I am seeing some strange behavior when attempting to use libdfp in a C++ program. Specifically, it appears as if GCC is always rounding to 8 decimal places, even when I use the 64- and 128-bit decimal types.
To test this, I created an incredibly simple test program:
std::decimal::decimal64 testval = 0.044575289999999997DD;
printf("Decimal float test: expected=0.044575289999999997, actual=%.16Da\n", testval);
Which outputs:
Decimal float test: expected=0.044575289999999997, actual=0.04457529000000000
I am fairly certain that this is not a printing problem in libdfp as I was able to trace the source and found that the number is already rounded by the first line of the printf handler. Additionally, the printf handler will also round, however I have verified that this code is not being called.
For reference, I am building libdfp with:
./configure --with-backend=libdecnumber --enable-decimal-float=bid && make
I suspect the problem to either be in the underlying decimal float representation (BID, in my case) or the raw types being provided by GCC. It almost looks as if everything is being rounded to the size of a 32-bit decimal float. My host arch is x86_64 so this should all be supported natively. Furthermore, GCC does have the corresponding _Decimal[32|64|128] types and <decimal/decimal> can be found on the system. I am building on Fedora 25 for a native x86_64 CPU (Intel Xenon). AFAIK, this processor does not have native decimal float support so everything is being rendered in software.
The only clue I have is that GCC does not list the --enable-decimal-float build option in the configuration summary:
$ g++ -v
Using built-in specs.
COLLECT_GCC=g++
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/6.3.1/lto-wrapper
Target: x86_64-redhat-linux
Configured with: ../configure --enable-bootstrap --enable-languages=c,c++,objc,obj-c++,fortran,ada,go,lto --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-linker-hash-style=gnu --enable-plugin --enable-initfini-array --disable-libgcj --with-isl --enable-libmpx --enable-gnu-indirect-function --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
gcc version 6.3.1 20161221 (Red Hat 6.3.1-1) (GCC)
$ g++ --version
g++ (GCC) 6.3.1 20161221 (Red Hat 6.3.1-1)
Copyright (C) 2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
That being said, my compiler does define the _Decimal[32|64|128] types and provides operator<< overloads for them. I wouldn't expect these to be available at all if such support were not enabled. I certainly shouldn't be able to compile a program using them and get almost valid output back.
Finally, I could see this being a problem with libdecnumber but I am just about at the limit of my current knowledge as to who manages assignment to these types.
Has anybody seen this issue before? Failing that, has anybody build and successfully used libdfp on a similar setup? Which piece of software controls rounding for the internal representation (as opposed to rounding for display)?
EDIT
I finally managed to get a disassembly. It appears that the full value is being loaded into rdx and the decimal64 constructor called. The value 0x2fafd619589efa00 works out to 3436200445056317952 in decimal, which I suspect is 0.044575289999999997 represented in BID format. I am not sure how GCC knows to used BID vs DPD as this is specified at libfdp build time, however I will leave that particular mystery for another post.
If my understanding is correct, it seems to imply that GCC is doing the rounding. Is there anything that can be done about this other than rebuilding the compiler (which I would really like to avoid)? I know IEEE-754 provides mechanisms to 'tune' the behavior of fp operations (including rounding mode), does GCC expose any of this to the user?
Disassembly
│0x401180 <main(int, char**)> push rbp │
│0x401181 <main(int, char**)+1> mov rbp,rsp │
│0x401184 <main(int, char**)+4> sub rsp,0x30 │
│0x401188 <main(int, char**)+8> mov DWORD PTR [rbp-0x14],edi │
│0x40118b <main(int, char**)+11> mov QWORD PTR [rbp-0x20],rsi │
b+ │0x40118f <main(int, char**)+15> movabs rdx,0x2fafd619589efa00 │
│0x401199 <main(int, char**)+25> lea rax,[rbp-0x10] │
│0x40119d <main(int, char**)+29> mov QWORD PTR [rbp-0x28],rdx │
│0x4011a1 <main(int, char**)+33> movq xmm0,QWORD PTR [rbp-0x28] │
│0x4011a6 <main(int, char**)+38> mov rdi,rax │
│0x4011a9 <main(int, char**)+41> call 0x4012e6 <std::decimal::decimal64::decimal64(decimal64)> │
│0x4011ae <main(int, char**)+46> mov rax,QWORD PTR [rbp-0x10] │
│0x4011b2 <main(int, char**)+50> mov QWORD PTR [rbp-0x28],rax │
│0x4011b6 <main(int, char**)+54> movq xmm0,QWORD PTR [rbp-0x28] │
│0x4011bb <main(int, char**)+59> mov edi,0x4018e8 │
│0x4011c0 <main(int, char**)+64> mov eax,0x1 │
│0x4011c5 <main(int, char**)+69> call 0x400a30 <printf#plt> │
│0x4011ca <main(int, char**)+74> mov eax,0x0 │
│0x4011cf <main(int, char**)+79> leave │
│0x4011d0 <main(int, char**)+80> ret │
│0x4011d1 <__static_initialization_and_destruction_0(int, int)> push rbp │
│0x4011d2 <__static_initialization_and_destruction_0(int, int)+1> mov rbp,rsp │
│0x4011d5 <__static_initialization_and_destruction_0(int, int)+4>────────sub rsp,0x10───────────────────────────────────────────────────────────│
│0x4011d9 <__static_initialization_and_destruction_0(int, int)+8> mov DWORD PTR [rbp-0x4],edi │
│0x4011dc <__static_initialization_and_destruction_0(int, int)+11> mov DWORD PTR [rbp-0x8],esi │
│0x4011df <__static_initialization_and_destruction_0(int, int)+14> cmp DWORD PTR [rbp-0x4],0x1 │
│0x4011e3 <__static_initialization_and_destruction_0(int, int)+18> jne 0x40120c <__static_initialization_and_destruction_0(int, int)+59> │
│0x4011e5 <__static_initialization_and_destruction_0(int, int)+20> cmp DWORD PTR [rbp-0x8],0xffff │
│0x4011ec <__static_initialization_and_destruction_0(int, int)+27> jne 0x40120c <__static_initialization_and_destruction_0(int, int)+59> │
│0x4011e5 <__static_initialization_and_destruction_0(int, int)+20> cmp DWORD PTR [rbp-0x8],0xffff │
│0x4011ec <__static_initialization_and_destruction_0(int, int)+27> jne 0x40120c <__static_initialization_and_destruction_0(int, int)+59> │
│0x4011ee <__static_initialization_and_destruction_0(int, int)+29> mov edi,0x60309d │
│0x4011f3 <__static_initialization_and_destruction_0(int, int)+34> call 0x400ae0 <_ZNSt8ios_base4InitC1Ev#plt> │
│0x4011f8 <__static_initialization_and_destruction_0(int, int)+39> mov edx,0x4018d8 │
│0x4011fd <__static_initialization_and_destruction_0(int, int)+44> mov esi,0x60309d │
│0x401202 <__static_initialization_and_destruction_0(int, int)+49> mov edi,0x400aa0 │
│0x401207 <__static_initialization_and_destruction_0(int, int)+54> call 0x400ac0 <__cxa_atexit#plt> │
Complete Test Source
#include <float.h>
#include <decimal/decimal>
#include <math.h>
#include <fenv.h>
#include <stdlib.h>
#include <wchar.h>
#include <cstdlib>
int main (int argc, char *argv[])
{
std::decimal::decimal64 testval = 0.044575289999999997DD;
printf("Decimal float test: expected=0.044575289999999997, actual=%.16Da\n", testval);
return EXIT_SUCCESS;
}
Related
I start with a binary executable and I want to see the source code, not just the assembly code. Is this possible? The documentation at "https://sourceware.org/gdb/onlinedocs/gdb/Machine-Code.html" seems to generate the source code.
If it is possible, why is the source code not showing. I have set no breakpoints, the code is not striped. I have used the gdb command "disas /s main". A screen shot starting with some information about my configuration follow.
──(root㉿kali)-[/home/kali/Downloads]
└─# uname -a
Linux kali 5.15.0-kali3-amd64 #1 SMP Debian 5.15.15-2kali1 (2022-01-31) x86_64 GNU/Linux
┌──(root㉿kali)-[/home/kali/Downloads]
└─# gdb -v
GNU gdb (Debian 10.1-2) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
┌──(root㉿kali)-[/home/kali/Downloads]
└─# file RE1_64bit
RE1_64bit: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=8616e4f2a4a3c325c2a1f32b8ebb8366694f7a03, not stripped
┌──(root㉿kali)-[/home/kali/Downloads]
└─# gdb RE1_64bit
GNU gdb (Debian 10.1-2) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from RE1_64bit...
(No debugging symbols found in RE1_64bit)
(gdb) disas /s main
Dump of assembler code for function main:
0x000000000040084e <+0>: push %rbp
0x000000000040084f <+1>: mov %rsp,%rbp
0x0000000000400852 <+4>: sub $0x40,%rsp
0x0000000000400856 <+8>: mov %edi,-0x34(%rbp)
0x0000000000400859 <+11>: mov %rsi,-0x40(%rbp)
0x000000000040085d <+15>: cmpl $0x2,-0x34(%rbp)
0x0000000000400861 <+19>: je 0x400886 <main+56>
0x0000000000400863 <+21>: mov -0x40(%rbp),%rax
0x0000000000400867 <+25>: mov (%rax),%rax
0x000000000040086a <+28>: mov %rax,%rsi
0x000000000040086d <+31>: mov $0x4009a2,%edi
0x0000000000400872 <+36>: mov $0x0,%eax
0x0000000000400877 <+41>: call 0x400580 <printf#plt>
0x000000000040087c <+46>: mov $0x1,%edi
0x0000000000400881 <+51>: call 0x4005e0 <exit#plt>
0x0000000000400886 <+56>: mov -0x40(%rbp),%rax
0x000000000040088a <+60>: add $0x8,%rax
0x000000000040088e <+64>: mov (%rax),%rax
0x0000000000400891 <+67>: mov %rax,%rdi
0x0000000000400894 <+70>: call 0x400570 <strlen#plt>
0x0000000000400899 <+75>: cmp $0x4,%rax
0x000000000040089d <+79>: je 0x4008c2 <main+116>
0x000000000040089f <+81>: mov -0x40(%rbp),%rax
0x00000000004008a3 <+85>: mov (%rax),%rax
0x00000000004008a6 <+88>: mov %rax,%rsi
0x00000000004008a9 <+91>: mov $0x4009a2,%edi
0x00000000004008ae <+96>: mov $0x0,%eax
0x00000000004008b3 <+101>: call 0x400580 <printf#plt>
0x00000000004008b8 <+106>: mov $0x1,%edi
0x00000000004008bd <+111>: call 0x4005e0 <exit#plt>
0x00000000004008c2 <+116>: movl $0x0,-0x4(%rbp)
0x00000000004008c9 <+123>: mov $0x4009b3,%edi
0x00000000004008ce <+128>: mov $0x0,%eax
0x00000000004008d3 <+133>: call 0x400580 <printf#plt>
0x00000000004008d8 <+138>: lea -0x30(%rbp),%rax
0x00000000004008dc <+142>: mov %rax,%rdi
0x00000000004008df <+145>: call 0x4005d0 <gets#plt>
0x00000000004008e4 <+150>: cmpl $0x0,-0x4(%rbp)
0x00000000004008e8 <+154>: je 0x4008f8 <main+170>
0x00000000004008ea <+156>: mov -0x40(%rbp),%rax
0x00000000004008ee <+160>: mov %rax,%rdi
0x00000000004008f1 <+163>: call 0x4006dd <fg>
0x00000000004008f6 <+168>: jmp 0x400902 <main+180>
0x00000000004008f8 <+170>: mov $0x4009cd,%edi
0x00000000004008fd <+175>: call 0x400560 <puts#plt>
0x0000000000400902 <+180>: mov $0x0,%eax
0x0000000000400907 <+185>: leave
0x0000000000400908 <+186>: ret
End of assembler dump.
As has been said in the comments, this line:
(No debugging symbols found in RE1_64bit)
indicates that the binary does not include any debug information, so you're not going to be able to match assembler code to source lines.
If the binary did include debug information then it would only contain a table mapping addresses in the binary to file names and line numbers. You would still need to have the actual source files in order to view the source lines, and, of course, the source files need to be the exact versions that were compiled into that specific binary, otherwise the line numbers in the debug information will not match up correctly.
I used gdb to attach a program, and then set a breakpoint in function engine::monAppendSystemInfo. When the breakpoint was hit, the gdb coredump(actually, it's my program crashed in engine::monAppendSystemInfo).This is not an inevitable problem. It has only appeared twice and cannot be reproduced.
Here is the compared assembly code of engine::monAppendSystemInfo.
The code below is disassembled from the coredump file:
Dump of assembler code for function engine::monAppendSystemInfo(bson::BSONObjBuilder&, unsigned int):
0x00000000011188f1 <+0>: push %rbp
0x00000000011188f2 <+1>: mov %rsp,%rbp
0x00000000011188f5 <+4>: push %r12
0x00000000011188f7 <+6>: push %rbx
0x00000000011188f8 <+7>: sub $0xb20,%rsp
0x00000000011188ff <+14>: mov %rdi,-0xa98(%rbp)
0x0000000001118906 <+21>: mov %esi,-0xa9c(%rbp)
0x000000000111890c <+27>: int3 // strange point
=> 0x000000000111890d <+28>: mov 0x28,%rax // crash for accessing 0x28
0x0000000001118915 <+36>: mov %rax,-0x18(%rbp)
The code below is disassembled from normal gdb, and the program can continue to run:
Dump of assembler code for function engine::monAppendSystemInfo(bson::BSONObjBuilder&, unsigned int):
0x00000000011188f1 <+0>: push %rbp
0x00000000011188f2 <+1>: mov %rsp,%rbp
0x00000000011188f5 <+4>: push %r12
0x00000000011188f7 <+6>: push %rbx
0x00000000011188f8 <+7>: sub $0xb20,%rsp
0x00000000011188ff <+14>: mov %rdi,-0xa98(%rbp)
0x0000000001118906 <+21>: mov %esi,-0xa9c(%rbp)
=> 0x000000000111890c <+27>: mov %fs:0x28,%rax // "%fs:0x28" was changed to "0x28" in above
0x0000000001118915 <+36>: mov %rax,-0x18(%rbp)
My linux is: ubuntu16.04.4 LTS, and the enviroment is as below:
root#lyysdbserver1:~# g++ --version
g++ (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609
Copyright (C) 2015 Free Software Foundation, Inc.
root#lyysdbserver1:~# gdb --version
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
Why "%fs:0x28" was changed to "0x28"? Is this a gdb bug ?
Presumably you're looking of a coredump of your program when GDB had already set a breakpoint. int 3 is how GDB sets a breakpoint. When you resume, the int 3 instruction should be replaced by the original byte.
Look how the machine code compares for these two instruction sequences:
mov %fs:0x28,%rax; 64 48 8b 04 25 28 00 00 00
int 3; mov 0x28,%rax; cc 48 8b 04 25 28 00 00 00
It has been a while since I started working with SSE/AVX intrinsic functions. I recently began writing a header for matrix transposition. I used a lot of if constexpr branches so that the compiler always selects the optimal instruction set depending on some template parameters. Now I wanted to check if everything works as expected by looking into the local disassembly with objdump. When using Clang, I get a clear output which basically contains only the assembly instructions corresponding to the utilized intrinsic functions. However, if I use GCC, the disassembly is quite bloated with extra instructions. A quick check on Godbolt shows me that those extra instructions in the GCC disassembly shouldn't be there.
Here is a small example:
#include <x86intrin.h>
#include <array>
std::array<__m256, 1> Test(std::array<__m256, 1> a)
{
std::array<__m256, 1> b;
b[0] = _mm256_unpacklo_ps(a[0], a[0]);
return b;
}
I compile with -march=native -Wall -Wextra -Wpedantic -pthread -O3 -DNDEBUG -std=gnu++1z. Then I use objdump -S -Mintel libassembly.a > libassembly.dump on the object file. For Clang (6.0.0), the result is:
In archive libassembly.a:
libAssembly.cpp.o: file format elf64-x86-64
Disassembly of section .text:
0000000000000000 <_Z4TestSt5arrayIDv8_fLm1EE>:
0: c4 e3 7d 04 c0 50 vpermilps ymm0,ymm0,0x50
6: c3 ret
which is the same as Godbolt returns: Godbolt - Clang 6.0.0
For GCC (7.4) the output is
In archive libassembly.a:
libAssembly.cpp.o: file format elf64-x86-64
Disassembly of section .text:
0000000000000000 <_Z4TestSt5arrayIDv8_fLm1EE>:
0: 4c 8d 54 24 08 lea r10,[rsp+0x8]
5: 48 83 e4 e0 and rsp,0xffffffffffffffe0
9: c5 fc 14 c0 vunpcklps ymm0,ymm0,ymm0
d: 41 ff 72 f8 push QWORD PTR [r10-0x8]
11: 55 push rbp
12: 48 89 e5 mov rbp,rsp
15: 41 52 push r10
17: 48 83 ec 28 sub rsp,0x28
1b: 64 48 8b 04 25 28 00 mov rax,QWORD PTR fs:0x28
22: 00 00
24: 48 89 45 e8 mov QWORD PTR [rbp-0x18],rax
28: 31 c0 xor eax,eax
2a: 48 8b 45 e8 mov rax,QWORD PTR [rbp-0x18]
2e: 64 48 33 04 25 28 00 xor rax,QWORD PTR fs:0x28
35: 00 00
37: 75 0c jne 45 <_Z4TestSt5arrayIDv8_fLm1EE+0x45>
39: 48 83 c4 28 add rsp,0x28
3d: 41 5a pop r10
3f: 5d pop rbp
40: 49 8d 62 f8 lea rsp,[r10-0x8]
44: c3 ret
45: c5 f8 77 vzeroupper
48: e8 00 00 00 00 call 4d <_Z4TestSt5arrayIDv8_fLm1EE+0x4d>
As you can see, there are a lot of additional instructions. In contrast to that, Godbolt does not include all these extra instructions: Godbolt - GCC 7.4
So what is going on here? I have just started learning assembly, so maybe it is totally clear to someone with assembly experience, but I am a little bit confused why GCC creates those extra instructions on my machine.
Greetings and thank you in advance.
EDIT
To avoid further confusions, I just compiled using:
gcc-7 -I/usr/local/include -O3 -march=native -Wall -Wextra -Wpedantic -pthread -std=gnu++1z -o test.o -c /<PathToFolder>/libAssembly.cpp
Output remains the same. I am not sure if this is relevant, but it generates the warning:
warning: ignoring attributes on template argument ‘__m256 {aka __vector(8) float}’ [-Wignored-attributes]
Usually I surpress this warning and it shouldn't be an issue:
Implication of GCC warning: ignoring attributes on template argument (-Wignored-attributes)
Processor is Intel(R) Core(TM) i7-6700K CPU # 4.00GHz
Here is the gcc -v:
gcc-7 -v
Using built-in specs.
COLLECT_GCC=gcc-7
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 7.4.0-1ubuntu1~18.04.1' --with-bugurl=file:///usr/share/doc/gcc-7/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++ --prefix=/usr --with-gcc-major-version-only --program-suffix=-7 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib --enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)
Use -fno-stack-protector
Your local GCC defaults to -fstack-protector-strong but Godbolt's GCC install doesn't.
mov rax,QWORD PTR fs:0x28 is the telltale clue; Thread-local storage at fs:40 aka fs:0x28 is where GCC keeps its stack cookie constant. The call after the ret is call __stack_chk_fail (but you disassembled a .o without using objdump -dr to show relocations, so the placeholder +0 offset just looked like still a target within this function).
Since you have arrays (or a class containing an array), stack-protector-strong kicks in even though their sizes are compile-time constants. So you get the code to store the stack cookie, then check it and branch on stack overflow. (Even the array of size 1 in this MVCE is enough to trigger that.)
Making arrays on the stack with 32-byte alignment (for __m256) requires 32-byte alignment, and your GCC is older than GCC8 so you get the ridiculously clunky stack-alignment code that builds a full copy of the stack frame including a return address. Generated assembly for extended alignment of stack variables (To be clear, GCC8 still does align the stack here, just wasting fewer instructions on it.)
This is pretty much a missed optimization; gcc never actually spills or reloads to those arrays so it could have just optimized them away, along with the stack alignment, like it did without stack-protector.
More recent GCC is better at optimizing away stack alignment after optimizing away the memory for aligned locals in more cases, but this has been a persistent missed optimization in AVX code. Fortunately the cost is pretty negligible in a function that loops; as long as small helper functions inline.
Compiling on Godbolt with -fstack-protector-strong reproduces your output. Newer GCC, including current trunk pre-10, still has both missed optimizations, but stack alignment costs fewer instructions because it just uses RBP as a frame pointer and aligns RSP, then references locals relative to aligned RSP. It still checks the stack cookie (with no instructions between storing it and checking it).
On your desktop, compiling with -fno-stack-protector should make good asm.
I have a .cpp file with various methods defined:
// test.cpp
// foo() is not inlined
void foo() {
...
}
I compile it:
g++ test.cpp -o test.o -S
And now I want to determine, from examination of test.o, how many bytes of memory the instruction foo() takes up. How can I do this?
I ask because I have, through careful profiling and experimentation, determined that I am incurring instruction cache misses leading to significant slowdowns on certain critical paths. I'd therefore like to get a sense of how many bytes are occupied by various methods, to guide my efforts in shrinking my instruction set size.
I wouldn't recommend the -S flag for that, unless you're in love with your ISA's manual and hand-calculating instruction sizes. Instead, just build and disassemble, presto - out comes the answer:
$ cc -c example.c
$ objdump -d example.o
example.o: file format elf64-x86-64
Disassembly of section .text:
0000000000000000 <f>:
0: 55 push %rbp
1: 48 89 e5 mov %rsp,%rbp
4: 89 7d fc mov %edi,-0x4(%rbp)
7: 8b 45 fc mov -0x4(%rbp),%eax
a: 83 c0 03 add $0x3,%eax
d: 5d pop %rbp
e: c3 retq
As you can see, this function is 15 bytes long.
Build with map file generation, parse the map file. There might be some padding in the end, but it'll give you an idea.
In g++, the option goes:
-Xlinker -Map=MyProject.txt
I'm sorry if this is a uber-easy concept, but I find hard to acquire the right mindset in order to correctly use the sanitizer provided by clang.
float foo(float f) { return (f / 0); }
I compile this small snippet with
clang++ -fsanitize=float-divide-by-zero -std=c++11 -stdlib=libc++ -c source.cpp -o osan
and I also compile a "normal" version of my object without using the sanitizer
clang++ -std=c++11 -stdlib=libc++ -c source.cpp -o onorm
I was expecting some verbose output, or some error from the console, but when inspecting the file with nm I only found 1 difference
nm o* --demangle
onorm:
0000000000000000 T foo(float)
osan:
U __ubsan_handle_divrem_overflow
0000000000000000 T foo(float)
So in the sanitized version there is an undefined symbol with a name that resembles the sanitizer that I was using when compiling this; but everything is really "silent" with no output at all from the clang frontend .
How I'm supposed to use the sanitizer and what is the right workflow ? What's the point of that undefined symbol ?
The undefined symbol is a function that implements the sanitizer's check. If you look at generated code:
No sanitizer:
_Z3foof: # #_Z3foof
.cfi_startproc
# BB#0:
xorps %xmm1, %xmm1
divss %xmm1, %xmm0
ret
With sanitizer:
_Z3foof: # #_Z3foof
.cfi_startproc
.long 1413876459 # 0x54460aeb
.quad _ZTIFffE
# BB#0:
pushq %rax
.Ltmp1:
.cfi_def_cfa_offset 16
movss %xmm0, 4(%rsp) # 4-byte Spill
movd %xmm0, %esi
movl $__unnamed_1, %edi
xorl %edx, %edx
callq __ubsan_handle_divrem_overflow
xorps %xmm1, %xmm1
movss 4(%rsp), %xmm0 # 4-byte Reload
divss %xmm1, %xmm0
popq %rax
ret
You see it's added the code to do the check using that function.
The compiler should automatically link in the appropriate sanitizer library and then for me the following complete program:
float foo(float f) { return (f / 0); }
int main() {
foo(1.0f);
}
Produces the following output when executed:
main.cpp:1:32: runtime error: division by zero
I built and ran using the command clang++ -fsanitize=undefined main.cpp && ./a.out
If you want compile-time checks you want to either enable more compiler warnings or the static analyzer. However there doesn't seem to be any warning or static analysis check for floating point divide-by-zero errors.
Here's a program that produces an analyzer report:
#include <malloc.h>
int main() {
int *i = (int*) malloc(sizeof(int));
}
Compiled with clang++ -std=c++11 main.cpp it produces no diagnostics, but compiled with clang++ -std=c++11 --analyze main.cpp it reports the following:
main.cpp:4:10: warning: Value stored to 'i' during its initialization is never read
int *i = (int*) malloc(sizeof(int));
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
main.cpp:5:1: warning: Potential leak of memory pointed to by 'i'
}
^
The dead store can also be detected with -Weverything [-Wunused-value], but the leak is only detected by the analyzer.
By default full analysis results are written to a plist file. You can also run the analyzer with the commands:
clang++ --analyze -Xanalyzer -analyzer-output=text main.cpp
clang++ --analyze -Xanalyzer -analyzer-output=html -o html-dir main.cpp
To get detailed walk-throughs of detected issues on the standard output or via html display of annotated source code respectively, instead of in a plist.
Analyzer checks are listed here.
Note that to work best the analyzer needs to analyze whole programs, which means it needs to tie into the build system. The usual interface is via an IDE (Xcode) or the scan-build tool with make. CMake has some clang features such as producing clang JSON compilation database files but I'm not sure off hand if CMake has any built in support for the clang analyzer.
So if we look at the documentation in the the Controlling Code Generation it says (emphasis mine):
Turn on runtime checks for various forms of undefined or suspicious behavior.
This option controls whether Clang adds runtime checks for various forms of undefined or suspicious behavior, and is disabled by default. If a check fails, a diagnostic message is produced at runtime explaining the problem.
so these are runtime checks not compile time checks. So if you used foo in your code then you would see the following output:
runtime error: division by zero
See this example live using -fsanitize=undefined:
float foo(float f) { return (f / 0); }
int main()
{
int x = 1 << 100 ;
foo( 2.0f ) ;
}
it generates two run-time messages:
main.cpp:6:19: runtime error: shift exponent 100 is too large for 32-bit type 'int'
main.cpp:2:36: runtime error: division by zero
Update
With respect to static checkers, in my answer to A C++ implementation that detects undefined behavior? I mention several tools: STACK, kcc and of course Frama-C.
Apparently clang allows you to use --analyze to run it's static checker but it seems like it may be disabled eventually and the the correct way to run it would be through scan-build.
Also in my self-answered question Why do constant expressions have an exclusion for undefined behavior? I show how constexprs can be used to catch undefined behavior at compile time.