From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 113448 invoked by alias); 8 Sep 2015 15:01:04 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 113414 invoked by uid 89); 8 Sep 2015 15:01:03 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_PASS,T_RP_MATCHES_RCVD autolearn=no version=3.3.2 X-Spam-User: qpsmtpd, 2 recipients X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Tue, 08 Sep 2015 15:01:02 +0000 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (Postfix) with ESMTPS id 4E9FC3FE73; Tue, 8 Sep 2015 15:00:59 +0000 (UTC) Received: from oldenburg.str.redhat.com (oldenburg.str.redhat.com [10.33.200.60]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t88F0uqD027865 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 8 Sep 2015 11:00:57 -0400 Subject: Re: [patch] Enable lightweight checks with _GLIBCXX_ASSERTIONS. To: Jonathan Wakely References: <20150907182755.GP2631@redhat.com> <87r3mauiud.fsf@mid.deneb.enyo.de> <20150907195939.GT2631@redhat.com> Cc: libstdc++@gcc.gnu.org, gcc-patches@gcc.gnu.org, =?UTF-8?Q?Fran=c3=a7ois_Dumont?= From: Florian Weimer X-Enigmail-Draft-Status: N1110 Message-ID: <55EEF828.4060707@redhat.com> Date: Tue, 08 Sep 2015 15:03:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <20150907195939.GT2631@redhat.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-IsSubscribed: yes X-SW-Source: 2015-09/txt/msg00523.txt.bz2 On 09/07/2015 09:59 PM, Jonathan Wakely wrote: > On 07/09/15 21:31 +0200, Florian Weimer wrote: >> * Jonathan Wakely: >> >>> This patch adds the "debug mode lite" we've been talking about, by >>> changing __glibcxx_assert to be activated by _GLIBCXX_ASSERTIONS >>> instead of _GLIBCXX_DEBUG (and making the latter imply the former). >> >> Interesting. Is this mode ABI-compatible with the default mode? > > Yes, that's the main reason I want to make this change. Good. Past discussions of similar proposals indicated that these #ifdefs are still ODR violations. >> Should _FORTIFY_SOURCE imply _GLIBCXX_ASSERTIONS? > > Yes, I think it should. > > You can read my notes on these "debug mode lite" checks at > https://gcc.gnu.org/wiki/LibstdcxxDebugMode (including "This should be > discussed with Glibc and security teams" and I specifically had you in > mind when I wrote that :-) I doubt we can achieve the complexity goals in all cases. I expect that for (int i = 0; i < 10000; ++i) { vector[i]; } is optimized away in default mode, but with _GLIBCXX_ASSERTIONS, it is not. The last time I looked at this, GCC was unable to move bounds checks out of loops. -- Florian Weimer / Red Hat Product Security