Re: [PATCH 2/2] Add a new warning option -Wstrict-flex-arrays.

[Richard Biener <rguenther@suse.de>]

On Tue, 22 Nov 2022, Kees Cook wrote:

> On Tue, Nov 22, 2022 at 03:02:04PM +0000, Qing Zhao wrote:
> > 
> > 
> > > On Nov 22, 2022, at 9:10 AM, Qing Zhao via Gcc-patches <gcc-patches@gcc.gnu.org> wrote:
> > > 
> > > 
> > > 
> > >> On Nov 22, 2022, at 3:16 AM, Richard Biener <rguenther@suse.de> wrote:
> > >> 
> > >> On Mon, 21 Nov 2022, Qing Zhao wrote:
> > >> 
> > >>> 
> > >>> 
> > >>>> On Nov 18, 2022, at 11:31 AM, Kees Cook <keescook@chromium.org> wrote:
> > >>>> 
> > >>>> On Fri, Nov 18, 2022 at 03:19:07PM +0000, Qing Zhao wrote:
> > >>>>> Hi, Richard,
> > >>>>> 
> > >>>>> Honestly, it?s very hard for me to decide what?s the best way to handle the interaction 
> > >>>>> between -fstrict-flex-array=M and -Warray-bounds=N. 
> > >>>>> 
> > >>>>> Ideally,  -fstrict-flex-array=M should completely control the behavior of -Warray-bounds.
> > >>>>> If possible, I prefer this solution.
> > >>>>> 
> > >>>>> However, -Warray-bounds is included in -Wall, and has been used extensively for a long time.
> > >>>>> It?s not safe to change its default behavior. 
> > >>>> 
> > >>>> I prefer that -fstrict-flex-arrays controls -Warray-bounds. That
> > >>>> it is in -Wall is _good_ for this reason. :) No one is going to add
> > >>>> -fstrict-flex-arrays (at any level) without understanding what it does
> > >>>> and wanting those effects on -Warray-bounds.
> > >>> 
> > >>> 
> > >>> The major difficulties to let -fstrict-flex-arrays controlling -Warray-bounds was discussed in the following threads:
> > >>> 
> > >>> https://gcc.gnu.org/pipermail/gcc-patches/2022-October/604133.html
> > >>> 
> > >>> Please take a look at the discussion and let me know your opinion.
> > >> 
> > >> My opinion is now, after re-considering and with seeing your new 
> > >> patch, that -Warray-bounds=2 should be changed to only add
> > >> "the intermediate results of pointer arithmetic that may yield out of 
> > >> bounds values" and that what it considers a flex array should now
> > >> be controlled by -fstrict-flex-arrays only.
> > >> 
> > >> That is, I think, the only thing that's not confusing to users even
> > >> if that implies a change from previous behavior that we should
> > >> document by clarifying the -Warray-bounds documentation as well as
> > >> by adding an entry to the Caveats section of gcc-13/changes.html
> > >> 
> > >> That also means that =2 will get _less_ warnings with GCC 13 when
> > >> the user doesn't use -fstrict-flex-arrays as well.
> > > 
> > > Okay.  So, this is for -Warray-bounds=2.
> > > 
> > > For -Warray-bounds=1 -fstrict-flex-array=N, if N > 1, should -fstrict-flex-array=N control -Warray-bounds=1?
> > 
> > More thinking on this. (I might misunderstand a little bit in the previous email)
> > 
> > If I understand correctly now, what you proposed was:
> > 
> > 1. The level of -Warray-bounds will NOT control how a trailing array is considered as a flex array member anymore. 
> > 2. Only the level of -fstrict-flex-arrays will control this;
> > 3. Keep the current default  behavior of -Warray-bounds on treating trailing arrays as flex array member (treating all [0],[1], and [] as flexible array members). 
> > 4. Updating the documentation for -Warray-bounds by clarifying this change, and also as an entry to the Caveats section on such change on -Warray-bounds.
> > 
> > If the above is correct, Yes, I like this change. Both the user interface and the internal implementation will be simplified and cleaner. 
> > 
> > Let me know if you see any issue with my above understanding.
> > 
> > Thanks a lot.
> 
> FWIW, this matches what I think makes the most sense too.

Yes, I think that makes most sense.  As said for -Warray-bounds=2 this
will change behavior but since that's not the default that should be
fine if documented.

Thanks,
Richard.