From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gate.crashing.org (gate.crashing.org [63.228.1.57]) by sourceware.org (Postfix) with ESMTP id D5F81383F40B for ; Fri, 18 Jun 2021 14:54:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D5F81383F40B Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=kernel.crashing.org Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=kernel.crashing.org Received: from gate.crashing.org (localhost.localdomain [127.0.0.1]) by gate.crashing.org (8.14.1/8.14.1) with ESMTP id 15IErlCA013763; Fri, 18 Jun 2021 09:53:47 -0500 Received: (from segher@localhost) by gate.crashing.org (8.14.1/8.14.1/Submit) id 15IErkIv013762; Fri, 18 Jun 2021 09:53:46 -0500 X-Authentication-Warning: gate.crashing.org: segher set sender to segher@kernel.crashing.org using -f Date: Fri, 18 Jun 2021 09:53:45 -0500 From: Segher Boessenkool To: Jonny Grant Cc: Xi Ruoyao , gcc-help Subject: Re: gcc warn when pointers not checked non-null before de-referencing. Message-ID: <20210618145345.GT5077@gate.crashing.org> References: <0a9ccbb7-135a-b342-e5cb-35b7c6a44a00@jguk.org> <97eb7315fd136ff8a818925b1704760a856ffe64.camel@mengyan1223.wang> <0770e060-6388-fc27-1178-205b867bfae2@jguk.org> <20210616175941.GJ5077@gate.crashing.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Spam-Status: No, score=-6.1 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, TXREP, T_SPF_HELO_PERMERROR, T_SPF_PERMERROR autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gcc-help@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-help mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2021 14:54:49 -0000 On Thu, Jun 17, 2021 at 09:44:27PM +0100, Jonny Grant wrote: > On 16/06/2021 18:59, Segher Boessenkool wrote: > > On Wed, Jun 16, 2021 at 02:01:05PM +0100, Jonny Grant wrote: > >> I guess a separate static analyser would do it, GCC is more focused on compilation so I shouldn't ask for it to have so many features it can't support. > > > > -fsanitize=undefined already catches null pointer dereferences, is that > > enough for your case? > > Hello > Thank you for the suggestion, yes, I had used that before. I did just check, it's runtime checks. I had hoped for something at compile time. warning for every function that didn't check pointer for NULL before de-referencing. That doesn't make too much sense really. Check pointer and then do what? Your code can check for null pointers itself, of course. Anyway, without any sanitize options, from the following code: int f(int *p) { return *p; } int g(void) { return f(0); } you get on powerpc64le: f: lwa 3,0(3) blr g: li 9,0 lfiwax 0,0,9 trap or on aarch64: f: ldr w0, [x0] ret g: mov x0, 0 ldr w0, [x0] brk #1000 or on x86_64: f: movl (%rdi), %eax ret g: movl 0, %eax ud2 GCC knows the code after the load is not reachable, that is why it generates a trap instruction there. I will still do the load though, so that you get good errors and a reasonable debug experience. Segher