From: Jeff Law <law@redhat.com>
To: Martin Sebor <msebor@gmail.com>, Szabolcs Nagy <szabolcs.nagy@arm.com>
Cc: gcc-patches <gcc-patches@gcc.gnu.org>,
Vaseeharan Vinayagamoorthy <Vaseeharan.Vinayagamoorthy@arm.com>,
Joseph Myers <joseph@codesourcery.com>
Subject: Re: [PING 2][PATCH 2/5] C front end support to detect out-of-bounds accesses to array parameters
Date: Wed, 23 Sep 2020 21:45:51 -0600 [thread overview]
Message-ID: <29bdd82a-9c34-9b12-7f1f-47bc78c0cd13@redhat.com> (raw)
In-Reply-To: <132aa83d-c9ba-ee8d-43d4-f63db4ca7987@gmail.com>
On 9/23/20 11:45 AM, Martin Sebor via Gcc-patches wrote:
> On 9/23/20 9:44 AM, Szabolcs Nagy wrote:
>> The 09/23/2020 09:22, Szabolcs Nagy wrote:
>>> The 09/21/2020 12:45, Martin Sebor via Gcc-patches wrote:
>>>> On 9/21/20 12:20 PM, Vaseeharan Vinayagamoorthy wrote:
>>>>> After this patch, I am seeing this -Warray-parameter error:
>>>>>
>>>>> In file included from ../include/pthread.h:1,
>>>>> from ../sysdeps/nptl/thread_db.h:25,
>>>>> from ../nptl/descr.h:32,
>>>>> from ../sysdeps/aarch64/nptl/tls.h:44,
>>>>> from ../include/errno.h:25,
>>>>> from ../sysdeps/unix/sysv/linux/sysdep.h:23,
>>>>> from
>>>>> ../sysdeps/unix/sysv/linux/generic/sysdep.h:22,
>>>>> from
>>>>> ../sysdeps/unix/sysv/linux/aarch64/sysdep.h:24,
>>>>> from <stdin>:1:
>>>>> ../sysdeps/nptl/pthread.h:734:47: error: argument 1 of type
>>>>> ‘struct __jmp_buf_tag *’ declared as a pointer
>>>>> [-Werror=array-parameter=]
>>>>> 734 | extern int __sigsetjmp (struct __jmp_buf_tag *__env, int
>>>>> __savemask) __THROWNL;
>>>>> | ~~~~~~~~~~~~~~~~~~~~~~^~~~~
>>>>> In file included from ../include/setjmp.h:2,
>>>>> from ../nptl/descr.h:24,
>>>>> from ../sysdeps/aarch64/nptl/tls.h:44,
>>>>> from ../include/errno.h:25,
>>>>> from ../sysdeps/unix/sysv/linux/sysdep.h:23,
>>>>> from
>>>>> ../sysdeps/unix/sysv/linux/generic/sysdep.h:22,
>>>>> from
>>>>> ../sysdeps/unix/sysv/linux/aarch64/sysdep.h:24,
>>>>> from <stdin>:1:
>>>>> ../setjmp/setjmp.h:54:46: note: previously declared as an array
>>>>> ‘struct __jmp_buf_tag[1]’
>>>>> 54 | extern int __sigsetjmp (struct __jmp_buf_tag __env[1],
>>>>> int __savemask) __THROWNL;
>>>>> | ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~
>>>>> cc1: all warnings being treated as errors
>>>>
>>>> The warning flags differences between the forms of array parameters
>>>> in redeclarations of the same function, including pointers vs arrays
>>>> as in this instance. It needs to be suppressed in glibc, either by
>>>> making the function declarations consistent, or by #pragma diagnostic.
>>>> (IIRC, the pointer declaration comes before struct __jmp_buf_tag has
>>>> been defined so simply using the array form there doesn't work without
>>>> defining the type first.)
>>>>
>>>> I would expect the warning to be suppressed when using the installed
>>>> library thanks to -Wno-system-headers.
>>>
>>> why is this a warning? i'm not convinced it
>>> should be in -Wall.
>
> The main motivation for the warning is to detect unintentional
> inconsistencies between function redeclarations that make deriving
> true true intent difficult or impossible (e.g, T[3] vs T[1], or
> T[] vs T[1], or equivalently T* vs T[1]).
>
> One goal is to support the convention where a constant array bound
> in a function array parameter is used in lieu of the [static N]
> notation (i.e., the minimum number of elements the caller is
> expected to make available). The [static N] notation is little
> known, used only exceedingly rarely, and isn't available in C++.
> The array notation is used more often, although by no means common.
>
> The ultimate goal is to motivate users to take advantage of GCC's
> ability to check ordinary functions for out-of-bounds accesses to
> array arguments. The checking is only feasible if all declarations
> of the same function, including its definition, use a consistent
> notation to specify the same bound. Including the strict
> -Warray-parameter=2 setting in -Wall helps support this goal
> (-Warray-parameter=1 doesn't warn for mismatches in the forms
> of ordinary array bounds without [static].)
>
> I mentioned the results of testing the patch with a number of
> packages, including Glibc, Binutils/GDB, Glibc, and the kernel,
> in the overview of the patch series:
> https://gcc.gnu.org/pipermail/gcc-patches/2020-July/550920.html
> It explains why I chose not to relax the warning to accommodate
> the Glibc use case.
>
> Based on my admittedly limited testing I'm not concerned about
> the warning having adverse effects. But if broader excposure
> shows that it is prone to some it can certainly be adjusted.
> Jeff does periodic mass rebuilds of all of Fedora with the top
> of GCC trunk so we should know soon.
Yea. If the patch was in last week's snapshot, then it should start
spinning the 9000 Fedora packages later tonight alongside some Ranger
bits we're testing. I'm on PTO till Monday though, so I won't be
looking at the results until Tuesday probably...
jeff
next prev parent reply other threads:[~2020-09-24 3:45 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-29 1:13 [PATCH 0/5] add checking of function array parameters (PR 50584) Martin Sebor
2020-07-29 1:16 ` [PATCH 1/5] infrastructure to detect out-of-bounds accesses to array parameters Martin Sebor
2020-08-07 17:08 ` Martin Sebor
2020-08-13 19:09 ` Jeff Law
2020-07-29 1:19 ` [PATCH 2/5] C front end support " Martin Sebor
2020-07-29 18:12 ` Joseph Myers
2020-08-07 17:01 ` Martin Sebor
2020-08-12 23:19 ` Joseph Myers
2020-08-13 23:04 ` Martin Sebor
2020-08-17 22:09 ` Joseph Myers
2020-08-19 22:56 ` Martin Sebor
2020-08-20 0:09 ` Joseph Myers
2020-08-21 19:17 ` Martin Sebor
2020-08-25 18:44 ` Martin Sebor
2020-09-03 0:03 ` [PING][PATCH " Martin Sebor
2020-09-09 21:39 ` [PING 2][PATCH " Martin Sebor
2020-09-15 23:02 ` Joseph Myers
2020-09-16 19:14 ` Martin Sebor
2020-09-17 22:38 ` Joseph Myers
2020-09-20 0:01 ` Martin Sebor
2020-09-21 18:20 ` Vaseeharan Vinayagamoorthy
2020-09-21 18:45 ` Martin Sebor
2020-09-23 8:22 ` Szabolcs Nagy
2020-09-23 15:44 ` Szabolcs Nagy
2020-09-23 17:45 ` Martin Sebor
2020-09-24 3:45 ` Jeff Law [this message]
2020-10-05 8:45 ` Szabolcs Nagy
2020-07-29 1:20 ` [PATCH 0/5] add checking of function array parameters (PR 50584) Martin Sebor
2020-08-13 16:26 ` Jeff Law
2020-07-29 1:22 ` [PATCH 4/5] - extend -Wstringop-overflow to detect out-of-bounds accesses to array parameters Martin Sebor
2020-08-13 16:31 ` Jeff Law
2020-07-29 1:24 ` [PATCH 5/5] extend -Warray-bounds " Martin Sebor
2020-08-13 16:49 ` Jeff Law
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=29bdd82a-9c34-9b12-7f1f-47bc78c0cd13@redhat.com \
--to=law@redhat.com \
--cc=Vaseeharan.Vinayagamoorthy@arm.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=joseph@codesourcery.com \
--cc=msebor@gmail.com \
--cc=szabolcs.nagy@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).