From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 39365 invoked by alias); 17 Oct 2019 16:28:15 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 39357 invoked by uid 89); 17 Oct 2019 16:28:15 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-6.3 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=outstanding, associates, lightly, Glibc X-HELO: mail-il1-f195.google.com Received: from mail-il1-f195.google.com (HELO mail-il1-f195.google.com) (209.85.166.195) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 17 Oct 2019 16:28:13 +0000 Received: by mail-il1-f195.google.com with SMTP id z10so2630116ilo.8 for ; Thu, 17 Oct 2019 09:28:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=oDGUPUvgignbW/VXF1naw5q0NJiWdox9+FjEkcuolHM=; b=p0no3B5b/J9KWz/P5g6QWhYGb0KtzhQHtz1LQ07Egpo3x2YMAjKMRdT2krtlPkWoOJ imiIKLpMdy5x5n4HqufxuDAaFpuR+IZRaJ22I6CWBHS3FvTKvHPYIA1CDWEi1Y7pC5qN BP2eGogbMnr6Y+ELJSr79dDIJv+wDLUCYY9WJOwZZDQ4dBws/uAh1DdVpjZjp1w23ed9 0UZaWb2t4SNAAybARCKpIwTQPgszpjwz2XZpc/81mV3qrNgdOKuyJzKMrdk+Pb8Ba5A5 IwGF+n0R6UJFn1uwRYm+Uw22PbPwCCORKuYnwU9+iBScBMW2GNHqjqQvw8B4nQfL0iZ/ GEFg== Return-Path: Received: from [192.168.0.41] (174-16-107-204.hlrn.qwest.net. [174.16.107.204]) by smtp.gmail.com with ESMTPSA id p7sm1108343ilh.10.2019.10.17.09.28.10 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 17 Oct 2019 09:28:10 -0700 (PDT) Subject: [PING] [WIP PATCH] add object access attributes (PR 83859) From: Martin Sebor To: gcc-patches , Jeff Law References: <056e2b5b-696c-ca69-9027-7d2369354b07@gmail.com> Message-ID: Date: Thu, 17 Oct 2019 16:44:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <056e2b5b-696c-ca69-9027-7d2369354b07@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-IsSubscribed: yes X-SW-Source: 2019-10/txt/msg01306.txt.bz2 Ping: https://gcc.gnu.org/ml/gcc-patches/2019-09/msg01690.html Other than the suggestions I got for optimization (for GCC 11) and additional buffer overflow detection for [static] arrays), is there any feedback on the patch itself? Jeff? Martin On 9/29/19 1:51 PM, Martin Sebor wrote: > -Wstringop-overflow detects a subset of past-the-end read and write > accesses by built-in functions such as memcpy and strcpy.  It relies > on the functions' effects the knowledge of which is hardwired into > GCC.  Although it's possible for users to create wrappers for their > own functions to detect similar problems, it's quite cumbersome and > so only lightly used outside system libraries like Glibc.  Even Glibc > only checks for buffer overflow and not for reading past the end. > > PR 83859 asks to expose the same checking that GCC does natively for > built-in calls via a function attribute that associates a pointer > argument with the size argument, such as: > >   __attribute__((buffer_size (1, 2))) void >   f (char* dst, size_t dstsize); > > The attached patch is my initial stab at providing this feature by > introducing three new attributes: > >   * read_only (ptr-argno, size-argno) >   * read_only (ptr-argno, size-argno) >   * read_write (ptr-argno, size-argno) > > As requested, the attributes associate a pointer parameter to > a function with a size parameter.  In addition, they also specify > how the function accesses the object the pointer points to: either > it only reads from it, or it only writes to it, or it does both. > > Besides enabling the same buffer overflow detection as for built-in > string functions they also let GCC issue -Wuninitialized warnings > for uninitialized objects passed to read-only functions by reference, > and -Wunused-but-set warnings for objects passed to write-only > functions that are otherwise unused (PR 80806).  The -Wununitialized > part is done. The -Wunused-but-set detection is implemented only in > the C FE and not yet in C++. > > Besides the diagnostic improvements above the attributes also open > up optimization opportunities such as DCE.  I'm still working on this > and so it's not yet part of the initial patch. > > I plan to finish the patch for GCC 10 but I don't expect to have > the time to start taking advantage of the attributes for optimization > until GCC 11. > > Besides regression testing on x86_64-linux, I also tested the patch > by compiling Binutils/GDB, Glibc, and the Linux kernel with it.  It > found no new problems but caused a handful of -Wunused-but-set-variable > false positives due to an outstanding bug in the C front-end introduced > by the patch that I still need to fix. > > Martin