Re: Invalid -Wstringop-overread warning for valid POSIX constructs

[Martin Sebor <msebor@gmail.com>]

On 11/4/21 1:03 AM, Florian Weimer via Libc-alpha wrote:
> This code:
> 
> #include <pthread.h>
> #include <sys/mman.h>
> 
> void
> f (pthread_key_t key)
> {
>    pthread_setspecific (key, MAP_FAILED);
> }
> 
> Results in a warning:
> 
> t.c: In function ‘f’:
> t.c:7:3: warning: ‘pthread_setspecific’ expecting 1 byte in a region of size 0 [-Wstringop-overread]
>      7 |   pthread_setspecific (key, MAP_FAILED);
>        |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In file included from t.c:1:
> /usr/include/pthread.h:1308:12: note: in a call to function ‘pthread_setspecific’ declared with attribute ‘access (none, 2)’
>   1308 | extern int pthread_setspecific (pthread_key_t __key,
>        |            ^~~~~~~~~~~~~~~~~~~
> 
> 
> This also results in the same warning, for different reasons:
> 
> #include <pthread.h>
> 
> extern int x[1];
> 
> void
> f (pthread_key_t key)
> {
>    pthread_setspecific (key, &x[1]);
> }
> 
> t.c: In function ‘f’:
> t.c:8:3: warning: ‘pthread_setspecific’ expecting 1 byte in a region of size 0 [-Wstringop-overread]
>      8 |   pthread_setspecific (key, &x[1]);
>        |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> t.c:3:12: note: at offset 4 into source object ‘x’ of size 4
>      3 | extern int x[1];
>        |            ^
> In file included from t.c:1:
> /usr/include/pthread.h:1308:12: note: in a call to function ‘pthread_setspecific’ declared with attribute ‘access (none, 2)’
>   1308 | extern int pthread_setspecific (pthread_key_t __key,
>        |            ^~~~~~~~~~~~~~~~~~~
> 
> The original argument justifying this warning was that passing
> non-pointer constants is invalid.  But MAP_FAILED is a valid POSIX
> pointer constant, so it is allowed here as well.  And the second example
> shows that the warning also fires for completely valid pointers.  So the
> none access attribute is clearly not correct here.  (“none” requires
> that the pointer is valid, there just aren't any accesses to the object
> it points to, but the object must exist.  Apparently, this is what the
> kernel expects for its use of the annotation.)
> 
> The root of the problem is the const void * pointer argument.  Without
> the access attribute, we warn for other examples:
> 
> typedef unsigned int pthread_key_t;
> int pthread_setspecific (pthread_key_t __key, const void *);
> 
> void
> f (pthread_key_t key)
> {
>    int x;
>    pthread_setspecific (key, &x);
> }
> 
> t.c: In function ‘f’:
> t.c:10:3: warning: ‘x’ may be used uninitialized [-Wmaybe-uninitialized]
>     10 |   pthread_setspecific (key, &x);
>        |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> t.c:4:5: note: by argument 2 of type ‘const void *’ to ‘pthread_setspecific’ declared here
>      4 | int pthread_setspecific (pthread_key_t __key, const void *);
>        |     ^~~~~~~~~~~~~~~~~~~
> t.c:9:7: note: ‘x’ declared here
>      9 |   int x;
>        |       ^
> 
> This is why we added the none access attribute, but this leads to the
> other problem.
> 
> We could change glibc to use a different attribute (preferable one that
> we can probe using __has_attribute) if one were to become available, and
> backport that.  But so far, I see nothing on the GCC side, and
> GCC PR 102329 seems to have stalled.

Thanks for the reminder.  I have not forgotten about this.
I agreed in our discussion and in the GCC bug report where this
came up (PR 101751) that the GCC logic here is wrong and should
be relaxed.  I consider it a GCC bug so I plan to make the change
in the bug fixing stage 3.  GCC is in the development stage until
the 15th and I've been busy trying to wrap up what I'm working on.
Once it's changed in GCC 12 I'll backport it to GCC 11.3.  Does
this timeframe work for you?

Martin