Attached is an updated patch for both GCC and the manual. The patch implements the suggested warning, -Wbuiltin-address, that issues diagnostics for unsafe calls of the builtin address functions. Safe calls are those with arguments 0 or 1 anywhere in a program and argument 2 outside of the main function (since every function has main as its direct or indirect caller). Tested on powerpc64le and x86_64 Linux. Martin The ChangeLog entries for gcc and testsuite: 2015-06-11 Martin Sebor * c-family/c.opt (-Wbuiltin-address): New warning option. * doc/invoke.texi (Wbuiltin-address): Document it. * doc/extend.texi (__builtin_frame_addrress, __builtin_return_addrress): Clarify possible effects of calling the functions with non-zero arguments and mention -Wbuiltin-address. * builtins.c (expand_builtin_frame_address): Handle -Wbuiltin-address. 2015-06-11 Martin Sebor * g++.dg/Wbuiltin-address-in-Wall.C: New test. * g++.dg/Wbuiltin-address.C: New test. * g++.dg/Wno-builtin-address.C: New test. * gcc.dg/Wbuiltin-address-in-Wall.c: New test. * gcc.dg/Wbuiltin-address.c: New test. * gcc.dg/Wno-builtin-address.c: New test. PS A few notes about the changes. There's the following comment in expand_builtin_frame_address: /* Some ports cannot access arbitrary stack frames. */ just before a block of code where the function can lead to an "invalid argument" warning which would cause the newly added tests to fail (since the newly added warning wouldn't be issued). I tried to determine what ports these might be so I could add conditionals to the tests to prevent false positives there but couldn't find any. I wanted to also issue a warning for calls at file scope with arguments greater than 1 (just like in main) but couldn't find a way to determine that. I also wanted to make the special treatment of main conditional on whether or not -ffreestanding is in effect but flag_hosted is not declared in builtins.c and bringing it into scope seemed like too much of a change. I'd be happy to modify the patch and add any of the above if someone can suggest a way to do it without disrupting too much code. On 05/21/2015 03:39 PM, Pedro Alves wrote: > On 05/21/2015 08:19 PM, Martin Sebor wrote: >> A program I instrumented to help me debug an otherwise unrelated >> problem in 5.1.0 has been crashing in calls to >> __builtin_return_address. After checking the manual, I didn't >> think I was doing anything wrong. I then did some debugging and >> found that the function simply isn't safe to call with non-zero >> arguments near the top of the stack. That seemed like a bug to >> me so I created a small test case and ran it on a few targets >> to see if the problem was isolated to just powerpc (where I'm >> working at the moment) or more general. It turned out not to >> be target-specific. Before opening a bug, I checked Bugzilla >> to see if it's already been reported but couldn't find any open >> reports. To be sure I wasn't missing something, I expanded my >> search to already resolved bugs. That's when I finally found >> pr8743 which had been closed years ago as a documentation issue, >> after adding the following to the manual: >> >> This function should only be used with a nonzero argument >> for debugging purposes. >> >> Since I was using the function exactly for this purpose, I'd >> like to propose the patch below to clarify the effects of the >> function to set the right expectations and help others avoid >> the effort it took me to figure out this is by design. >> >> Does anyone have any concerns with this update or is it okay >> to check in? > > Sounds like a good candidate for a warning. > > Thanks, > Pedro Alves >