From: Martin Sebor <msebor@gmail.com>
To: gcc-patches <gcc-patches@gcc.gnu.org>, Jeff Law <law@redhat.com>
Subject: [PING 2] [WIP PATCH] add object access attributes (PR 83859)
Date: Thu, 24 Oct 2019 14:42:00 -0000 [thread overview]
Message-ID: <7bebdf7e-0115-cded-ea0b-9f470ca491ca@gmail.com> (raw)
In-Reply-To: <ddb0ff39-8a83-2e52-d1a6-a454a4f32967@gmail.com>
Ping: https://gcc.gnu.org/ml/gcc-patches/2019-09/msg01690.html
On 10/17/2019 10:28 AM, Martin Sebor wrote:
> Ping: https://gcc.gnu.org/ml/gcc-patches/2019-09/msg01690.html
>
> Other than the suggestions I got for optimization (for GCC 11)
> and additional buffer overflow detection for [static] arrays),
> is there any feedback on the patch itself? Jeff?
>
> Martin
>
> On 9/29/19 1:51 PM, Martin Sebor wrote:
>> -Wstringop-overflow detects a subset of past-the-end read and write
>> accesses by built-in functions such as memcpy and strcpy. It relies
>> on the functions' effects the knowledge of which is hardwired into
>> GCC. Although it's possible for users to create wrappers for their
>> own functions to detect similar problems, it's quite cumbersome and
>> so only lightly used outside system libraries like Glibc. Even Glibc
>> only checks for buffer overflow and not for reading past the end.
>>
>> PR 83859 asks to expose the same checking that GCC does natively for
>> built-in calls via a function attribute that associates a pointer
>> argument with the size argument, such as:
>>
>> Â Â __attribute__((buffer_size (1, 2))) void
>> Â Â f (char* dst, size_t dstsize);
>>
>> The attached patch is my initial stab at providing this feature by
>> introducing three new attributes:
>>
>> Â Â * read_only (ptr-argno, size-argno)
>> Â Â * read_only (ptr-argno, size-argno)
>> Â Â * read_write (ptr-argno, size-argno)
>>
>> As requested, the attributes associate a pointer parameter to
>> a function with a size parameter. In addition, they also specify
>> how the function accesses the object the pointer points to: either
>> it only reads from it, or it only writes to it, or it does both.
>>
>> Besides enabling the same buffer overflow detection as for built-in
>> string functions they also let GCC issue -Wuninitialized warnings
>> for uninitialized objects passed to read-only functions by reference,
>> and -Wunused-but-set warnings for objects passed to write-only
>> functions that are otherwise unused (PR 80806). The -Wununitialized
>> part is done. The -Wunused-but-set detection is implemented only in
>> the C FE and not yet in C++.
>>
>> Besides the diagnostic improvements above the attributes also open
>> up optimization opportunities such as DCE. I'm still working on this
>> and so it's not yet part of the initial patch.
>>
>> I plan to finish the patch for GCC 10 but I don't expect to have
>> the time to start taking advantage of the attributes for optimization
>> until GCC 11.
>>
>> Besides regression testing on x86_64-linux, I also tested the patch
>> by compiling Binutils/GDB, Glibc, and the Linux kernel with it. It
>> found no new problems but caused a handful of
>> -Wunused-but-set-variable false positives due to an outstanding bug in
>> the C front-end introduced
>> by the patch that I still need to fix.
>>
>> Martin
>
next prev parent reply other threads:[~2019-10-24 14:39 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-29 19:52 Martin Sebor
2019-09-30 7:37 ` Richard Biener
2019-09-30 15:41 ` Martin Sebor
2019-09-30 21:34 ` Joseph Myers
2019-10-01 2:36 ` Martin Sebor
2019-10-17 16:44 ` [PING] " Martin Sebor
2019-10-24 14:42 ` Martin Sebor [this message]
2019-10-27 17:37 ` Jeff Law
2019-10-28 10:18 ` Richard Biener
2019-11-15 21:41 ` Martin Sebor
2019-11-18 9:00 ` Richard Biener
2019-11-18 16:46 ` Martin Sebor
2019-11-19 8:57 ` Richard Biener
2019-11-21 17:12 ` [PATCH v3] " Martin Sebor
2019-11-21 22:40 ` Jeff Law
2019-11-22 1:12 ` Martin Sebor
2019-11-23 1:10 ` [PATCH] Fix attribute access issues Jakub Jelinek
2019-11-23 10:04 ` Richard Biener
2019-11-25 2:24 ` Martin Sebor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7bebdf7e-0115-cded-ea0b-9f470ca491ca@gmail.com \
--to=msebor@gmail.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=law@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).