I-10 I-C ne-C++ Bugs ezaziwa emakethe ye-open-source ngo-2025

Unyaka kulo nyaka, sinikeza izindawo eziningi ze-open-source, ukuhlola izinhlamvu, ukuthatha izimpendulo kanye nokuhlola ama-trophies. Namhlanje, sinikezela ukufinyelela e-salon enhle kakhulu: i-sheriff enhle enikezela embhedeni futhi inikezela izimpendulo ezingu-10 ezinzima futhi ezinzima e-Wild West. Ingaba uneminyaka emangalisayo? Ngonyaka wonke, sincoma ama-bug ahlukahlukene ezivela ku-C kanye ne-C++ amaphrojekthi ezivela. Sihlanganisa ngamunye, i-interrogated, futhi i-registered ama-feeddoers yayo ku-file. Ngemuva kwalokho, i-time to recall the most notory cases. Namhlanje, Ngizokufundisa umbhalo mayelana nezinhlangano ezingu-10 ezinzima etholakalayo etholakalayo ezivela emangalisayo e-Wild West. Kulezi zihlanganisi, sinalo ifayela eyahlukile — umbhalo ephelele. Futhi kulezi zihlanganisa, sinezihlanganisa izihloko ezingu-5 ezidumile ku-C kanye ne-C++ amaphrojekthi ezivela ngoLwesihlanu: Ukulungiselela kanjani ukusetshenziswa kwe-polymorphic allocators kungabangela ukuphila kwakho Umhlahlandlela we-C++ Programming ku-Undefined Behavior I-History of C and C++. Isigaba yesibili: I-standardization ye-C and C++, i-Qt, i-Clang, ne-Unreal Engine std::array ku-C++ iyakusheshayo kunama-array ku-C. Ukusebenza kwe-Safe Array? Akukwazi ukuyifaka You can find the complete list of articles from our blog on our website via link. ikhaya Thola, traveler, umlando uya kuba elide N10 Uma, thina ingozi mayelana nokumangaliswa kwelanga. I-Mare iyatholakala ngokushesha, kodwa lapho thina ukhangela emadolobheni, i-Mare ndingathanda emoyeni enhle. I-PVS-Studio ibonisa ukuthi: I-literal '0.5f' ye-type ye- 'float' ikhiwa ngempumelelo ku-type ye-'unsigned char' ngenkathi ukhangela i-function ye-'SetRenderColor'. 168 Ukubuyekezwa imikhiqizo Letihlobene typedef unsigned char byte; inline void CBaseEntity::SetRenderColor( byte r, byte g, byte b, byte a ) { m_clrRender.Init( r, g, b, a ); } void CGrenadeBugBait::BugBaitTouch( CBaseEntity *pOther ) { .... if ( pSporeExplosion ) { .... pSporeExplosion->SetRenderColor( 0.0f, 0.5f, 0.25f, 0.15f ); // <= .... } .... } Waze I-FUNCTION YOKUQALA umbala ama-values, lapho zonke ama-parameter iyona uhlobo nge-variable value range of Uma uxhumane arguments of the isithombe, isigaba esihlalweni izikhwama. Ngakho, Ngena ngemva Ngena ngemva Ngena ngemva I-function parameters iya kuba izinga ezinguquko . SetRenderColor RGBA unsigned char [0 .. 255] float r g b a 0 Ngokuqhathanisa, i-repository inesibopho ulwazi se-blame, ngakho-ke i-scenario ezimbili mayelana ne-how this error appeared in the code. Ukusetshenziswa kwe-Function okwakhiwa kwe-colors ku-floating-point representation. Ukusetshenziswa okwakhiwa ngempumelelo, kodwa akuyona zonke i-call sites. I-developer ngempumelelo ukuthi i-SetRenderColor isebenzisa izibalo ze-floating-point kanye nokufaka ngokuvumelana. Ngiyazi izixazululo ezivamile: V674 I-literal '0.5f' ye-type ye- 'float' isetshenziswe ngempumelelo ku-type ye-'unsigned char' ngenkathi ukhangela i-function ye-'SetRenderColor'. Ukuhlola isibalo yesibili. weapon_bugbait.cpp 171 V674 I-literal '25.6' ye-type 'double' ikhiwa ngempumelelo ku-int' ukhiwa ngenkathi ukhiwa i-function 'SetScrollRate'. Ukuhlola isisekelo yokuqala. grenade_tripmine.cpp 179 Thola le bug ku-Source SDK project. Ungathola inkinobho ephelele ku-link. ikhaya N9 Okokuqala, thina ukhangela amayunithi ezingu-100 efanayo ngokusebenzisa i-prairie. Lokhu kwenziwa ukuthi thina siye kwenziwa kwelinye. Ngemuva kwalokho, lokhu kwenziwa emzimbeni ephelele. I-PVS-Studio ibonisa ukuthi: Ukusetshenziswa kwe-"if (A) {...} else if (A) {...}" isampula esithathwe. Kukho amathuba yokufinyelela kwe-error logical. Imininingwane zokuphathwa: 2903, 3053. Waze517 ibhizinisi _ ibhizinisi _ ibhizinisi _ ibhizinisi BIF_RETTYPE system_info_1(BIF_ALIST_1) { .... if (is_tuple(BIF_ARG_1)) { // L2778 .... } else if (BIF_ARG_1 == am_scheduler_id) { // L2782 .... } .... else if (BIF_ARG_1 == am_garbage_collection) { // L2903 .... } else if (BIF_ARG_1 == am_fullsweep_after) { // L2921 .... } else if (BIF_ARG_1 == am_garbage_collection) { // L3053 .... } else if (BIF_ARG_1 == am_instruction_counts) { // L3056 .... } .... else if (ERTS_IS_ATOM_STR("halt_flush_timeout", BIF_ARG_1)) { // L3552 .... } } I-analyzer i-detected several branches with identical checks in a function containing a huge number of Imibuzo - Ngaphandle kwalokho, zonke zihlanganisa ngokufanayo: Waze Ngokusho inani ama-branches kanye ne-150-line gap phakathi kwama-duplicates, akugqiba ukuthi lokhu ingatholakala. Ukuhlolwa kwe-static inikeza ukuthintela izimo zayo. if-else if Ngaphezulu kwe-800 amaphuzu Ukubuyekezwa okokuqala second check Thola le bug ku-Erlang project; ungakwazi ukufumana inkinobho ephelele ku-link. ikhaya N8 Ngingathanda umbhali owawumelana nathi, umbhali owawumelana nathi: "Wenomdlawu. I-PVS-Studio ibonisa ukuthi: I- "ngemuva kwalokho" isibuyekezo ku-code fragment esilandelayo. Ukuhlobisa cmComputeLinkInformation.cxx 1748 bool cmComputeLinkInformation::CheckImplicitDirItem(LinkEntry const& entry) { BT const& item = entry.Item; // We only switch to a pathless item if the link type may be // enforced. Fortunately only platforms that support link types // seem to have magic per-architecture implicit link directories. if (!this->LinkTypeEnabled) { return false; } // Check if this item is in an implicit link directory. std::string dir = cmSystemTools::GetFilenamePath(item.Value); if (!cm::contains(this->ImplicitLinkDirs, dir)) { // Only libraries in implicit link directories are converted to // pathless items. return false; } // Only apply the policy below if the library file is one that can // be found by the linker. std::string file = cmSystemTools::GetFilenameName(item.Value); if (!this->ExtractAnyLibraryName.find(file)) { return false; } return false; } I-analyzer ibonise ukuthi kukhona okufakiwe nge- Ukusebenza: CheckImplicitDirItem umkhakha wamanje we-ultimate ifayibha ifayibha ifayibha ifayibha ifayibha ifayibha; Zonke izakhiwo zokusebenza kwe-function zihlukanise yi-false return; Uma uqhagamshelane ku-AddFullItem, akukwazi ukuguqulwa okusheshayo; umzimba we-function ephelele kungenziwa yi-return false;, njengoko lokhu akubuyekeza umsebenzi we-program. Qaphela ukuthi ifunyenwe usebenzisa " isampula esiza ukunciphisa isakhiwo se-code: imiphumela enhle esekelwe ekupheleni kwe-function, futhi inani elinye le-code-ukuba isisekelo se-function-ukugcina i-function ngokushesha. early return Ngo-example yethu, singatholakala ukuthi umphumela we-"positive" ye-function iyona umphumela we-object uhlobo lithumela zonke izivivinyo ezidingekayo nge-a Ukubuyekezwa Value LinkEntry true Ngiyazi indlela yokulungisa ikhodi: .... std::string file = cmSystemTools::GetFilenameName(item.Value); if (!this->ExtractAnyLibraryName.find(file)) { return false; } return true; Thola le bug ku-CMake project; ungakwazi ukufumana inkinobho ephelele ku-link. ikhaya N7 Uma eminye emaphandleni, ngithanda umdlali wabhala wonke umdlali wabhala wonke umdlali wayo ku-card eyenziwe ngisho ku-deck. Umdlali wabhala nje amabhala wayo, futhi umdlali wabhala embhedeni. I-PVS-Studio ibonisa ukuthi: I-Dereferencing ye-iterator ebangalisayo 'shades.end()' ingatholakala. Ukuhlobisa ColorHelper.cpp 194 winrt::Windows::UI::Color ColorHelper::GetAccentColor( const winrt::Windows::UI::Color& color ) { .... auto shades = std::map (); .... // 3f is quite nice if the whole non-client area is painted constexpr auto readability = 1.75f; for (auto shade : shades) { if (shade.first >= readability) { return HslToRgb(shade.second); } } return HslToRgb(shades.end()->second); // <= } Ingabe kunokwenzeka ukuthi akukho umugqa akufanele izinga lokufuna? Asikwazi ukuthi, kodwa kungcono kakhulu. Lokhu kuyinto Waze —hhayi kufuneka uxhumane inkinobho ye-psychic ukuze zibonise, kusukela dereferencing Ngenxa yalokhu, njengoko le iterator ibonise ngexesha lokugqibela kwelinye element e . Umbhali Case Ukusebenza okungaziwa std::map::end() std::map Thola le bug ku-Windows Terminal Project; ungakwazi ukufumana inkinobho ephelele ku-link. ikhaya N6 Ngilande ngama-collaborator ngama-collaborator ngama-collaborator eyenza i-treasure etholakalayo. I-collaborator wahlala, wahlala, futhi wahlala njenge-mirage. Ngaphandle kwalokho, akukho umuntu wabhala. I-PVS-Studio ibonisa ukuthi: Umhlahlandlela we-"graph" iyahlanjiswa lapho i-smart pointer eyenziwa yi-function iyahlanjiswa. Ukuhlobisa ukunakekela.cpp 391 template struct Ptr : public std::shared_ptr ; // .... Ptr FlannNeighborhoodGraph::create( const Mat &points, int points_size, int k_nearest_neighbors_, bool get_distances, int flann_search_params_, int num_kd_trees) { return makePtr (points, points_size, k_nearest_neighbors_, get_distances, flann_search_params_, num_kd_trees); } void Utils::densitySort (const Mat &points, int knn, Mat &sorted_points, std::vector &sorted_mask) { // .... // get neighbors FlannNeighborhoodGraph &graph = // sum_knn_distances (points_size, 0); for (int p = 0; p &dists = graph.getNeighborsDistances(p); for (int k = 0; k struct Ptr : public std::shared_ptr { inline Ptr(const std::shared_ptr & o) CV_NOEXCEPT : std::shared_ptr (o) {} inline Ptr(std::shared_ptr && o) CV_NOEXCEPT : std::shared_ptr (std::move(o)) {} typename std::add_lvalue_reference ::type operator*() const CV_NOEXCEPT { return *std::shared_ptr ::get(); } // .... } template static inline Ptr makePtr(const A1&... a1) { static_assert( !has_custom_delete ::value, "Can't use this makePtr with custom DefaultDeleter"); return (Ptr )std::make_shared (a1...); } Using smart pointers doesn't resolve the issues of dangling references and memory access here. Let's dig into this. This is how the code works. I-create function ikhiqiza futhi ivumela i-smart pointer ye-FlannNeighborhoodGraphImpl uhlobo, futhi inani lokuphendula kwegama le-object kuyinto eyodwa. The reference is created for the value of this smart pointer while the object reference count remains unchanged. graph Ngenxa yokuba i-pointer kuyinto i-object ephilayo, i-reference counter iya kufinyelela ku-null ngemuva kokufinyelelwa kwe-initialization, okuvuthwa kwe-object eyenziwe. Ngokuye, i-reference ibonisa ku-object eyenziwe. The loop references an invalid reference. for Ngenxa yalokho, ikhowudi ebonakalayo ivela ekusebenzeni okungaziwa. Ngaphezu kwalokho, i-PVS-Studio ayikho ithuluzi eyodwa ekubuyekeza lokhu; i-sanitizer ikwenza lokhu futhi. . Ukubonisa Ukuze ukuguqulwa oku, kufuneka ukugcina i-smart pointer ukuze umphumela ifakwe kuze ku-end of the block. Ngokwesibonelo, singakwazi : FlannNeighborhoodGraph like lokhu std::vector sum_knn_distances (points_size, 0); { // get neighbors auto graph = FlannNeighborhoodGraph::create(points, points_size, knn, true /*get distances */, 6, 1); for (int p = 0; p &dists = graph->getNeighborsDistances(p); for (int k = 0; k < knn; k++) sum_knn_distances[p] += dists[k]; } } Ngaphezu kwalokho, i-limit isixazululo eside eside eside eside eside eside eside. graph Thola le bug ku-OpenCV project; ungakwazi ukufumana ithimba ephelele ku . ikhaya N5 Once, a local expert drew a map of a river crossing, but he ran out of charcoal. So, the most dangerous section, drawn with the last bits of charcoal, washed away with the first rain. That's where everyone kept disappearing. I-PVS-Studio inikeza ukuthi: Ungathola ukubuyekeza '1 type + 1)' ifomu. Ukuguqulwa kwe-bit ye-value ye-32-bit nge-expansion esilandelayo ku-type ye-64-bit. Waze629 phpdbg_bp.c I-1209 Ukuphakama kwe-bit mask kuyinto engaphansi kokuphakama kwe-operand yokuqala. Lokhu kuholele ukuphazamiseka kwe-bit ezingaphezulu. V784 phpdbg_bp.c I-1209 uint64_t flags .... PHPDBG_API void phpdbg_delete_breakpoint(zend_ulong num) { .... if ((brake = phpdbg_find_breakbase_ex(num, &table, &numkey, &strkey))) { int type = brake->type; char *name = NULL; size_t name_len = 0L; switch (type) { .... default: { if (zend_hash_num_elements(table) == 1) { PHPDBG_G(flags) &= ~(1 type+1)); // type int flags The constant of the type is shifted left by a certain number of bits. Most often, the type is of 32 bits. We hope that the shift isn't by 32 or more bits, otherwise we get . 1 int int undefined behavior The result of the shift is bitwise inverted. The result of the inversion still has the type. int The result of the inversion is expanded to a 64-bit unsigned type due to the left operand. Since the original type is signed, sign extension will occur. This means that for positive numbers, the 32 most significant bits will contain zero bits, and for negative numbers, they'll contain ones. The bitwise "AND" applies the conversion result to . The loss of significant bits in will occur when the right operand is positive. It'll only be so when there is a 31-bit shift to the left—when the 31st bit in has to be cleared. Catch a . flags flags flags proof Notice how much we need to keep in mind for such a harmless expression? The problem lies in the different operand sizes and signs of some subexpressions. To fix it, developers just need to change the type of the Imininingwane kusuka ikhaya , futhi ikhowudi iyahlekile njengezimfuneko: 1 int unsigned long long PHPDBG_G(flags) &= ~( 1uLL type+1)); Thola le bug ku-PHP project; ungakwazi ukufumana ithimba ephelele ngokusebenzisa . ikhaya N4 Ngamunye ngithanda i-cowboy omncane ebutholile. I-cowboy ebutholile ekugqibeleni ebutholile kwelinye i-bar yendawo, kodwa ayifushwe akuyona umdlavuza, kodwa ku-reflection yayo yayo e-mirror ebutholile, ebutholile ku-pieces. I-PVS-Studio ibonisa ukuthi: I-operator ye-assignment kufanele ibhaliswe kumdlavuza we-"this == &other". V794 fs_path.cpp 3 FsPath& FsPath::operator=(FsPath&& other) { m_path = std::move(other.m_path); other.m_path.clear(); return *this; } Ngo-snippet, sincoma i-move assignment operator ye- Class, okuvumela idatha kusuka ku-object eyodwa kuya ku-instance yamanje. Kodwa-ke, akuyona isibuyekezo se-self-allocation , which could lead to unintended consequences. FsPath (this == &other) Uma i-intent yenzelwe ukuhlangabezana ne-objekthi, i- Operation ukwandisa i-Content of Indawo , futhi isicelo esilandelayo ukuze clears the data. As a result, ends up in an unexpected state, and one can only wish developers happy debugging :) m_path = std::move(other.m_path); other.m_path m_path other.m_path.clear(); m_path Ukuze ukunciphisa ingozi, sincoma ukwengeza isikhokelo esilandelayo ekubeni isilawuli: if (this == std::addressof(other)) { return *this; } Ukusebenzisa Ngaphandle kwe-The umqhubi ivimbele ukuguqulwa kwe-address ngayinye lapho umqhubi Ukulungiswa okuphakeme ku-class. std::addressof & & Thola le bug ku-Nau Engine project; ungakwazi ukufumana inkinobho ephelele ku-link. link N3 I once saw a shaman trying to summon a spirit without reaching the sacred grounds. A spirit came, but it was a completely different one—a coyote from the nearest ravine. I-PVS-Studio ibonisa ukuthi: Ukubonisa umsebenzi 'window_id' ye-uninitialized derived class ngenkathi ukuguqulwa kwesigaba se-base 'modal_dialog' kuya kuholele ekusebenzeni okungagunyaziwe. 29 V1099 umphathi wedivayisi class install_dependencies : public modal_dialog { public: explicit install_dependencies(const addons_list& addons) : modal_dialog(window_id()), addons_(addons) // <= {} .... private: virtual const std::string& window_id() const override; .... } Ngenxa ye-snippet ye-code, Ngingathanda ngaphezulu mayelana ne-defined behavior. Njengoba kubonakalisa phezulu, i- Class is derived kusukela Class. Ngaphandle constructor, the base class is initialized with the value returned by (wait for it...) the non-static Function. Ngakho, lokhu kuya kuba: install_dependencies modal_dialog install_dependencies window_id Execution of the initialization list: a call to the method; install_dependencies::window_id a constructor call to the class; modal_dialog an initialization of the data member; addons_ Execution of the constructor body of the class. install_dependencies This results in a function call of a class object which hasn't been initialized yet! This violates the following : Umthetho we-Standard I-member functions (kuquka i-member virtual functions, [class.virtual]) ingasetshenziselwa isakhiwo se-object Ngaphezu kwalokho, isakhiwo se-object ingaba i-operand ye-typeid operator ([expr.typeid]) noma ye-dynamic_cast ([expr.dynamic.cast]). However, if these operations are performed in a ctor-initializer (or in a function called directly or indirectly from a ctor-initializer) before all the mem-initializers for base classes have completed, the program has undefined behavior. Kodwa wagqiba, kukhona ngaphezulu! Njengoba ungathanda, i I-member function yi-virtual ne-overridden ku- Class. Imibuzo ingangena ngemva lapho umdlali ushiye isigaba esithathwe lapho Ukulungiselela window_id install_dependencies window_id When an object of this derived class is created and the Constructor is eyenziwe, akukho ulwazi mayelana nokufika override entsha. Ngakho, Function ngeke ikhulwe njalo ku-initialization list. Lokhu kungabangela ukuhlangabezana ne-intention yokuqala ye-developer. Ungazifunda ngaphezulu kulokhu . installed_dependencies installed_dependencies::window_id here We detected this bug in the Wesnoth project; you can find the full article at the . link ikhaya N2 I knew a cowboy who shot at a shadow on the wall, mistaking it for a lurking enemy. The shot boomed, plaster crumbled, leaving only a hole in the wall. The target never existed, and the repairs took a lot of work. I-PVS-Studio ibonisa ukuthi: The null pointer is passed into 'fseek' function. Inspect the first argument. V575 ekhaya / Ibhizinisi void ati_eeprom_load_mach8(ati_eeprom_t *eeprom, char *fn, int mca) { FILE *fp; .... fp = nvr_fopen(eeprom->fn, "rb"); size = 128; if (!fp) { if (mca) { (void) fseek(fp, 2L, SEEK_SET); // data + 2, 0xff, size - 2); fp = nvr_fopen(eeprom->fn, "wb"); fwrite(eeprom->data, 1, size, fp); .... } Ingabe ufuna ukushumeka kokuthunyelwe kwebhulogi ungene kusayithi lakho? Null pointer ukuguqulwa. fp Thola ukubuyekeza ngaphezulu . The I-standard ayinezinga izidingo ze-function first parameter futhi ayinezinga ukubuyekeza . This means it's up to the standard library developers to handle it properly. Now let's welcome: fseek Kwangathi 11 NULL GNU glibc; BSD libc from FreeBSD 14.3; Microsoft Universal CRT from Windows SDK 10.0.26100; Waze V1.2.5 Izinhlelo ezimbili zokusebenza ze-C standard library zihlanganisa lapha njengezivakashi: I-86Box ayenzelwe ukusebenzisana kwabo, noma ukuhlolwa kokusebenza kwabo. Ngakho-ke, thina kuqala ne izibuyekezo ezivamile ezidlulayo futhi ubhalisele ukuhlala izinyathelo efanayo nge-null file pointer. Ukwakha imiyalezo Flicking the power switch We take an IBM PS/2 model 55SX from the imaginary shelf and "plug in" the IBM 8514/A 2D accelerator made by ATI. ikhaya The first test subject is a Windows instance built using MinGW. We ensure the NVRAM file is absent before starting—we check the umphathi we-The . file. If it is there, we delete it. %userprofile%\86Box VMs\ \nvr ati8514_mca.nvr Ukuguqulwa ku-power supply, futhi ... Nothing exploded! Everything is fine: the NVRAM file is written, the computer is running, and the smoke test on glibc is complete. No defect detected. ikhaya Moving on to FreeBSD. The libc library implements the standard C library in this OS. This is generally true for all BSD-family operating systems. We use the same configuration. We check for the absence of the NVRAM ifayela at the Three, two, one, power is on... ati8514_mca.nvr ~/.local/share/86Box/Virtual Machines/ /nvr Okuningi, kuphela umphumela kusuka Imininingwane ezidlulileyo angakwazi ukucacisa lokhu :) Ben Grubbs ikhaya Ngemuva kokufunda imibala yethu, ngokucindezeleka ngemva kwe-explosion, sinikezela ku-console: sinikezela ukufinyelela okungapheliyo! void VMManagerSystem::launchMainProcess() Full Command: "/root/86Box/build_freebsd/src/86Box" ("--vmpath", "/root/.local/share/86Box/Virtual Machines/somevm", "--vmname", "somevm") Connection received on 86Box.socket.5876c5 Connection disconnected Abnormal program termination while launching main process: exit code 11, exit status QProcess::CrashExit A core dump file appeared next to the emulator executable. Let's welcome LLDB: root@freebsd:~/86Box/build_freebsd/src # lldb 86Box -c 86Box.core (lldb) target create "86Box" --core "86Box.core" Core file '/root/86Box/build_freebsd/src/86Box.core' (x86_64) was loaded. (lldb) bt * thread #1, name = '86Box', stop reason = signal SIGSEGV * frame #0: 0x0000000832f880bf libc.so.7`_flockfile(fp=0x0000000000000000) at _flock_stub.c:65:20 frame #1: 0x0000000832f8b675 libc.so.7`fseek(fp=0x0000000000000000, offset=2, whence=0) at fseek.c:62:2 frame #2: 0x00000000018cd964 86Box`ati_eeprom_load_mach8(eeprom=...., fn= , mca=1) at vid_ati_eeprom.c:61:20 The null pointer inikeza fire show emangalisayo - akukho indlela yokubhalisa ifayela njengoba descriptor yayo iyahlukile. Ngaphandle kwalokho, i-LLDB ayidinga ukusebenza ngokwenene isikhathi esifanayo, ngaphandle kokuphuma nge-silent noma nge-boom enhle kanye ne-effects ezizodwa. Ngakho-ke, angakwazi ukhawuleza kanjani ikhodi kusetshenziswe njenge-Windows. fp lost connection We detected this bug in the 86Box project; you can find the full article at the . link ikhaya N1 A sheriff I know from a neighboring town once wrote in an interrogation transcript that a witness had confirmed his own testimony. The court never figured out if it was a mistake or a clever defense tactic. The PVS-Studio warning: I-sub-expressions ezivamile ezivela emzimbeni ye-operator '==': I-PeekArg.getValNo() == I-PeekArg.getValNo() Waze501 I-PPCISelLowering.cpp 7865 SDValue PPCTargetLowering::LowerCall_AIX(....) const { .... for (unsigned I = 0, E = ArgLocs.size(); I != E;) { .... CCValAssign &GPR1 = VA; .... if (I != E) { // If only 1 GPR was available, there will only be one custom GPR and // the argument will also pass in memory. CCValAssign &PeekArg = ArgLocs[I]; if (PeekArg.isRegLoc() && PeekArg.getValNo() == PeekArg.getValNo()) // <= { assert(PeekArg.needsCustom() && "A second custom GPR is expected."); CCValAssign &GPR2 = ArgLocs[I++]; RegsToPass.push_back(std::make_pair(GPR2.getLocReg(), DAG.getZExtOrTrunc(ArgAsInt, dl, MVT::i32))); } } .... } Thina siphinde ekubeni ukuthi iyiphi inkinobho ye-copy paste. Sishayele ukuthi Zonke imiphumela emibi: getValNo class CCValAssign{ .... unsigned ValNo; unsigned getValNo() const { return ValNo; } } Ngaphandle kwalokho, akubonakali. Hlola i-Last : ukunakekelwa CCValAssign &GPR1 = VA; .... assert(I != E && "A second custom GPR is expected!"); CCValAssign &GPR2 = ArgLocs[I++]; assert(GPR2.isRegLoc() && GPR2.getValNo() == GPR1.getValNo() && GPR2.needsCustom() && "A second custom GPR is expected!"); RegsToPass.push_back( std::make_pair(GPR2.getLocReg(), DAG.getZExtOrTrunc(ArgAsInt, dl, MVT::i32))); Umqondo iyatholakala kahle: isibonelo esizodwa esidlulile esidlalwe ngempumelelo esidlalwe kwebhizinisi esivamile. I-commit text iguquguquka lokhu. This patch implements the caller side of placing function call arguments in stack memory. This removes the current limitation where LLVM on AIX Ukubhalisa imiphumela ye-Fatal Error lapho ama-arguments angakwazi ukufinyelela kumadokhumenti. Qaphela ukuthi, ngaphandle kwe-error ebonakalayo, kukhona isicelo esiyingqayizivele esinye: CCValAssign &PeekArg = ArgLocs[I]; .... CCValAssign &GPR2 = ArgLocs[I++]; // here PeekArg == GPR2 I-developer ingathanda ukudlala okuhle: if (I != E) { CCValAssign &GPR2 = ArgLocs[I]; if (GPR2.isRegLoc() && PeekArg.getValNo() == GPR1.getValNo()) { assert(PeekArg.needsCustom() && "A second custom GPR is expected."); I++; RegsToPass.push_back(std::make_pair( GPR2.getLocReg(), DAG.getZExtOrTrunc(ArgAsInt, dl, MVT::i32))); } } Kodwa ngenxa yobuciko, ama-developer wahlala Ukusuka to show that, unlike the previous unconditional code, the argument now needs to be "peeked" first. And during the copy-paste process, Ngemuva kokuphumelela kokuphumelela kwelanga. PeekArg GPR2 GPR1 Ukuguqulwa Okungenani kufanele: if if (PeekArg.isRegLoc() && PeekArg.getValNo() == GPR1.getValNo()) I-interestingly, ngaphambi kokufika ku-GitHub, i-LLVM yaba i-code review platform, kanye ne-commit eyakhiwe to this website. There, we can see that manual review can't always save the situation: link ikhaya We found this bug in the LLVM project, the full article is available at the . link ikhaya Conclusion Umlilo wahlala kwi-saloon, wahlukaniswa kuphela ngenxa ye-crack ye-death door kanye ne-crackling ye-logs e-camino. Amayunithi amabili amayunithi amabili we-2025 amahora amabili amabili amabili amabili amabili amabili. In this Wild West, you can't get far without a reliable partner, so my trusted helper in every case has been I-analyzer. It iyahambisana ukunceda ukufumana ama-snippets ye-code emibi: I-PvS Studio for ; open-source projects Ukuze izicelo zemfundo; using a for a glorious beginning. 30-day trial version Futhi uma isitimela yakho ithatha kwamanye amazwe, sincoma ukubuyekeza imibuzo mayelana ne-bugs kusuka kumeprojekthi ebhalwe ku-Java ne-C#. ; Top 10 noteworthy Java errors in 2025 . Top 10 errors found in C# projects in 2025