Bug in Visual Studio 2005 compiler?
-
I have a solid guess, that it is a bug in compiler. Look at the next code: int xmin=max(xl1, max(xl2, xl3)); It works fine in the debug version, but gives me some nonsense in the release one. At that very time this variant works properly in both versions: int xmin=xl1; if(xmin
a_matseevsky wrote:
Any idea how could it be?
Perhaps nonstandard compiler options or linker options. And I am rather certain that max() is a macro. Which means that the only possible source of the problem would be an optimization. Excluding of course some pointer bug, which could cause almost any problem. And I am also certain that you could write a trivially small program that would demonstrate this, which is basically what has already been asked. If you cannot in fact demonstrate the same problem with the trivial program then it would point to some other problem in your application.
-
a_matseevsky wrote:
Any idea how could it be?
Perhaps nonstandard compiler options or linker options. And I am rather certain that max() is a macro. Which means that the only possible source of the problem would be an optimization. Excluding of course some pointer bug, which could cause almost any problem. And I am also certain that you could write a trivially small program that would demonstrate this, which is basically what has already been asked. If you cannot in fact demonstrate the same problem with the trivial program then it would point to some other problem in your application.
There is no way to demonstrate problem, if compiler is unstable. problem disappeared, when I replaced max() and min(), but occurred again after some insignificant change in code (which was made far from the procedure, where problem occurred!). I used default compiler's options. Later, when I was looking for the source of the problem, I created database and set /Zi switch for the release version. After these actions I was able to find the very command, which destroyed my data. The next was trivial- I find offsets of local variables and noticed, that some of them was incorrectly placed (one partially overlaps another). This is the bug in compiler, not mine.
-
There is no way to demonstrate problem, if compiler is unstable. problem disappeared, when I replaced max() and min(), but occurred again after some insignificant change in code (which was made far from the procedure, where problem occurred!). I used default compiler's options. Later, when I was looking for the source of the problem, I created database and set /Zi switch for the release version. After these actions I was able to find the very command, which destroyed my data. The next was trivial- I find offsets of local variables and noticed, that some of them was incorrectly placed (one partially overlaps another). This is the bug in compiler, not mine.
-
a_matseevsky wrote:
This is the bug in compiler, not mine.
Then go and tell Microsoft about it, as I already suggested, since you refuse to show us any of the code which causes the problem.
Veni, vidi, abiit domum
I will. I've just registered at M$'s site. And I got you all info to understand, where the problem is. For me situation is clear. What I got, running release under debugger: lrct {top=30 bottom=958 left=162 right=750} 0041A88F fst qword ptr [ebp-0D4h] lrct {top=30 bottom=1080213504 left=162 right=0} Here you may see, what made one single command- RECT structure before and after this command. What additional info do you need? Prefix "tv" definitely means Temporarily Variables. This variable was placed too close to storage of RECT structure and fst overwrote it. If you cannot see it, I wash my hands. If you do not know, which bytes fst overwrite, sorry, man- there are problems, which obviously cannot be solved at the level of source code. One must dig deeper. And to do it, you must know many things, like assembler, structure of stack frame and so on and so on. (lrct was stored at ebp-0DCh)
-
I will. I've just registered at M$'s site. And I got you all info to understand, where the problem is. For me situation is clear. What I got, running release under debugger: lrct {top=30 bottom=958 left=162 right=750} 0041A88F fst qword ptr [ebp-0D4h] lrct {top=30 bottom=1080213504 left=162 right=0} Here you may see, what made one single command- RECT structure before and after this command. What additional info do you need? Prefix "tv" definitely means Temporarily Variables. This variable was placed too close to storage of RECT structure and fst overwrote it. If you cannot see it, I wash my hands. If you do not know, which bytes fst overwrite, sorry, man- there are problems, which obviously cannot be solved at the level of source code. One must dig deeper. And to do it, you must know many things, like assembler, structure of stack frame and so on and so on. (lrct was stored at ebp-0DCh)
a_matseevsky wrote:
there are problems, which obviously cannot be solved at the level of source code
But without the source code it is impossible to understand the structure of the program or why these variables are being allocated the way they are. You keep saying you have given us all the information but all you have shown is two or three lines of assembler without any context, so there is no way we can begin to understand what is happening or why. I must confess I am at a total loss to understand why you refuse to provide the information that we have asked for so we can try and help you.
Veni, vidi, abiit domum
-
a_matseevsky wrote:
there are problems, which obviously cannot be solved at the level of source code
But without the source code it is impossible to understand the structure of the program or why these variables are being allocated the way they are. You keep saying you have given us all the information but all you have shown is two or three lines of assembler without any context, so there is no way we can begin to understand what is happening or why. I must confess I am at a total loss to understand why you refuse to provide the information that we have asked for so we can try and help you.
Veni, vidi, abiit domum
You cannot help me. How could you help me, if you even do not know, which bytes overwrites fst command? I do not send my procedure only because of its size. And I know now, where the problem is. Well, if you think that the problem is in my code, look at two small pieces and try to understand, why and which one works properly, but the other does not. I fixed the problem (well, not completely- I only rewrote my code, using my knowledge about compiler's incorrect behavior. lrct was removed at all.) Variant A: int xmin=xf+(fct*pdpr->m_croprect[Right].left-xf-ddi)*(xl-xf)/(yr1-yr0); int xmax=xl+(fct*pdpr->m_croprect[Left].right-xl)*(xl-xf)/(yl1-yl0); h=0.5*pdpr->m_croprect[Left].top+0.5*pdpr->m_croprect[Left].bottom; pdpr->GetKorrHorz2D(xfirst, xlast, Dv, Dh, h, ddi, yh, yv, yhs, yvs, pKorr, ph, pv); pdpr->GetCorrLineH2(xfirst, xlast, h, ddi, yh, yv, yh, yv, ph, pv, 0, 0); yl0=xf+0.5*yh[xf]; yl1=xl+0.5*yh[xl]; yr0=xf+ddi-0.5*yh[xf]; yr1=xl+ddi-0.5*yh[xl]; int xl2=xf+(fct*pdpr->m_croprect[Right].left-xf-ddi)*(xl-xf)/(yr1-yr0); if(xl2>xmin) xmin=xl2; int xr2=xl+(fct*pdpr->m_croprect[Left].right-xl)*(xl-xf)/(yl1-yl0); if(xmax>xr2) xmax=xr2; h=0.1*pdpr->m_croprect[Left].top+0.9*pdpr->m_croprect[Left].bottom; pdpr->GetKorrHorz2D(xfirst, xlast, Dv, Dh, h, ddi, yh, yv, yhs, yvs, pKorr, ph, pv); pdpr->GetCorrLineH2(xfirst, xlast, h, ddi, yh, yv, yh, yv, ph, pv, 0, 0); yl0=xf+0.5*yh[xf]; yl1=xl+0.5*yh[xl]; yr0=xf+ddi-0.5*yh[xf]; yr1=xl+ddi-0.5*yh[xl]; int xl3=xf+(fct*pdpr->m_croprect[Right].left-xf-ddi)*(xl-xf)/(yr1-yr0); if(xl3>xmin) xmin=xl3; int xr3=xl+(fct*pdpr->m_croprect[Left].right-xl)*(xl-xf)/(yl1-yl0); if(xmax>xr3) xmax=xr3; xfirst=xmin+0.02*(xmax-xmin); xlast=xmax-0.02*(xmax-xmin); Variant B: int xl1=xf+(fct*pdpr->m_croprect[Right].left-xf-ddi)*(xl-xf)/(yr1-yr0); int xr1=xl+(fct*pdpr->m_croprect[Left].right-xl)*(xl-xf)/(yl1-yl0); h=0.5*pdpr->m_croprect[Left].top+0.5*pdpr->m_croprect[Left].bottom; pdpr->GetKorrHorz2D(xfirst, xlast, Dv, Dh, h, ddi, yh, yv, yhs, yvs, pKorr, ph, pv); pdpr->GetCorrLineH2(xfirst, xlast, h, ddi, yh, yv, yh, yv, ph, pv, 0, 0); yl0=xf+0.5*yh[xf]; yl1=xl+0.5*yh[xl]; yr0=xf+ddi-0.5*yh[xf]; yr1=xl+ddi-0.5*yh[xl]; int xl2=xf+(fct*pdpr->m_croprect[Right].left-xf-ddi)*(xl-xf)/(yr1-yr0); int xr2=xl+(fct*pdpr->m_croprect[Left].right-xl)*(xl-xf)/(yl1-yl0); h=0.1*pdpr->m_croprect[Left].top+0.9*pdpr->m_croprect[Left].bottom; pdpr->GetKorrHorz2D(xfirst, xlast, D
-
There is no way to demonstrate problem, if compiler is unstable. problem disappeared, when I replaced max() and min(), but occurred again after some insignificant change in code (which was made far from the procedure, where problem occurred!). I used default compiler's options. Later, when I was looking for the source of the problem, I created database and set /Zi switch for the release version. After these actions I was able to find the very command, which destroyed my data. The next was trivial- I find offsets of local variables and noticed, that some of them was incorrectly placed (one partially overlaps another). This is the bug in compiler, not mine.
a_matseevsky wrote:
There is no way to demonstrate problem, if compiler is unstable. problem disappeared
Compilers are not "unstable" in the way you are suggesting. If the environment is the same and stable and the compiler is same and the source (and build environment) is the same then excluding so runtime constants such as timestamps and hashes the output is the same.
a_matseevsky wrote:
when I replaced max() and min(), but occurred again after some insignificant change in code (which was made far from the procedure, where problem occurred!)....This is the bug in compiler, not mine.
Sorry then but that statement suggests that there is no other possible reason except that you have a pointer bug. Your application is misusing something somewhere. The nature of max and what it does in terms of integers has not changed in years. One can't do much more in terms of optimizations with it, since for the most part it is the how the integers themselves are located and not the execution that can be optimized (and I only mention that because optimization was the only other explanation.) However pointer bugs can impact almost anything in the application. And although a pointer bug might cause a problem where the actual pointer is in use it can in fact only show up far from the buggy code. (And I know this from experience not conjecture.) It also doesn't need to reflect anything in the code that you changed in that it doesn't need to have a pointer in it. What matters is that you changed the execution path (by definition that is what code changes mean) and because of that something that could have been a bug but undetected for months or even years now causes some unexpected failure. And I want to emphasize again that the pointer bug could be anywhere. The behavior you are seing is a symptom not a cause.
-
a_matseevsky wrote:
There is no way to demonstrate problem, if compiler is unstable. problem disappeared
Compilers are not "unstable" in the way you are suggesting. If the environment is the same and stable and the compiler is same and the source (and build environment) is the same then excluding so runtime constants such as timestamps and hashes the output is the same.
a_matseevsky wrote:
when I replaced max() and min(), but occurred again after some insignificant change in code (which was made far from the procedure, where problem occurred!)....This is the bug in compiler, not mine.
Sorry then but that statement suggests that there is no other possible reason except that you have a pointer bug. Your application is misusing something somewhere. The nature of max and what it does in terms of integers has not changed in years. One can't do much more in terms of optimizations with it, since for the most part it is the how the integers themselves are located and not the execution that can be optimized (and I only mention that because optimization was the only other explanation.) However pointer bugs can impact almost anything in the application. And although a pointer bug might cause a problem where the actual pointer is in use it can in fact only show up far from the buggy code. (And I know this from experience not conjecture.) It also doesn't need to reflect anything in the code that you changed in that it doesn't need to have a pointer in it. What matters is that you changed the execution path (by definition that is what code changes mean) and because of that something that could have been a bug but undetected for months or even years now causes some unexpected failure. And I want to emphasize again that the pointer bug could be anywhere. The behavior you are seing is a symptom not a cause.
I can only recommend to you reread the whole discussion. I do know now, where the problem is. OK, compiler is absolutely stable. No problem with it. But it works incorrectly. It reserves some places in a stack for temporary variables. In fact, these variables stores content of co-processor's registers. Some of such temporary variables overlap (partially or completely) another local variables. It might be no problem- some local variables are visible only within some block, not within the whole procedure. If execution of code leaves some block (part of code within such {} brackets), all variables, declared within this block, becomes inaccessible and their place in a stack may be rewritten by another local variable. But compiler creates exe file, which performs this op even when some local variable is visible and accessible!!! And it happens not only with RECT structure, but with some of other local variables too. I saw this process, when I was running release version under debugger. Look up, where I placed piece of my code. Variable "h" was rewritten at least once. If it is not a compiler's bug, I'm definitely an elefant.
-
You cannot help me. How could you help me, if you even do not know, which bytes overwrites fst command? I do not send my procedure only because of its size. And I know now, where the problem is. Well, if you think that the problem is in my code, look at two small pieces and try to understand, why and which one works properly, but the other does not. I fixed the problem (well, not completely- I only rewrote my code, using my knowledge about compiler's incorrect behavior. lrct was removed at all.) Variant A: int xmin=xf+(fct*pdpr->m_croprect[Right].left-xf-ddi)*(xl-xf)/(yr1-yr0); int xmax=xl+(fct*pdpr->m_croprect[Left].right-xl)*(xl-xf)/(yl1-yl0); h=0.5*pdpr->m_croprect[Left].top+0.5*pdpr->m_croprect[Left].bottom; pdpr->GetKorrHorz2D(xfirst, xlast, Dv, Dh, h, ddi, yh, yv, yhs, yvs, pKorr, ph, pv); pdpr->GetCorrLineH2(xfirst, xlast, h, ddi, yh, yv, yh, yv, ph, pv, 0, 0); yl0=xf+0.5*yh[xf]; yl1=xl+0.5*yh[xl]; yr0=xf+ddi-0.5*yh[xf]; yr1=xl+ddi-0.5*yh[xl]; int xl2=xf+(fct*pdpr->m_croprect[Right].left-xf-ddi)*(xl-xf)/(yr1-yr0); if(xl2>xmin) xmin=xl2; int xr2=xl+(fct*pdpr->m_croprect[Left].right-xl)*(xl-xf)/(yl1-yl0); if(xmax>xr2) xmax=xr2; h=0.1*pdpr->m_croprect[Left].top+0.9*pdpr->m_croprect[Left].bottom; pdpr->GetKorrHorz2D(xfirst, xlast, Dv, Dh, h, ddi, yh, yv, yhs, yvs, pKorr, ph, pv); pdpr->GetCorrLineH2(xfirst, xlast, h, ddi, yh, yv, yh, yv, ph, pv, 0, 0); yl0=xf+0.5*yh[xf]; yl1=xl+0.5*yh[xl]; yr0=xf+ddi-0.5*yh[xf]; yr1=xl+ddi-0.5*yh[xl]; int xl3=xf+(fct*pdpr->m_croprect[Right].left-xf-ddi)*(xl-xf)/(yr1-yr0); if(xl3>xmin) xmin=xl3; int xr3=xl+(fct*pdpr->m_croprect[Left].right-xl)*(xl-xf)/(yl1-yl0); if(xmax>xr3) xmax=xr3; xfirst=xmin+0.02*(xmax-xmin); xlast=xmax-0.02*(xmax-xmin); Variant B: int xl1=xf+(fct*pdpr->m_croprect[Right].left-xf-ddi)*(xl-xf)/(yr1-yr0); int xr1=xl+(fct*pdpr->m_croprect[Left].right-xl)*(xl-xf)/(yl1-yl0); h=0.5*pdpr->m_croprect[Left].top+0.5*pdpr->m_croprect[Left].bottom; pdpr->GetKorrHorz2D(xfirst, xlast, Dv, Dh, h, ddi, yh, yv, yhs, yvs, pKorr, ph, pv); pdpr->GetCorrLineH2(xfirst, xlast, h, ddi, yh, yv, yh, yv, ph, pv, 0, 0); yl0=xf+0.5*yh[xf]; yl1=xl+0.5*yh[xl]; yr0=xf+ddi-0.5*yh[xf]; yr1=xl+ddi-0.5*yh[xl]; int xl2=xf+(fct*pdpr->m_croprect[Right].left-xf-ddi)*(xl-xf)/(yr1-yr0); int xr2=xl+(fct*pdpr->m_croprect[Left].right-xl)*(xl-xf)/(yl1-yl0); h=0.1*pdpr->m_croprect[Left].top+0.9*pdpr->m_croprect[Left].bottom; pdpr->GetKorrHorz2D(xfirst, xlast, D
-
Here you are. I could you recommend one useful book, written by John Robbins- "Debugging Applications". If you haven't read it, you'll find there many useful things.
-
Here you are. I could you recommend one useful book, written by John Robbins- "Debugging Applications". If you haven't read it, you'll find there many useful things.
-
It is only my suggestion. There are few books on debugging, and this one is really useful.
-
Richard, you have the patience of a saint.
We can’t stop here, this is bat country - Hunter S Thompson RIP
-
I clearly demonstrated, what cased problem in particular. I can repeat it again. There was two local variables: _lrct$ = -212 ; size = 16 tv5476 = -204 ; size = 8 The next command rewrites 8 bytes of _lrct$ fst QWORD PTR tv5476[ebp] That's all info. Which data in particular was replaced and by what- means nothing. The only important fact is that data was replaced with something else.
This is not the C/C++ source code. There is a reason Richard is asking for it: it is all too common among people working "close to the metal" to "over-optimize" their code in a way that is simply wrong, or leads the compiler to produce inieffective or incorrect code. I'm not saying you did that, but you wouldn't be the first nor would you be the last. Anyway, we can't decide where the error or bug is without seeing the actual C/C++ source code. Nor can anyone provide additional suggestions or help if you don't at the very least offer us the same information that your compiler got.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
-
Thanks, boys, for yours comments, but I've just found the reason. And it did not make me happy. Really, great knowledge means great pain. Look at this small part of a stack frame: _lrct$ = -212 ; size = 16 tv5476 = -204 ; size = 8 Do you see something interesting here? A RECT structure of size 16 bytes and something too close to it- in fact, variable tv5476 partially overlaps RECT. And what command fst QWORD PTR tv5476[ebp] does? It rewrites half of my RECT. I can only hope, that it is the bug in my own Visual Studio. I'll reinstall it- may be, it will help (once I met something like tis- a "new" operator refused to work at all and re installation resolved this situation)
There are a whole lot of questions that remain unanswered. Either may deliver the true reason for the bug you're experiencing. Compiler bugs are certainly possible, but rather unlikely. You should really look at the problem again and consider some or all of the following questions: 1. Where did you get the information that - _lrct$ refers to the start address of the RECT struct you're referring to - the RECT struct is really 16 bytes in size - the offsets you show are in fact relative to the same base address 2. Did you derive from your observation of these addresses that part of your data is overwritten, or did you check the actual RECT structure to verify that? 3. What are the original declarations of the C/C++ symbols corresponding to the two addresses _lrct$ and tv5476? 4. How were the two objects allocated? 5. Are you sure that one of them (the RECT) hasn't been deallocated in the meantime? Note that optimizers may discard variables before the end of their lifetime as seen in code if they realize it is no longer used! I'm sure I could think of more questions, but this could be much more productive if we could see the actual code ...
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
-
There are a whole lot of questions that remain unanswered. Either may deliver the true reason for the bug you're experiencing. Compiler bugs are certainly possible, but rather unlikely. You should really look at the problem again and consider some or all of the following questions: 1. Where did you get the information that - _lrct$ refers to the start address of the RECT struct you're referring to - the RECT struct is really 16 bytes in size - the offsets you show are in fact relative to the same base address 2. Did you derive from your observation of these addresses that part of your data is overwritten, or did you check the actual RECT structure to verify that? 3. What are the original declarations of the C/C++ symbols corresponding to the two addresses _lrct$ and tv5476? 4. How were the two objects allocated? 5. Are you sure that one of them (the RECT) hasn't been deallocated in the meantime? Note that optimizers may discard variables before the end of their lifetime as seen in code if they realize it is no longer used! I'm sure I could think of more questions, but this could be much more productive if we could see the actual code ...
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
-
Did you see this message in the thread[^]? It (sort of) explains quite a lot.
Veni, vidi, abiit domum
Umm ... yes ... I kind of see it now I think I'll go ... meditate or something
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
-
Umm ... yes ... I kind of see it now I think I'll go ... meditate or something
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
Dear Stefan, it seems to me, that I have to remind you some theory. Local variables within some procedure may be addressed via ebp or esp. In my particular case they was addressed via ebp. It is much simpler to read such code, because ebp remains constant within a procedure. I some local variable is defined within some block, it becomes inaccessible, when eip leaves this particular block. Its place may be overwritten by something else, that's correct. But simultaneously debugger refuses to show this variable!!! But it showed it- therefore, lrct (16 byte RECT structure) was in its own block, was visible and accessible. But it was partially overwritten- 8 bytes was used as temporary storage for ST(0). That behavior cannot be taken as a normal one. And not lrct only- same fate waited h and maybe something else.
-
Dear Stefan, it seems to me, that I have to remind you some theory. Local variables within some procedure may be addressed via ebp or esp. In my particular case they was addressed via ebp. It is much simpler to read such code, because ebp remains constant within a procedure. I some local variable is defined within some block, it becomes inaccessible, when eip leaves this particular block. Its place may be overwritten by something else, that's correct. But simultaneously debugger refuses to show this variable!!! But it showed it- therefore, lrct (16 byte RECT structure) was in its own block, was visible and accessible. But it was partially overwritten- 8 bytes was used as temporary storage for ST(0). That behavior cannot be taken as a normal one. And not lrct only- same fate waited h and maybe something else.
a_matseevsky wrote:
within a procedure
This is just one of many bits of information you haven't really provided. Therefore the wide array of questions. I am well aware that many probably don't make a lot of sense to ask in your particular case if you see the exact code that the compiler used to produce the assembly. But as repeatedly mentioned, you haven't provided that code, so all we can do is guess and poke in the dark. In the meantime I've spotted the code that you posted in a different branch of this thread. It isn't the original code though, and doesn't provide sufficient insight to answer any of the questions I posted. You state that variant A doesn't work, but it doesn't use the max() function, so we have to assume that the assembler code generated from that doesn't match the bits you later found to be incorrect (if they are indeed that - we still do not know) In the code you posted you use some variables that are only referenced over a couple of lines. They may not in fact be stored in the stack at all! As a result, the debugger will not show their contents in the optimized release code. Similarly, if you define a struct with data that is never referenced, the compiler may decide to optimize away the unneeded bits, reducing the size of the struct. You haven't posted the definition of the struct, nor where it's accessed, so it's impossible to tell if that is the case. I could go on and easily bring up half a dozen or more other optimization techniques that you appear to be unaware of, and that will confound your ability to read useful information from the debugger alone within optimized code. But it's pointless.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
