From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jwakely@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by sourceware.org (Postfix) with ESMTP id DB5A8385840F
 for <gcc-patches@gcc.gnu.org>; Thu, 14 Oct 2021 17:43:38 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org DB5A8385840F
Received: from mail-ua1-f69.google.com (mail-ua1-f69.google.com
 [209.85.222.69]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-458-B88Kigw-PQ-w_lsHc7-19Q-1; Thu, 14 Oct 2021 13:43:35 -0400
X-MC-Unique: B88Kigw-PQ-w_lsHc7-19Q-1
Received: by mail-ua1-f69.google.com with SMTP id
 u10-20020ab0458a000000b002ca11508e10so3255582uau.8
 for <gcc-patches@gcc.gnu.org>; Thu, 14 Oct 2021 10:43:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc:content-transfer-encoding;
 bh=rEtDxZsMe27OTglrH6niFmhbmqeNLC1jrX1bgFdpryw=;
 b=wzg2Dcug/+LIkBRXV0CRajFDaVCnAtMh0O9mdSBCfzuG0PbVZvk8hpRQrdUNJ2gCgm
 BjOyf2YxmWyq3yUntYYZbSL3gG83iKub1wtd3hH2xuKL0S5Fhm4tPtEEL5YG3c6MelB7
 d7T+I2JxTUGdiYIWx+GaGNABBkLQRKu+p9XJTPukcnAjmqnFCGxpDnWj1iH40sIbKp3z
 ggFVQnqPsvqdBDkAvgMe/ejGEuj3VxuLM+ScpQD/h4/kyhHqNfCK7CGw74a6UYFhXyk1
 6pgeZe1qJoMsp8J+gpNQGoIue/anv/2ZuvAr2isymlh01wGt84La0eSez7yIxI1SPHGl
 l/JA==
X-Gm-Message-State: AOAM532pSrEWchSsqK4svZ7fx0dc1h0VXzUWpIHCyyXhR41ShozY4yPz
 1tMGRjlIOA8/bLaSLsfCmRnBENUqiv4xLc9CB5nk8HDywLu/AgpmmLaWYSmt3IcsTL4+ssAq3U8
 tc2xCRnI9vI7HxnqZ0yyBEKJMePGvBt/jtw==
X-Received: by 2002:a1f:608a:: with SMTP id u132mr7824177vkb.19.1634233414924; 
 Thu, 14 Oct 2021 10:43:34 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxjeiD5Q3y8pnUH8JFCLDyS5IDWioIjdWBhq1qWl/1YEopqU+Hy1KccCAY0+L+zNoIpkJ8PNQlJqqUU8aRMZTU=
X-Received: by 2002:a1f:608a:: with SMTP id u132mr7824153vkb.19.1634233414675; 
 Thu, 14 Oct 2021 10:43:34 -0700 (PDT)
MIME-Version: 1.0
References: <YWRrKXG3vMjifCeb@redhat.com>
 <2f87571d-8f17-6f70-d163-a9a38a2c37db@gmail.com>
In-Reply-To: <2f87571d-8f17-6f70-d163-a9a38a2c37db@gmail.com>
From: Jonathan Wakely <jwakely@redhat.com>
Date: Thu, 14 Oct 2021 18:43:23 +0100
Message-ID: <CACb0b4nuLds7yA5LwrdQhcsWaj-gtkfEWQEPGqfXD6wUbFxS0Q@mail.gmail.com>
Subject: Re: [PATCH] libstdc++: Check [ptr, end) and [ptr,
 ptr+n) ranges with _GLIBCXX_ASSERTIONS
To: =?UTF-8?Q?Fran=C3=A7ois_Dumont?= <frs.dumont@gmail.com>
Cc: "libstdc++" <libstdc++@gcc.gnu.org>, gcc Patches <gcc-patches@gcc.gnu.org>
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_SHORT,
 RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Oct 2021 17:43:41 -0000

On Thu, 14 Oct 2021 at 18:11, Fran=C3=A7ois Dumont <frs.dumont@gmail.com> w=
rote:
>
> Hi
>
>      On a related subject I am waiting for some feedback on:
>
> https://gcc.gnu.org/pipermail/libstdc++/2021-August/053005.html

I'm concerned that this adds too much overhead for the
_GLIBCXX_ASSERTIONS case. It adds function calls which are not
necessarily inlined, and which perform arithmetic and comparisons on
the arguments. That has a runtime cost which is non-zero.

The patches I sent in this thread have zero runtime cost, because they
use the compiler built-in which compiles away to nothing if the sizes
aren't known.

>
> On 11/10/21 6:49 pm, Jonathan Wakely wrote:
> > This enables lightweight checks for the __glibcxx_requires_valid_range
> > and __glibcxx_requires_string_len macros  when _GLIBCXX_ASSERTIONS is
> > defined.  By using __builtin_object_size we can check whether the end o=
f
> > the range is part of the same object as the start of the range, and
> > detect problems like in PR 89927.
> >
> > libstdc++-v3/ChangeLog:
> >
> >       * include/debug/debug.h (__valid_range_p, __valid_range_n): New
> >       inline functions using __builtin_object_size to check ranges
> >       delimited by pointers.
> >       [_GLIBCXX_ASSERTIONS] (__glibcxx_requires_valid_range): Use
> >       __valid_range_p.
> >       [_GLIBCXX_ASSERTIONS] (__glibcxx_requires_string_len): Use
> >       __valid_range_n.
> >
> >
> > The first patch allows us to detect bugs like string("foo", "bar"),
> > like in PR 89927. Debug mode cannot currently detect this. The new
> > check uses the compiler built-in to detect when the two arguments are
> > not part of the same object. This assumes we're optimizing and the
> > compiler knows the values of the pointers. If it doesn't, then the
> > function just returns true and should inline to nothing.
>
> I see, it does not detect that input pointers are unrelated but as they
> are the computed size is >=3D __sz.
>
> Isn't it UB to compare unrelated pointers ?

Yes, and my patch doesn't compare any pointers, does it?