From: Kees Cook <keescook@chromium.org>
To: Qing Zhao <qing.zhao@oracle.com>
Cc: richard Biener <rguenther@suse.de>,
"joseph@codesourcery.com" <joseph@codesourcery.com>,
gcc Patches <gcc-patches@gcc.gnu.org>,
"siddhesh@gcc.gnu.org" <siddhesh@gcc.gnu.org>
Subject: Re: [PATCH 2/2] Add a new warning option -Wstrict-flex-arrays.
Date: Tue, 22 Nov 2022 09:17:02 -0800 [thread overview]
Message-ID: <202211220916.DCA9DE509@keescook> (raw)
In-Reply-To: <9AD3179B-F877-437E-9052-CB01AD55E684@oracle.com>
On Tue, Nov 22, 2022 at 03:02:04PM +0000, Qing Zhao wrote:
>
>
> > On Nov 22, 2022, at 9:10 AM, Qing Zhao via Gcc-patches <gcc-patches@gcc.gnu.org> wrote:
> >
> >
> >
> >> On Nov 22, 2022, at 3:16 AM, Richard Biener <rguenther@suse.de> wrote:
> >>
> >> On Mon, 21 Nov 2022, Qing Zhao wrote:
> >>
> >>>
> >>>
> >>>> On Nov 18, 2022, at 11:31 AM, Kees Cook <keescook@chromium.org> wrote:
> >>>>
> >>>> On Fri, Nov 18, 2022 at 03:19:07PM +0000, Qing Zhao wrote:
> >>>>> Hi, Richard,
> >>>>>
> >>>>> Honestly, it?s very hard for me to decide what?s the best way to handle the interaction
> >>>>> between -fstrict-flex-array=M and -Warray-bounds=N.
> >>>>>
> >>>>> Ideally, -fstrict-flex-array=M should completely control the behavior of -Warray-bounds.
> >>>>> If possible, I prefer this solution.
> >>>>>
> >>>>> However, -Warray-bounds is included in -Wall, and has been used extensively for a long time.
> >>>>> It?s not safe to change its default behavior.
> >>>>
> >>>> I prefer that -fstrict-flex-arrays controls -Warray-bounds. That
> >>>> it is in -Wall is _good_ for this reason. :) No one is going to add
> >>>> -fstrict-flex-arrays (at any level) without understanding what it does
> >>>> and wanting those effects on -Warray-bounds.
> >>>
> >>>
> >>> The major difficulties to let -fstrict-flex-arrays controlling -Warray-bounds was discussed in the following threads:
> >>>
> >>> https://gcc.gnu.org/pipermail/gcc-patches/2022-October/604133.html
> >>>
> >>> Please take a look at the discussion and let me know your opinion.
> >>
> >> My opinion is now, after re-considering and with seeing your new
> >> patch, that -Warray-bounds=2 should be changed to only add
> >> "the intermediate results of pointer arithmetic that may yield out of
> >> bounds values" and that what it considers a flex array should now
> >> be controlled by -fstrict-flex-arrays only.
> >>
> >> That is, I think, the only thing that's not confusing to users even
> >> if that implies a change from previous behavior that we should
> >> document by clarifying the -Warray-bounds documentation as well as
> >> by adding an entry to the Caveats section of gcc-13/changes.html
> >>
> >> That also means that =2 will get _less_ warnings with GCC 13 when
> >> the user doesn't use -fstrict-flex-arrays as well.
> >
> > Okay. So, this is for -Warray-bounds=2.
> >
> > For -Warray-bounds=1 -fstrict-flex-array=N, if N > 1, should -fstrict-flex-array=N control -Warray-bounds=1?
>
> More thinking on this. (I might misunderstand a little bit in the previous email)
>
> If I understand correctly now, what you proposed was:
>
> 1. The level of -Warray-bounds will NOT control how a trailing array is considered as a flex array member anymore.
> 2. Only the level of -fstrict-flex-arrays will control this;
> 3. Keep the current default behavior of -Warray-bounds on treating trailing arrays as flex array member (treating all [0],[1], and [] as flexible array members).
> 4. Updating the documentation for -Warray-bounds by clarifying this change, and also as an entry to the Caveats section on such change on -Warray-bounds.
>
> If the above is correct, Yes, I like this change. Both the user interface and the internal implementation will be simplified and cleaner.
>
> Let me know if you see any issue with my above understanding.
>
> Thanks a lot.
FWIW, this matches what I think makes the most sense too.
--
Kees Cook
next prev parent reply other threads:[~2022-11-22 17:17 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-08 14:51 [PATCH 0/2] Add a new warning option -Wstrict-flex-array Qing Zhao
2022-11-08 14:51 ` [PATCH 1/2] Change the name of array_at_struct_end_p to array_ref_flexible_size_p Qing Zhao
2022-11-09 7:57 ` Richard Biener
2022-11-09 15:50 ` Qing Zhao
2022-11-08 14:51 ` [PATCH 2/2] Add a new warning option -Wstrict-flex-arrays Qing Zhao
2022-11-15 15:41 ` Qing Zhao
2022-11-18 13:14 ` Richard Biener
2022-11-18 15:19 ` Qing Zhao
2022-11-18 16:31 ` Kees Cook
2022-11-21 15:02 ` Qing Zhao
2022-11-22 8:16 ` Richard Biener
2022-11-22 14:10 ` Qing Zhao
2022-11-22 15:02 ` Qing Zhao
2022-11-22 17:17 ` Kees Cook [this message]
2022-11-24 6:45 ` Richard Biener
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202211220916.DCA9DE509@keescook \
--to=keescook@chromium.org \
--cc=gcc-patches@gcc.gnu.org \
--cc=joseph@codesourcery.com \
--cc=qing.zhao@oracle.com \
--cc=rguenther@suse.de \
--cc=siddhesh@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).