From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 32330 invoked by alias); 3 Jul 2014 20:36:59 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 32163 invoked by uid 48); 3 Jul 2014 20:36:48 -0000 From: "tromey at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug c/59850] Support sparse-style pointer address spaces (type attributes) Date: Thu, 03 Jul 2014 20:36:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: tromey at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-07/txt/msg00186.txt.bz2 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=59850 --- Comment #26 from Tom Tromey --- (In reply to PaX Team from comment #23) > some data points based on my experience with the 'checker' gcc plugin in PaX: Hi. Thanks for your reply. I didn't easily find a git repository holding the checker plugin source. Is it available somewhere? > 1. the C address space infrastructure available since gcc 4.6 can be sort of > coerced into implementing the __user/__kernel/etc address spaces and it > works reasonably well (i'd say even better than sparse as it produces no > false positives in my experience and caught real bugs such as CVE-2014-0038). FWIW I looked into the existing C address space stuff in gcc and after some deliberation decided not to use it. It wasn't directly applicable and tricks like taking some subset of the address space values for use by the attribute would have meant difficult-to-test patches to various back ends. Your code apparently hijacks the target hook, which seems pretty clever, though I guess more suitable in a plugin than in gcc proper. > 2. __force itself presents a problem as its semantics isn't well defined and > only sparse knows how to model it. in gcc it cannot be an attribute as > attributes apply to the outermost variable/etc, e.g., you can't use them on > a pointee in a pointer context. Could you elaborate on this? I think I looked at all the sparse test cases here and I don't recall encountering any real issues (for address space I had to have a hack to deal with function return types, but this didn't seem to affect force). If you have extra tests not in sparse, that would be super.