -v
--9145-- Contents of /proc/version:
--9145-- Linux version 3.16.0-48-generic (buildd@lcy01-10) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #64~14.04.1-Ubuntu SMP Thu Aug 20 23:03:57 UTC 2015
--9145--
--9145-- Arch and hwcaps: AMD64, LittleEndian, amd64-cx16-lzcnt-rdtscp-sse3-avx-avx2-bmi
--9145-- Page sizes: currently 4096, max supported 4096
--9145-- Valgrind library directory: /usr/lib/valgrind
--9145-- Reading syms from /home/dac/ClionProjects/openshell/a.out
--9145-- Reading syms from /lib/x86_64-linux-gnu/ld-2.21.so
--9145-- Considering /lib/x86_64-linux-gnu/ld-2.21.so ..
--9145-- .. CRC mismatch (computed c1319e6e wanted c87fa39c)
--9145-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/ld-2.21.so ..
--9145-- .. CRC is valid
--9145-- Reading syms from /usr/lib/valgrind/memcheck-amd64-linux
--9145-- Considering /usr/lib/valgrind/memcheck-amd64-linux ..
--9145-- .. CRC mismatch (computed cd34a87b wanted 936d30dc)
--9145-- object doesn't have a symbol table
--9145-- object doesn't have a dynamic symbol table
--9145-- Scheduler: using generic scheduler lock implementation.
--9145-- Reading suppressions file: /usr/lib/valgrind/default.supp
==9145== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-9145-by-dac-on-???
==9145== embedded gdbserver: writing to /tmp/vgdb-pipe-to-vgdb-from-9145-by-dac-on-???
==9145== embedded gdbserver: shared mem /tmp/vgdb-pipe-shared-mem-vgdb-9145-by-dac-on-???
==9145==
==9145== TO CONTROL THIS PROCESS USING vgdb (which you probably
==9145== don't want to do, unless you know exactly what you're doing,
==9145== or are doing some strange experiment):
==9145== /usr/lib/valgrind/../../bin/vgdb --pid=9145 ...command...
==9145==
==9145== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==9145== /path/to/gdb ./a.out
==9145== and then give GDB the following command
==9145== target remote | /usr/lib/valgrind/../../bin/vgdb --pid=9145
==9145== --pid is optional if only one valgrind process is running
==9145==
--9145-- REDIR: 0x401add0 (ld-linux-x86-64.so.2:strlen) redirected to 0x3809e1b1 (???)
--9145-- Reading syms from /usr/lib/valgrind/vgpreload_core-amd64-linux.so
--9145-- Considering /usr/lib/valgrind/vgpreload_core-amd64-linux.so ..
--9145-- .. CRC mismatch (computed 1c3ef3cc wanted d1ae2653)
--9145-- object doesn't have a symbol table
--9145-- Reading syms from /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so
--9145-- Considering /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so ..
--9145-- .. CRC mismatch (computed 6e6e6f70 wanted ea7b69f1)
--9145-- object doesn't have a symbol table
==9145== WARNING: new redirection conflicts with existing -- ignoring it
--9145-- old: 0x0401add0 (strlen ) R-> (0000.0) 0x3809e1b1 ???
--9145-- new: 0x0401add0 (strlen ) R-> (2007.0) 0x04c2f060 strlen
--9145-- REDIR: 0x401ab30 (ld-linux-x86-64.so.2:index) redirected to 0x4c2ec00 (index)
--9145-- REDIR: 0x401ad50 (ld-linux-x86-64.so.2:strcmp) redirected to 0x4c30110 (strcmp)
--9145-- REDIR: 0x401bac0 (ld-linux-x86-64.so.2:mempcpy) redirected to 0x4c33330 (mempcpy)
--9145-- Reading syms from /lib/x86_64-linux-gnu/libc-2.21.so
--9145-- Considering /lib/x86_64-linux-gnu/libc-2.21.so ..
--9145-- .. CRC mismatch (computed 871d6e12 wanted 63ccc9d2)
--9145-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/libc-2.21.so ..
--9145-- .. CRC is valid
--9145-- REDIR: 0x4ec7950 (libc.so.6:strcasecmp) redirected to 0x4a26730 (_vgnU_ifunc_wrapper)
--9145-- REDIR: 0x4ec9c40 (libc.so.6:strncasecmp) redirected to 0x4a26730 (_vgnU_ifunc_wrapper)
--9145-- REDIR: 0x4ec70d0 (libc.so.6:memcpy@GLIBC_2.2.5) redirected to 0x4a26730 (_vgnU_ifunc_wrapper)
--9145-- REDIR: 0x4ec5370 (libc.so.6:rindex) redirected to 0x4c2e8e0 (rindex)
==9145== Syscall param rt_sigaction(act->sa_mask) points to uninitialised byte(s)
==9145== at 0x4E6D3F1: __libc_sigaction (sigaction.c:62)
==9145== by 0x401061: main (in /home/dac/ClionProjects/openshell/a.out)
==9145== Address 0xffeffefc8 is on thread 1's stack
==9145==
--9145-- REDIR: 0x4ec3670 (libc.so.6:strlen) redirected to 0x4c2efa0 (strlen)
--9145-- REDIR: 0x4ec3ae0 (libc.so.6:__GI_strncmp) redirected to 0x4c2f750 (__GI_strncmp)
--9145-- REDIR: 0x4ece6b0 (libc.so.6:strchrnul) redirected to 0x4c32e60 (strchrnul)
--9145-- REDIR: 0x4ec7300 (libc.so.6:__GI_mempcpy) redirected to 0x4c33060 (__GI_mempcpy)
'PATH' is set to /home/dac/proj/google-cloud-sdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games.
--9145-- REDIR: 0x4ebc440 (libc.so.6:malloc) redirected to 0x4c2bb60 (malloc)
--9145-- REDIR: 0x4ecc390 (libc.so.6:__GI_memcpy) redirected to 0x4c30b60 (__GI_memcpy)
--9145-- REDIR: 0x4ec30a0 (libc.so.6:strcpy) redirected to 0x4a26730 (_vgnU_ifunc_wrapper)
--9145-- REDIR: 0x4edcab0 (libc.so.6:__strcpy_sse2_unaligned) redirected to 0x4c2f080 (strcpy)
--9145-- REDIR: 0x4ebc7f0 (libc.so.6:free) redirected to 0x4c2cdc0 (free)
miniShell>> ls | wc -l
--9145-- REDIR: 0x4ec67c0 (libc.so.6:memchr) redirected to 0x4c301b0 (memchr)
--9145-- REDIR: 0x4ec5330 (libc.so.6:strncpy) redirected to 0x4a26730 (_vgnU_ifunc_wrapper)
--9145-- REDIR: 0x4edd0e0 (libc.so.6:__strncpy_sse2_unaligned) redirected to 0x4c2f5b0 (__strncpy_sse2_unaligned)
--9145-- REDIR: 0xffffffffff600000 (???:???) redirected to 0x3809e193 (???)
./a.out:9145: Syntax error: pipe with no command following--9145-- REDIR: 0x4ec77e0 (libc.so.6:__GI_stpcpy) redirected to 0x4c31fe0 (__GI_stpcpy)
(10: No child processes)
==9145==
==9145== HEAP SUMMARY:
==9145== in use at exit: 64 bytes in 2 blocks
==9145== total heap usage: 8 allocs, 6 frees, 300 bytes allocated
==9145==
==9145== Searching for pointers to 2 not-freed blocks
==9145== Checked 73,312 bytes
==9145==
==9145== LEAK SUMMARY:
==9145== definitely lost: 0 bytes in 0 blocks
==9145== indirectly lost: 0 bytes in 0 blocks
==9145== possibly lost: 0 bytes in 0 blocks
==9145== still reachable: 64 bytes in 2 blocks
==9145== suppressed: 0 bytes in 0 blocks
==9145== Reachable blocks (those to which a pointer was found) are not shown.
==9145== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==9145==
==9145== Use --track-origins=yes to see where uninitialised values come from
==9145== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
==9145==
==9145== 1 errors in context 1 of 1:
==9145== Syscall param rt_sigaction(act->sa_mask) points to uninitialised byte(s)
==9145== at 0x4E6D3F1: __libc_sigaction (sigaction.c:62)
==9145== by 0x401061: main (in /home/dac/ClionProjects/openshell/a.out)
==9145== Address 0xffeffefc8 is on thread 1's stack
==9145==
==9145== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
$
这个东西确实可以用 clang 编译器编译 运行。如果我想继续解决这个问题,我想我只能做一个最小的例子并比较生成的程序集。完整代码可用 here。
奇怪的是,如果我们在循环中插入一条打印语句,那么代码就可以运行:
miniShell>> ls | wc -l
Processing 1 [ls]
Processing 2 [|]
Processing 3 [wc]
Processing 4 [-l]
84
27892: child 27900 status 0x0000
Execution time 1.358 ms
static void exec_arguments(int argc, char **argv)
{
/* Split the command line into sequences of arguments */
/* Break at pipe symbols as arguments on their own */
int i = 1;
char ***cmdv = malloc(sizeof *cmdv * (argc/2));
char **args = malloc(sizeof *args * (argc+1));
int cmdn = 0;
int argn = 0;
char *arg;
cmdv[cmdn++] = &args[argn];
for (i=1; i < argc; i++)
{
arg = argv[i];
printf("Processing %d [%s]\n", i, arg);
if (strcmp(arg, "|") == 0)
{
if (i == 1)
err_sysexit("Syntax error: pipe before any command");
if (args[argn-1] == 0)
err_sysexit("Syntax error: two pipes with no command between");
arg = 0;
}
args[argn] = arg;
argn++;
/*printf("argn %d", argn);*/
if (arg == 0)
cmdv[cmdn++] = &args[argn];
}
if (args[argn-1] == 0)
err_sysexit("Syntax error: pipe with no command following");
args[argn] = 0;
exec_pipeline(cmdn, cmdv);
free(cmdv);
free(args);
}
了解以上内容后,我可以放入一个不写入任何输出并使循环工作(但我们不知道为什么)的调试语句,这将使我的代码以最高优化级别进行编译。我们仍然怀疑我们可以通过制作独立的最小错误示例来调查一些指针处理。现在,这会让我继续:
static void exec_arguments(int argc, char **argv)
{
/* Split the command line into sequences of arguments */
/* Break at pipe symbols as arguments on their own */
int i = 1;
char ***cmdv = malloc(sizeof *cmdv * (argc/2));
char **args = malloc(sizeof *args * (argc+1));
int cmdn = 0;
int argn = 0;
char *arg;
FILE* debug;
cmdv[cmdn++] = &args[argn];
for (i=1; i < argc; i++)
{
arg = argv[i];
debug = fopen("/dev/null", "w");
fprintf(debug, "Debug Information");
if (strcmp(arg, "|") == 0)
{
if (i == 1)
err_sysexit("Syntax error: pipe before any command");
if (args[argn-1] == 0)
err_sysexit("Syntax error: two pipes with no command between");
arg = 0;
}
args[argn] = arg;
argn++;
/*printf("argn %d", argn);*/
if (arg == 0)
cmdv[cmdn++] = &args[argn];
}
if (args[argn-1] == 0)
err_sysexit("Syntax error: pipe with no command following");
args[argn] = 0;
exec_pipeline(cmdn, cmdv);
free(cmdv);
free(args);
}
您的程序中存在错误。 -O4 选项与 -O3 没有任何不同。快速浏览 man gcc 会列举出可以执行任何操作的选项列表,并进行完整性检查:
diff <(gcc -Q --help=optimizers -O4) <(gcc -Q --help=optimizers -O3)
没有区别。
通常更改优化级别是查找程序中错误的好方法,因为它可能在一个优化级别下表现完美,但在另一个优化级别下可能会中断。这表示未定义的行为等。我不会浪费时间为你调试你的程序,但至少你知道问题不是直接由 -O4.
引起的
旁注:我假设 -ansi 是一个你不能改变的要求,但是它是在 C90 模式下编译的,也就是古老的C模式。我会推荐 C99 或 C11 以避免意外。
对代码进行修剪后,我发现了问题的原因。
我第一次,麻烦是"most likely, there's some undefined behaviour in your code, and using optimization is revealing it"。
问题是 main() 中的数组定义为 char *array[4];。代码溢出该数组,导致未定义的行为。将大小更改为 40 意味着程序可以可靠地运行。
虽然我破解了大量代码,但文件中仍有 400 多行代码。我确信可以完成更彻底的减少工作,但我相信这是造成问题的主要原因。
这里是简化的 main() 函数,char *array[4]l 的设置太小,还有两个新的辅助函数,dump_argv() 和 AllWhiteSpace()。许多其他功能已被删除。 foreground/background 东西不见了;删除了内置命令(如 cd 和 exit 和 unixinfo。corpse_collector() 已经收集了尸体;Janitor() 函数也在尝试收集它们,并且很少(好吧,我的意思是从来没有!)发现任何东西,因为尸体收集器已经完成了肮脏的工作。我删除了不立即相关的信号处理。
#include <ctype.h>
#include <stdbool.h>
static void dump_argv(const char *tag, int argc, char **argv)
{
assert(argv != 0 && tag != 0);
printf("%s: (%d)", tag, argc);
for (int i = 0; i < argc; i++)
printf(" {%s}", (argv[i] == NULL) ? "(null)" : argv[i]);
putchar('\n');
fflush(stdout);
assert(argv[argc] == 0);
}
static bool AllWhiteSpace(char *source)
{
unsigned char c;
while (isspace(c = *source))
source++;
return(c == '[=10=]');
}
int main(int argc, char *argv[])
{
err_setarg0(argv[argc-argc]);
while (1)
{
char *p;
char *array[40];
char line[BUFFER_LEN];
size_t length;
long time;
struct timeval time_start;
struct timeval time_end;
printf("miniShell>> ");
fflush(stdout);
if (!fgets(line, BUFFER_LEN, stdin))
{
putchar('\n');
break;
}
if (AllWhiteSpace(line))
continue;
length = strlen(line);
if (line[length - 1] == '\n')
line[length - 1] = '[=10=]';
gettimeofday(&time_start, NULL);
printf("Command line: %s\n", line);
int i = 1;
p = strtok(line, " ");
array[0] = NULL;
while (p != NULL)
{
array[i++] = p;
p = strtok(NULL, " ");
}
array[i] = NULL;
dump_argv("Before exec_arguments", i, array);
exec_arguments(i, array);
corpse_collector();
gettimeofday(&time_end, NULL);
time = (time_end.tv_sec - time_start.tv_sec) * 1000000 +
time_end.tv_usec - time_start.tv_usec;
printf("Execution time %ld.%03ld ms\n", time / 1000, time % 1000);
}
return(0);
}
现在的故障症状有些不同——要执行的字符串没有意义,因此无法执行,但将 space 增加到足够大(40 对正在使用的命令行来说太过分了; 6 就足够了)并且工作正常。
我应该使用编译器指令 gcc -pedantic -Wall -ansi -O4。但是 -O4 标志给我带来了一些问题。它在没有 O4 标志的情况下工作,但有了它我得到了意想不到的结果:
$ gcc -pedantic -Wall -ansi openshell.c
$ ./a.out
'PATH' is set to /home/dac/proj/google-cloud-sdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games.
miniShell>> ls | wc -l
82
6318: child 6319 status 0x0000
Execution time 1.197 ms
miniShell>> exit
$ gcc -pedantic -Wall -ansi -O4 openshell.c
$ ./a.out
'PATH' is set to /home/dac/proj/google-cloud-sdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games.
miniShell>> ls | wc -l
./a.out:6332: Syntax error: pipe with no command following (10: No child processes)
我该怎么办?相关代码为:
static void exec_arguments(int argc, char **argv)
{
/* Split the command line into sequences of arguments */
/* Break at pipe symbols as arguments on their own */
int i = 1;
char ***cmdv = malloc(sizeof *cmdv * (argc/2));
char **args = malloc(sizeof *args * (argc+1));
int cmdn = 0;
int argn = 0;
cmdv[cmdn++] = &args[argn];
for (i=1; i < argc; i++)
{
char *arg = argv[i];
if (strcmp(arg, "|") == 0)
{
if (i == 1)
err_sysexit("Syntax error: pipe before any command");
if (args[argn-1] == 0)
err_sysexit("Syntax error: two pipes with no command between");
arg = 0;
}
args[argn++] = arg;
if (arg == 0)
cmdv[cmdn++] = &args[argn];
}
if (args[argn-1] == 0)
err_sysexit("Syntax error: pipe with no command following");
args[argn] = 0;
exec_pipeline(cmdn, cmdv);
free(cmdv);
free(args);
}
如果我用 O3 和 O4 编译而不用 O2 编译,就会发生这种情况。上面函数的调用是这段代码:
argv2[1] = line;
i = 1;
p = strtok (line, " ");
while (p != NULL)
{
array[i++] = p;
p = strtok (NULL, " ");
}
exec_arguments(i, array);
corpse_collector();
这是使用 valgrind 进行的分析:
$ valgrind --leak-check=full -v ./a.out
==9145== Memcheck, a memory error detector
==9145== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==9145== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==9145== Command: ./a.out
==9145==
--9145-- Valgrind options:
--9145-- --leak-check=full
--9145-- -v
--9145-- Contents of /proc/version:
--9145-- Linux version 3.16.0-48-generic (buildd@lcy01-10) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #64~14.04.1-Ubuntu SMP Thu Aug 20 23:03:57 UTC 2015
--9145--
--9145-- Arch and hwcaps: AMD64, LittleEndian, amd64-cx16-lzcnt-rdtscp-sse3-avx-avx2-bmi
--9145-- Page sizes: currently 4096, max supported 4096
--9145-- Valgrind library directory: /usr/lib/valgrind
--9145-- Reading syms from /home/dac/ClionProjects/openshell/a.out
--9145-- Reading syms from /lib/x86_64-linux-gnu/ld-2.21.so
--9145-- Considering /lib/x86_64-linux-gnu/ld-2.21.so ..
--9145-- .. CRC mismatch (computed c1319e6e wanted c87fa39c)
--9145-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/ld-2.21.so ..
--9145-- .. CRC is valid
--9145-- Reading syms from /usr/lib/valgrind/memcheck-amd64-linux
--9145-- Considering /usr/lib/valgrind/memcheck-amd64-linux ..
--9145-- .. CRC mismatch (computed cd34a87b wanted 936d30dc)
--9145-- object doesn't have a symbol table
--9145-- object doesn't have a dynamic symbol table
--9145-- Scheduler: using generic scheduler lock implementation.
--9145-- Reading suppressions file: /usr/lib/valgrind/default.supp
==9145== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-9145-by-dac-on-???
==9145== embedded gdbserver: writing to /tmp/vgdb-pipe-to-vgdb-from-9145-by-dac-on-???
==9145== embedded gdbserver: shared mem /tmp/vgdb-pipe-shared-mem-vgdb-9145-by-dac-on-???
==9145==
==9145== TO CONTROL THIS PROCESS USING vgdb (which you probably
==9145== don't want to do, unless you know exactly what you're doing,
==9145== or are doing some strange experiment):
==9145== /usr/lib/valgrind/../../bin/vgdb --pid=9145 ...command...
==9145==
==9145== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==9145== /path/to/gdb ./a.out
==9145== and then give GDB the following command
==9145== target remote | /usr/lib/valgrind/../../bin/vgdb --pid=9145
==9145== --pid is optional if only one valgrind process is running
==9145==
--9145-- REDIR: 0x401add0 (ld-linux-x86-64.so.2:strlen) redirected to 0x3809e1b1 (???)
--9145-- Reading syms from /usr/lib/valgrind/vgpreload_core-amd64-linux.so
--9145-- Considering /usr/lib/valgrind/vgpreload_core-amd64-linux.so ..
--9145-- .. CRC mismatch (computed 1c3ef3cc wanted d1ae2653)
--9145-- object doesn't have a symbol table
--9145-- Reading syms from /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so
--9145-- Considering /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so ..
--9145-- .. CRC mismatch (computed 6e6e6f70 wanted ea7b69f1)
--9145-- object doesn't have a symbol table
==9145== WARNING: new redirection conflicts with existing -- ignoring it
--9145-- old: 0x0401add0 (strlen ) R-> (0000.0) 0x3809e1b1 ???
--9145-- new: 0x0401add0 (strlen ) R-> (2007.0) 0x04c2f060 strlen
--9145-- REDIR: 0x401ab30 (ld-linux-x86-64.so.2:index) redirected to 0x4c2ec00 (index)
--9145-- REDIR: 0x401ad50 (ld-linux-x86-64.so.2:strcmp) redirected to 0x4c30110 (strcmp)
--9145-- REDIR: 0x401bac0 (ld-linux-x86-64.so.2:mempcpy) redirected to 0x4c33330 (mempcpy)
--9145-- Reading syms from /lib/x86_64-linux-gnu/libc-2.21.so
--9145-- Considering /lib/x86_64-linux-gnu/libc-2.21.so ..
--9145-- .. CRC mismatch (computed 871d6e12 wanted 63ccc9d2)
--9145-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/libc-2.21.so ..
--9145-- .. CRC is valid
--9145-- REDIR: 0x4ec7950 (libc.so.6:strcasecmp) redirected to 0x4a26730 (_vgnU_ifunc_wrapper)
--9145-- REDIR: 0x4ec9c40 (libc.so.6:strncasecmp) redirected to 0x4a26730 (_vgnU_ifunc_wrapper)
--9145-- REDIR: 0x4ec70d0 (libc.so.6:memcpy@GLIBC_2.2.5) redirected to 0x4a26730 (_vgnU_ifunc_wrapper)
--9145-- REDIR: 0x4ec5370 (libc.so.6:rindex) redirected to 0x4c2e8e0 (rindex)
==9145== Syscall param rt_sigaction(act->sa_mask) points to uninitialised byte(s)
==9145== at 0x4E6D3F1: __libc_sigaction (sigaction.c:62)
==9145== by 0x401061: main (in /home/dac/ClionProjects/openshell/a.out)
==9145== Address 0xffeffefc8 is on thread 1's stack
==9145==
--9145-- REDIR: 0x4ec3670 (libc.so.6:strlen) redirected to 0x4c2efa0 (strlen)
--9145-- REDIR: 0x4ec3ae0 (libc.so.6:__GI_strncmp) redirected to 0x4c2f750 (__GI_strncmp)
--9145-- REDIR: 0x4ece6b0 (libc.so.6:strchrnul) redirected to 0x4c32e60 (strchrnul)
--9145-- REDIR: 0x4ec7300 (libc.so.6:__GI_mempcpy) redirected to 0x4c33060 (__GI_mempcpy)
'PATH' is set to /home/dac/proj/google-cloud-sdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games.
--9145-- REDIR: 0x4ebc440 (libc.so.6:malloc) redirected to 0x4c2bb60 (malloc)
--9145-- REDIR: 0x4ecc390 (libc.so.6:__GI_memcpy) redirected to 0x4c30b60 (__GI_memcpy)
--9145-- REDIR: 0x4ec30a0 (libc.so.6:strcpy) redirected to 0x4a26730 (_vgnU_ifunc_wrapper)
--9145-- REDIR: 0x4edcab0 (libc.so.6:__strcpy_sse2_unaligned) redirected to 0x4c2f080 (strcpy)
--9145-- REDIR: 0x4ebc7f0 (libc.so.6:free) redirected to 0x4c2cdc0 (free)
miniShell>> ls | wc -l
--9145-- REDIR: 0x4ec67c0 (libc.so.6:memchr) redirected to 0x4c301b0 (memchr)
--9145-- REDIR: 0x4ec5330 (libc.so.6:strncpy) redirected to 0x4a26730 (_vgnU_ifunc_wrapper)
--9145-- REDIR: 0x4edd0e0 (libc.so.6:__strncpy_sse2_unaligned) redirected to 0x4c2f5b0 (__strncpy_sse2_unaligned)
--9145-- REDIR: 0xffffffffff600000 (???:???) redirected to 0x3809e193 (???)
./a.out:9145: Syntax error: pipe with no command following--9145-- REDIR: 0x4ec77e0 (libc.so.6:__GI_stpcpy) redirected to 0x4c31fe0 (__GI_stpcpy)
(10: No child processes)
==9145==
==9145== HEAP SUMMARY:
==9145== in use at exit: 64 bytes in 2 blocks
==9145== total heap usage: 8 allocs, 6 frees, 300 bytes allocated
==9145==
==9145== Searching for pointers to 2 not-freed blocks
==9145== Checked 73,312 bytes
==9145==
==9145== LEAK SUMMARY:
==9145== definitely lost: 0 bytes in 0 blocks
==9145== indirectly lost: 0 bytes in 0 blocks
==9145== possibly lost: 0 bytes in 0 blocks
==9145== still reachable: 64 bytes in 2 blocks
==9145== suppressed: 0 bytes in 0 blocks
==9145== Reachable blocks (those to which a pointer was found) are not shown.
==9145== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==9145==
==9145== Use --track-origins=yes to see where uninitialised values come from
==9145== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
==9145==
==9145== 1 errors in context 1 of 1:
==9145== Syscall param rt_sigaction(act->sa_mask) points to uninitialised byte(s)
==9145== at 0x4E6D3F1: __libc_sigaction (sigaction.c:62)
==9145== by 0x401061: main (in /home/dac/ClionProjects/openshell/a.out)
==9145== Address 0xffeffefc8 is on thread 1's stack
==9145==
==9145== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
$
这个东西确实可以用 clang 编译器编译 运行。如果我想继续解决这个问题,我想我只能做一个最小的例子并比较生成的程序集。完整代码可用 here。
奇怪的是,如果我们在循环中插入一条打印语句,那么代码就可以运行:
miniShell>> ls | wc -l
Processing 1 [ls]
Processing 2 [|]
Processing 3 [wc]
Processing 4 [-l]
84
27892: child 27900 status 0x0000
Execution time 1.358 ms
static void exec_arguments(int argc, char **argv)
{
/* Split the command line into sequences of arguments */
/* Break at pipe symbols as arguments on their own */
int i = 1;
char ***cmdv = malloc(sizeof *cmdv * (argc/2));
char **args = malloc(sizeof *args * (argc+1));
int cmdn = 0;
int argn = 0;
char *arg;
cmdv[cmdn++] = &args[argn];
for (i=1; i < argc; i++)
{
arg = argv[i];
printf("Processing %d [%s]\n", i, arg);
if (strcmp(arg, "|") == 0)
{
if (i == 1)
err_sysexit("Syntax error: pipe before any command");
if (args[argn-1] == 0)
err_sysexit("Syntax error: two pipes with no command between");
arg = 0;
}
args[argn] = arg;
argn++;
/*printf("argn %d", argn);*/
if (arg == 0)
cmdv[cmdn++] = &args[argn];
}
if (args[argn-1] == 0)
err_sysexit("Syntax error: pipe with no command following");
args[argn] = 0;
exec_pipeline(cmdn, cmdv);
free(cmdv);
free(args);
}
了解以上内容后,我可以放入一个不写入任何输出并使循环工作(但我们不知道为什么)的调试语句,这将使我的代码以最高优化级别进行编译。我们仍然怀疑我们可以通过制作独立的最小错误示例来调查一些指针处理。现在,这会让我继续:
static void exec_arguments(int argc, char **argv)
{
/* Split the command line into sequences of arguments */
/* Break at pipe symbols as arguments on their own */
int i = 1;
char ***cmdv = malloc(sizeof *cmdv * (argc/2));
char **args = malloc(sizeof *args * (argc+1));
int cmdn = 0;
int argn = 0;
char *arg;
FILE* debug;
cmdv[cmdn++] = &args[argn];
for (i=1; i < argc; i++)
{
arg = argv[i];
debug = fopen("/dev/null", "w");
fprintf(debug, "Debug Information");
if (strcmp(arg, "|") == 0)
{
if (i == 1)
err_sysexit("Syntax error: pipe before any command");
if (args[argn-1] == 0)
err_sysexit("Syntax error: two pipes with no command between");
arg = 0;
}
args[argn] = arg;
argn++;
/*printf("argn %d", argn);*/
if (arg == 0)
cmdv[cmdn++] = &args[argn];
}
if (args[argn-1] == 0)
err_sysexit("Syntax error: pipe with no command following");
args[argn] = 0;
exec_pipeline(cmdn, cmdv);
free(cmdv);
free(args);
}
您的程序中存在错误。 -O4 选项与 -O3 没有任何不同。快速浏览 man gcc 会列举出可以执行任何操作的选项列表,并进行完整性检查:
diff <(gcc -Q --help=optimizers -O4) <(gcc -Q --help=optimizers -O3)
没有区别。
通常更改优化级别是查找程序中错误的好方法,因为它可能在一个优化级别下表现完美,但在另一个优化级别下可能会中断。这表示未定义的行为等。我不会浪费时间为你调试你的程序,但至少你知道问题不是直接由 -O4.
旁注:我假设 -ansi 是一个你不能改变的要求,但是它是在 C90 模式下编译的,也就是古老的C模式。我会推荐 C99 或 C11 以避免意外。
对代码进行修剪后,我发现了问题的原因。
我第一次
问题是 main() 中的数组定义为 char *array[4];。代码溢出该数组,导致未定义的行为。将大小更改为 40 意味着程序可以可靠地运行。
虽然我破解了大量代码,但文件中仍有 400 多行代码。我确信可以完成更彻底的减少工作,但我相信这是造成问题的主要原因。
这里是简化的 main() 函数,char *array[4]l 的设置太小,还有两个新的辅助函数,dump_argv() 和 AllWhiteSpace()。许多其他功能已被删除。 foreground/background 东西不见了;删除了内置命令(如 cd 和 exit 和 unixinfo。corpse_collector() 已经收集了尸体;Janitor() 函数也在尝试收集它们,并且很少(好吧,我的意思是从来没有!)发现任何东西,因为尸体收集器已经完成了肮脏的工作。我删除了不立即相关的信号处理。
#include <ctype.h>
#include <stdbool.h>
static void dump_argv(const char *tag, int argc, char **argv)
{
assert(argv != 0 && tag != 0);
printf("%s: (%d)", tag, argc);
for (int i = 0; i < argc; i++)
printf(" {%s}", (argv[i] == NULL) ? "(null)" : argv[i]);
putchar('\n');
fflush(stdout);
assert(argv[argc] == 0);
}
static bool AllWhiteSpace(char *source)
{
unsigned char c;
while (isspace(c = *source))
source++;
return(c == '[=10=]');
}
int main(int argc, char *argv[])
{
err_setarg0(argv[argc-argc]);
while (1)
{
char *p;
char *array[40];
char line[BUFFER_LEN];
size_t length;
long time;
struct timeval time_start;
struct timeval time_end;
printf("miniShell>> ");
fflush(stdout);
if (!fgets(line, BUFFER_LEN, stdin))
{
putchar('\n');
break;
}
if (AllWhiteSpace(line))
continue;
length = strlen(line);
if (line[length - 1] == '\n')
line[length - 1] = '[=10=]';
gettimeofday(&time_start, NULL);
printf("Command line: %s\n", line);
int i = 1;
p = strtok(line, " ");
array[0] = NULL;
while (p != NULL)
{
array[i++] = p;
p = strtok(NULL, " ");
}
array[i] = NULL;
dump_argv("Before exec_arguments", i, array);
exec_arguments(i, array);
corpse_collector();
gettimeofday(&time_end, NULL);
time = (time_end.tv_sec - time_start.tv_sec) * 1000000 +
time_end.tv_usec - time_start.tv_usec;
printf("Execution time %ld.%03ld ms\n", time / 1000, time % 1000);
}
return(0);
}
现在的故障症状有些不同——要执行的字符串没有意义,因此无法执行,但将 space 增加到足够大(40 对正在使用的命令行来说太过分了; 6 就足够了)并且工作正常。