From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) by sourceware.org (Postfix) with ESMTPS id EEF4D3858C39 for ; Fri, 17 Feb 2023 11:35:21 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org EEF4D3858C39 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wm1-x32b.google.com with SMTP id ja15-20020a05600c556f00b003dc52fed235so621680wmb.1 for ; Fri, 17 Feb 2023 03:35:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=EMPLsY+0QspvB/xZXl5pPcZZNllBPXaQznm1OaNhXMw=; b=Dhj5HRsQ3OOdhO9SYVDET6JoF1FjV2GrjKCHhAf8dZ3YFkXnZ/g9P5gSrtgOJVulPz fyjKHuinD6VcphObO3TSqkAo3fJSgfHWcLNiwtcS3Sb5P7joh/COO8CwQudZ5h9at2gy Ts4huuKLKWWjOICXm1Q/00GquNyiyV2OA+VzetSqg3Ti6TRpDTKFxKjV5ILTxA3fR7Py WBvoGOKq4547RfoH+6OKesMdXAw3pByz+GIysmbOxWyZeAHf9O8+pkMAhlds0f7swHCa 3M/Z4mj1/5iiH61c9nVVBwz3Jq/ti+EmRJDtmmJzYlnFqj+IruOAs7wcjeKCzveGw8F4 LLlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=EMPLsY+0QspvB/xZXl5pPcZZNllBPXaQznm1OaNhXMw=; b=0LVf4r1UudEy3lB8QU286CF+QmuMcpiyZDMqTKS1TVtZ3lcckLng9tnLU8WV9J/XlI 5il6fXyDjzUefZlOFyaf0NoYG9qf4A/4ABVfehdGafJ0vWqnkuo4cYmX3sSRKyhi82zJ JEEYpe7A/JeYVWTuKGRJ0T8WfVpTAmZAZxXre9JHB12pilpl7ztEmhbBBN+VUEQ8QTvz GKELyzv/Z4kr5xzLIR4UHTEq1uH3CWFoKM5moT7yuyfGARY9JwPeFqhxxTQOLes7pSMH uzg8AG7XfnKzdI0UEqxw07XVzz75F6780yDiHcsBNnTacfgLPrkdpBIX1+WXY0L7KEW8 q9Eg== X-Gm-Message-State: AO0yUKWH/P33IBbERQsId1KfHTZP22sqVUIkSWZUsVR1RHhrzk4n1cNW YIGKxIVdx5ORocnEefMUctA= X-Google-Smtp-Source: AK7set+8lIgU6zjVkpBax0skxqlYo7jgbPKbxL7haa2h6BfQVcjINrq1znpZm7f0tZqReWAZUnf8wg== X-Received: by 2002:a05:600c:1c8f:b0:3df:e21f:d705 with SMTP id k15-20020a05600c1c8f00b003dfe21fd705mr510297wms.28.1676633720484; Fri, 17 Feb 2023 03:35:20 -0800 (PST) Received: from [192.168.0.160] ([170.253.36.171]) by smtp.gmail.com with ESMTPSA id q12-20020a7bce8c000000b003db0ee277b2sm1232970wmj.5.2023.02.17.03.35.19 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 17 Feb 2023 03:35:20 -0800 (PST) Message-ID: <0049730a-e28c-0e0f-8d92-695395f1ec21@gmail.com> Date: Fri, 17 Feb 2023 12:35:06 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 Subject: Re: Missed warning (-Wuse-after-free) Content-Language: en-US To: Martin Uecker , GCC , Jonathan Wakely Cc: Iker Pedrosa , Florian Weimer , Paul Eggert , Michael Kerrisk , =?UTF-8?B?SuKCkeKCmeKCmyBHdXN0ZWR0?= , David Malcolm , Sam James , Yann Droneaud References: <8ed6d28c-69dc-fed8-5ab5-99f685f06fac@gmail.com> <38e7e994a81d2a18666404dbaeb556f3508a6bd6.camel@redhat.com> <23d3a3ff-adad-ac2e-92a6-4e19f4093143@gmail.com> <2148ef80dee2a034ee531d662fc8709d26159ec5.camel@tugraz.at> From: Alejandro Colomar In-Reply-To: <2148ef80dee2a034ee531d662fc8709d26159ec5.camel@tugraz.at> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------BUEWdth0zEjaFDwJaio0NBu0" X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------BUEWdth0zEjaFDwJaio0NBu0 Content-Type: multipart/mixed; boundary="------------gP1nisxQH8w79NG0UuttToQS"; protected-headers="v1" From: Alejandro Colomar To: Martin Uecker , GCC , Jonathan Wakely Cc: Iker Pedrosa , Florian Weimer , Paul Eggert , Michael Kerrisk , =?UTF-8?B?SuKCkeKCmeKCmyBHdXN0ZWR0?= , David Malcolm , Sam James , Yann Droneaud Message-ID: <0049730a-e28c-0e0f-8d92-695395f1ec21@gmail.com> Subject: Re: Missed warning (-Wuse-after-free) References: <8ed6d28c-69dc-fed8-5ab5-99f685f06fac@gmail.com> <38e7e994a81d2a18666404dbaeb556f3508a6bd6.camel@redhat.com> <23d3a3ff-adad-ac2e-92a6-4e19f4093143@gmail.com> <2148ef80dee2a034ee531d662fc8709d26159ec5.camel@tugraz.at> In-Reply-To: <2148ef80dee2a034ee531d662fc8709d26159ec5.camel@tugraz.at> --------------gP1nisxQH8w79NG0UuttToQS Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Martin, On 2/17/23 09:12, Martin Uecker wrote: > Am Freitag, dem 17.02.2023 um 02:04 +0100 schrieb Alejandro Colomar >=20 >=20 >> >> [...] >> >>> >>> I'm not convinced that it's useful to the end-user to warn about >>> the >>> "use of q itself" case. >> >> I didn't quote the standard because I couldn't find it.=C2=A0 I was >> searching in C11, >> and it seems that it was only implicitly Undefined Behavior, without >> explicit >> spelling (the value of the pointer was indeterminate, according to >> C11). >=20 > The value becomes indeterminate according to 6.2.4p2 in C11. > An indeterminate value may be a trap representation 3.19.2 > If such a trap representation is read (the pointer, not > just the pointed-to object), the behavior is undefined > according to 6.2.6.1p5. So it is explitely UB and was > already in C99 or even before. What if the comparison is performed as uintptr_t? You wouldn't have trap representations, would you? Or we could even go to memcmp(3) to compare as char, if paranoic enough :) >=20 >=20 >> Now C23 will better clarify that reading such a pointer value (not >> ever dereferencing) is Undefined Behavior. >=20 > We did not change this for C23. C11: The value of a pointer becomes indeterminate when the object it points to (or just past) reaches the end of its lifetime. C2x (N3054 is the latest I know): If a pointer value is used in an evaluation after the object the pointer points to (or just past) reaches the end of its lifetime, the behavior is undefined. This new wording doesn't even allow one to use memcmp(3); just reading the pointer value, however you do it, is UB. >=20 > Only the terminology regarding trap representation > (now: non-value representation) and indeterminate > values (now: indeterminate representation) was revised. >=20 >=20 > There are proposal to define bevahior for such > pointers, but I think this would be a mistake. > (although somehow I ended up being a co-author=20 > of this paper), >=20 > The reason is that every use of such a pointer=C2=A0 > risks running into sublte issues related to pointer=C2=A0 > provenance. >=20 > So in my opinion it would be very useful to warn about > all uses of invalid pointers, because fixing this is > much easier than understanding and fixing provenance > issues which might arise from incorrect use of such > pointers. Agree; making this defined behavior doesn't seem a good idea. Cheers, Alex >=20 >=20 > Martin --=20 GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5 --------------gP1nisxQH8w79NG0UuttToQS-- --------------BUEWdth0zEjaFDwJaio0NBu0 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE6jqH8KTroDDkXfJAnowa+77/2zIFAmPvZmoACgkQnowa+77/ 2zL9+g/+NBDvpnI0GfdtgYZ1UjNWuVLd/5cBOZUN3lLpUfaTa81rLgX72Qyfu84b 3Fz8CBjMBIQ2YwcGPPZkT2k8iHFVlFFAlZK6k1Gl/4fZo6RD+nOt2ExQn8u9BZBB SffQBqbC0CMrk1Uehmm9FzS4t5dAz4BkPCHb2ALmtOyC+OQLztELuuGzDbFUn11I WJ6HZmT3f7JEgb31DRzOQZSk40kRCpR9E/lzf6WqaoOveTsJyclZtR7KXIkg+SAQ 3tVt86DGp1z+yA+c83OSA9RQ80WvmUa/Bw/tS6G2267RWPDnwdanXZdQNA2JHY6P UokcC2iW1FFrm9YM+xi+mOmvwEz0PD1e6XcnBD3zouzi5VKaVcywRhts4cb+mDS9 Bnpw7Oo9r4lJJt5s8xskS9yKV/4t/MOXR3gmzqlW5TmUpjI97XXBfTwxwSMas0Oa hXGriX1htcEJxPKzkE+LBQNYeJmmbVbZLusp/BHv8r+2Juwwg0+bzK8fA10/3nwj I8kFcAWCkEUujHZ/Q7amPQ2TTrD/vsiUxChe9Sk18BFrS3e1atUGDEvruVOndAq1 e1Ho5UyRgfXKvYkASTC6qIimkcibQPh+iKZZ17cRoQHJ2hOBpzFPs61k43+1fFZJ 0mpn1wLvYhjcunag7YHm176V/xlcneh+oI2msjhu3a7yywYbiQ8= =glY6 -----END PGP SIGNATURE----- --------------BUEWdth0zEjaFDwJaio0NBu0--