From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=+krm=3W=chromium.org=keescook@sourceware.org>
Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635])
	by sourceware.org (Postfix) with ESMTPS id 49DCD3858C27
	for <gcc-patches@gcc.gnu.org>; Tue, 22 Nov 2022 17:17:05 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 49DCD3858C27
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=chromium.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=chromium.org
Received: by mail-pl1-x635.google.com with SMTP id y4so14307189plb.2
        for <gcc-patches@gcc.gnu.org>; Tue, 22 Nov 2022 09:17:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=mQSzqG06kBJciv/Mo3y/NnmKk4KskhhwzXUFTVtCEMU=;
        b=SZiUNuSTHTYwmjXlBMfafnIFyGdrj8ym9XS9Wp9c6AoNhjO0EG5ilVKOvBwa8POn0f
         s91aVrwQKf5rpKOYEhEOfiTCJrrdCgZ6atltbCbgF2PYGURvYeluWWkC2yDWTa3SWt1S
         2qdwyjUvbLj+9k/yGgyGbeNNbwKGFg0MqwoDI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=mQSzqG06kBJciv/Mo3y/NnmKk4KskhhwzXUFTVtCEMU=;
        b=oC7SrsvCGcKO17F1+XCOSiWnYX1CSSf4q7KYhQD5SIOrNNkEcwG5wAbm4eqiXwZa/O
         4eCoTSIYotE9rdyyk0CUu28zip/90wkzXkqZKRbSiQmrjP0m3bn7ok0SzKCI1ixMfLYP
         7GABXbmCTWQ9yS0FTv4yApWuK+OpRpAZAyP5/l+Dt4faEH6fDki8tWZdsGMU2fnljNFM
         CzjfkvlddCLV/oPxYSPuk4/aQUyhSK0GYo/sNT7ZuKBzTfC/wv7+F3kZDi0gh6EeAjgb
         NTc2bv1KyGDTnDvRfNYud6jypYiDq4+cPqjrHwbLA94LE9eSUrE5Bq91/73KQmZsz2mm
         aGIg==
X-Gm-Message-State: ANoB5pmLHYPhGv5RNo5l0l0U8VXIO7/LxbQ3LT6HY5ZVMlutY5UGn1zo
	2BZR6giYcYXe+DJKFVPKUHYW8Q==
X-Google-Smtp-Source: AA0mqf7bQEMNcFCJqYwFpUV3bku3171moq+t5tazQJ2dcYLCvj8LFpQERdBcjAMfopUQ9sUbXxfhgQ==
X-Received: by 2002:a17:90a:a595:b0:218:b050:d693 with SMTP id b21-20020a17090aa59500b00218b050d693mr11450956pjq.130.1669137424293;
        Tue, 22 Nov 2022 09:17:04 -0800 (PST)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id 85-20020a621858000000b00572c12a1e91sm10962952pfy.48.2022.11.22.09.17.03
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 22 Nov 2022 09:17:03 -0800 (PST)
Date: Tue, 22 Nov 2022 09:17:02 -0800
From: Kees Cook <keescook@chromium.org>
To: Qing Zhao <qing.zhao@oracle.com>
Cc: richard Biener <rguenther@suse.de>,
	"joseph@codesourcery.com" <joseph@codesourcery.com>,
	gcc Patches <gcc-patches@gcc.gnu.org>,
	"siddhesh@gcc.gnu.org" <siddhesh@gcc.gnu.org>
Subject: Re: [PATCH 2/2] Add a new warning option -Wstrict-flex-arrays.
Message-ID: <202211220916.DCA9DE509@keescook>
References: <20221108145113.955321-1-qing.zhao@oracle.com>
 <20221108145113.955321-3-qing.zhao@oracle.com>
 <nycvar.YFH.7.77.849.2211181304080.3995@jbgna.fhfr.qr>
 <BF68D373-136E-43FC-BF39-DAE66F51A4A7@oracle.com>
 <202211180829.4F995ED2@keescook>
 <2AA33592-14D4-4E89-91F1-221F635117F1@oracle.com>
 <nycvar.YFH.7.77.849.2211220812411.3995@jbgna.fhfr.qr>
 <C9A948BF-87E6-49D8-9E91-A788AF0A25CD@oracle.com>
 <9AD3179B-F877-437E-9052-CB01AD55E684@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9AD3179B-F877-437E-9052-CB01AD55E684@oracle.com>
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,JMQ_SPF_NEUTRAL,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc-patches.gcc.gnu.org>

On Tue, Nov 22, 2022 at 03:02:04PM +0000, Qing Zhao wrote:
> 
> 
> > On Nov 22, 2022, at 9:10 AM, Qing Zhao via Gcc-patches <gcc-patches@gcc.gnu.org> wrote:
> > 
> > 
> > 
> >> On Nov 22, 2022, at 3:16 AM, Richard Biener <rguenther@suse.de> wrote:
> >> 
> >> On Mon, 21 Nov 2022, Qing Zhao wrote:
> >> 
> >>> 
> >>> 
> >>>> On Nov 18, 2022, at 11:31 AM, Kees Cook <keescook@chromium.org> wrote:
> >>>> 
> >>>> On Fri, Nov 18, 2022 at 03:19:07PM +0000, Qing Zhao wrote:
> >>>>> Hi, Richard,
> >>>>> 
> >>>>> Honestly, it?s very hard for me to decide what?s the best way to handle the interaction 
> >>>>> between -fstrict-flex-array=M and -Warray-bounds=N. 
> >>>>> 
> >>>>> Ideally,  -fstrict-flex-array=M should completely control the behavior of -Warray-bounds.
> >>>>> If possible, I prefer this solution.
> >>>>> 
> >>>>> However, -Warray-bounds is included in -Wall, and has been used extensively for a long time.
> >>>>> It?s not safe to change its default behavior. 
> >>>> 
> >>>> I prefer that -fstrict-flex-arrays controls -Warray-bounds. That
> >>>> it is in -Wall is _good_ for this reason. :) No one is going to add
> >>>> -fstrict-flex-arrays (at any level) without understanding what it does
> >>>> and wanting those effects on -Warray-bounds.
> >>> 
> >>> 
> >>> The major difficulties to let -fstrict-flex-arrays controlling -Warray-bounds was discussed in the following threads:
> >>> 
> >>> https://gcc.gnu.org/pipermail/gcc-patches/2022-October/604133.html
> >>> 
> >>> Please take a look at the discussion and let me know your opinion.
> >> 
> >> My opinion is now, after re-considering and with seeing your new 
> >> patch, that -Warray-bounds=2 should be changed to only add
> >> "the intermediate results of pointer arithmetic that may yield out of 
> >> bounds values" and that what it considers a flex array should now
> >> be controlled by -fstrict-flex-arrays only.
> >> 
> >> That is, I think, the only thing that's not confusing to users even
> >> if that implies a change from previous behavior that we should
> >> document by clarifying the -Warray-bounds documentation as well as
> >> by adding an entry to the Caveats section of gcc-13/changes.html
> >> 
> >> That also means that =2 will get _less_ warnings with GCC 13 when
> >> the user doesn't use -fstrict-flex-arrays as well.
> > 
> > Okay.  So, this is for -Warray-bounds=2.
> > 
> > For -Warray-bounds=1 -fstrict-flex-array=N, if N > 1, should -fstrict-flex-array=N control -Warray-bounds=1?
> 
> More thinking on this. (I might misunderstand a little bit in the previous email)
> 
> If I understand correctly now, what you proposed was:
> 
> 1. The level of -Warray-bounds will NOT control how a trailing array is considered as a flex array member anymore. 
> 2. Only the level of -fstrict-flex-arrays will control this;
> 3. Keep the current default  behavior of -Warray-bounds on treating trailing arrays as flex array member (treating all [0],[1], and [] as flexible array members). 
> 4. Updating the documentation for -Warray-bounds by clarifying this change, and also as an entry to the Caveats section on such change on -Warray-bounds.
> 
> If the above is correct, Yes, I like this change. Both the user interface and the internal implementation will be simplified and cleaner. 
> 
> Let me know if you see any issue with my above understanding.
> 
> Thanks a lot.

FWIW, this matches what I think makes the most sense too.

-- 
Kees Cook