[PING 2] [WIP PATCH] add object access attributes (PR 83859)

[Martin Sebor <msebor@gmail.com>]

Ping: https://gcc.gnu.org/ml/gcc-patches/2019-09/msg01690.html

On 10/17/2019 10:28 AM, Martin Sebor wrote:
> Ping: https://gcc.gnu.org/ml/gcc-patches/2019-09/msg01690.html
> 
> Other than the suggestions I got for optimization (for GCC 11)
> and additional buffer overflow detection for [static] arrays),
> is there any feedback on the patch itself?  Jeff?
> 
> Martin
> 
> On 9/29/19 1:51 PM, Martin Sebor wrote:
>> -Wstringop-overflow detects a subset of past-the-end read and write
>> accesses by built-in functions such as memcpy and strcpy.  It relies
>> on the functions' effects the knowledge of which is hardwired into
>> GCC.  Although it's possible for users to create wrappers for their
>> own functions to detect similar problems, it's quite cumbersome and
>> so only lightly used outside system libraries like Glibc.  Even Glibc
>> only checks for buffer overflow and not for reading past the end.
>>
>> PR 83859 asks to expose the same checking that GCC does natively for
>> built-in calls via a function attribute that associates a pointer
>> argument with the size argument, such as:
>>
>>    __attribute__((buffer_size (1, 2))) void
>>    f (char* dst, size_t dstsize);
>>
>> The attached patch is my initial stab at providing this feature by
>> introducing three new attributes:
>>
>>    * read_only (ptr-argno, size-argno)
>>    * read_only (ptr-argno, size-argno)
>>    * read_write (ptr-argno, size-argno)
>>
>> As requested, the attributes associate a pointer parameter to
>> a function with a size parameter.  In addition, they also specify
>> how the function accesses the object the pointer points to: either
>> it only reads from it, or it only writes to it, or it does both.
>>
>> Besides enabling the same buffer overflow detection as for built-in
>> string functions they also let GCC issue -Wuninitialized warnings
>> for uninitialized objects passed to read-only functions by reference,
>> and -Wunused-but-set warnings for objects passed to write-only
>> functions that are otherwise unused (PR 80806).  The -Wununitialized
>> part is done. The -Wunused-but-set detection is implemented only in
>> the C FE and not yet in C++.
>>
>> Besides the diagnostic improvements above the attributes also open
>> up optimization opportunities such as DCE.  I'm still working on this
>> and so it's not yet part of the initial patch.
>>
>> I plan to finish the patch for GCC 10 but I don't expect to have
>> the time to start taking advantage of the attributes for optimization
>> until GCC 11.
>>
>> Besides regression testing on x86_64-linux, I also tested the patch
>> by compiling Binutils/GDB, Glibc, and the Linux kernel with it.  It
>> found no new problems but caused a handful of 
>> -Wunused-but-set-variable false positives due to an outstanding bug in 
>> the C front-end introduced
>> by the patch that I still need to fix.
>>
>> Martin
>