From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 127974 invoked by alias); 24 Oct 2019 14:39:49 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 127966 invoked by uid 89); 24 Oct 2019 14:39:49 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=dce, sk:wstring, asks X-HELO: mail-qt1-f193.google.com Received: from mail-qt1-f193.google.com (HELO mail-qt1-f193.google.com) (209.85.160.193) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 24 Oct 2019 14:39:47 +0000 Received: by mail-qt1-f193.google.com with SMTP id c21so38147799qtj.12 for ; Thu, 24 Oct 2019 07:39:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=spLcNE6gime3vZSeiIcWQ6H2us4aZraExNLyq3kCprc=; b=jykdhO47RWvwdE5V+sp89N4qqNVMQ9ynRSAWnWEcraRsFqtTxQ32kWxIRPHUoed5bo fO4aGvtLglBPLo+mcGhGq4ZiXEdjnnEx3erh9X3OKodqF7Y04KSG88TSHaXQfg1sW/BL Yx15AqOllLfYCo+148hdipCsVE4+7BHWVrcG3IFBr5G/9QIeBDLfFKakCOoqpw7pMpw1 Mm89FClViBLl1dXFDNbtu24EA1324StCPWRwZk+UDG9Zz5V7IGSfQrUO5f/R7Tk+5DcQ UA1EXTXJgTXlTHIOfTp0rw+Mh3Kv0lX1VI64MhCf5w3/pzfPrZHEqV3KTK/gbl9ESUgz LNBA== Return-Path: Received: from [172.21.143.231] (rrcs-50-75-166-42.nys.biz.rr.com. [50.75.166.42]) by smtp.gmail.com with ESMTPSA id x7sm1154368qkj.74.2019.10.24.07.39.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 24 Oct 2019 07:39:44 -0700 (PDT) Subject: [PING 2] [WIP PATCH] add object access attributes (PR 83859) From: Martin Sebor To: gcc-patches , Jeff Law References: <056e2b5b-696c-ca69-9027-7d2369354b07@gmail.com> Message-ID: <7bebdf7e-0115-cded-ea0b-9f470ca491ca@gmail.com> Date: Thu, 24 Oct 2019 14:42:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-IsSubscribed: yes X-SW-Source: 2019-10/txt/msg01747.txt.bz2 Ping: https://gcc.gnu.org/ml/gcc-patches/2019-09/msg01690.html On 10/17/2019 10:28 AM, Martin Sebor wrote: > Ping: https://gcc.gnu.org/ml/gcc-patches/2019-09/msg01690.html > > Other than the suggestions I got for optimization (for GCC 11) > and additional buffer overflow detection for [static] arrays), > is there any feedback on the patch itself?  Jeff? > > Martin > > On 9/29/19 1:51 PM, Martin Sebor wrote: >> -Wstringop-overflow detects a subset of past-the-end read and write >> accesses by built-in functions such as memcpy and strcpy.  It relies >> on the functions' effects the knowledge of which is hardwired into >> GCC.  Although it's possible for users to create wrappers for their >> own functions to detect similar problems, it's quite cumbersome and >> so only lightly used outside system libraries like Glibc.  Even Glibc >> only checks for buffer overflow and not for reading past the end. >> >> PR 83859 asks to expose the same checking that GCC does natively for >> built-in calls via a function attribute that associates a pointer >> argument with the size argument, such as: >> >>    __attribute__((buffer_size (1, 2))) void >>    f (char* dst, size_t dstsize); >> >> The attached patch is my initial stab at providing this feature by >> introducing three new attributes: >> >>    * read_only (ptr-argno, size-argno) >>    * read_only (ptr-argno, size-argno) >>    * read_write (ptr-argno, size-argno) >> >> As requested, the attributes associate a pointer parameter to >> a function with a size parameter.  In addition, they also specify >> how the function accesses the object the pointer points to: either >> it only reads from it, or it only writes to it, or it does both. >> >> Besides enabling the same buffer overflow detection as for built-in >> string functions they also let GCC issue -Wuninitialized warnings >> for uninitialized objects passed to read-only functions by reference, >> and -Wunused-but-set warnings for objects passed to write-only >> functions that are otherwise unused (PR 80806).  The -Wununitialized >> part is done. The -Wunused-but-set detection is implemented only in >> the C FE and not yet in C++. >> >> Besides the diagnostic improvements above the attributes also open >> up optimization opportunities such as DCE.  I'm still working on this >> and so it's not yet part of the initial patch. >> >> I plan to finish the patch for GCC 10 but I don't expect to have >> the time to start taking advantage of the attributes for optimization >> until GCC 11. >> >> Besides regression testing on x86_64-linux, I also tested the patch >> by compiling Binutils/GDB, Glibc, and the Linux kernel with it.  It >> found no new problems but caused a handful of >> -Wunused-but-set-variable false positives due to an outstanding bug in >> the C front-end introduced >> by the patch that I still need to fix. >> >> Martin >