public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "torvalds@linux-foundation.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/94527] RFE: Add an __attribute__ that marks a function as freeing an object
Date: Wed, 08 Apr 2020 00:48:53 +0000 [thread overview]
Message-ID: <bug-94527-4-gMiqzyvi4g@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-94527-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94527
--- Comment #4 from Linus Torvalds <torvalds@linux-foundation.org> ---
(In reply to Jeffrey A. Law from comment #3)
> GCC already knows that free() "kills" the pointed-to memory and should be
> doing DSE with that in mind. It doesn't however know that other functions
> have free-like semantics, so it wouldn't do so in for kfree.
Oh, ok, so the logic already exists, just not the interface to tell anybody
else.
I suspect even non-kernel users might have wrappers around free that might be
able to use a "this acts like free()" marker.
> With regard to the warnings. When we were investigating use-after-free and
> double-free diagnostics it was our conclusion that do to any kind of
> reasonable job you really have to do a whole program analysis. Otherwise
> it's just a toy. As a result the focal point for those diagnostics is the
> static analyzer David Malcolm is working on.
Obviously a static analyzer is better.
That said, we've had some stupid bugs wrt kfree(). Things like releasing things
twice in error paths etc.
So yeah, doing it in the compiler isn't going to catch the subtle cases, but
catching the stupid cases early would still be a good thing.
But I also realize that it might not be worth it to you guys. Since you already
effectively have the DSE code, that looks like a much cheaper thing to do.
(And maybe one day somebody will go "I can trivially see use-after-free things
too, and warn about it", so just having the marker might result in the warnings
at some point too).
next prev parent reply other threads:[~2020-04-08 0:48 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-07 22:44 [Bug tree-optimization/94527] New: " dhowells at redhat dot com
2020-04-07 22:46 ` [Bug tree-optimization/94527] " dhowells at redhat dot com
2020-04-07 22:48 ` law at redhat dot com
2020-04-07 23:49 ` torvalds@linux-foundation.org
2020-04-08 0:18 ` law at redhat dot com
2020-04-08 0:48 ` torvalds@linux-foundation.org [this message]
2020-04-08 6:45 ` [Bug middle-end/94527] " rguenth at gcc dot gnu.org
2020-04-08 7:53 ` redi at gcc dot gnu.org
2020-04-08 16:28 ` msebor at gcc dot gnu.org
2020-04-08 16:44 ` torvalds@linux-foundation.org
2020-10-06 13:04 ` dmalcolm at gcc dot gnu.org
2020-10-27 1:28 ` msebor at gcc dot gnu.org
2020-11-13 21:47 ` msebor at gcc dot gnu.org
2020-11-13 21:57 ` msebor at gcc dot gnu.org
2020-12-03 22:43 ` cvs-commit at gcc dot gnu.org
2020-12-03 22:45 ` msebor at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-94527-4-gMiqzyvi4g@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).