diff options
| author | Patrick Georgi <pgeorgi@google.com> | 2018-07-04 17:01:29 +0200 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-07-17 09:08:11 -0700 |
| commit | 987ad5eaed2201c41820aa7f81333e1733a124a0 (patch) | |
| tree | a1245f56e10e3fe3155dc23ff44bfc3e6ff2d7fa | |
| parent | 9b1435c8cd31e01f18dd2b01a91517d0e5bc3ec4 (diff) | |
| download | chrome-ec-987ad5eaed2201c41820aa7f81333e1733a124a0.tar.gz | |
panic_output: undefined behaviour elicits abort() calls
Explicitly coding x/0 doesn't result in a div-by-zero fault, but in an
abort() call, which breaks the build as abort doesn't exist.
By marking zero as volatile, the compiler must not assume that the value
is still the same, so can't do constant subexpression elimination and
determine that this expression leads to UB.
Hat tip to shawnn@ for this unexpectedly elegant approach (compared to
all other approaches).
BUG=none
BRANCH=none
TEST=buildall works with gcc8.1
Change-Id: Idd34e3b4119d0d6a5231576e768ee285c621d229
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1126318
Commit-Ready: Patrick Georgi <pgeorgi@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
| -rw-r--r-- | common/panic_output.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/common/panic_output.c b/common/panic_output.c index e54cb0caf8..e6b48a375d 100644 --- a/common/panic_output.c +++ b/common/panic_output.c @@ -164,12 +164,12 @@ static int command_crash(int argc, char **argv) if (!strcasecmp(argv[1], "assert")) { ASSERT(0); } else if (!strcasecmp(argv[1], "divzero")) { - int zero = 0; + volatile int zero = 0; cflush(); ccprintf("%08x", (long)1 / zero); } else if (!strcasecmp(argv[1], "udivzero")) { - int zero = 0; + volatile int zero = 0; cflush(); ccprintf("%08x", (unsigned long)1 / zero); |