From: David Malcolm <dmalcolm@redhat.com>
To: Florian Weimer <fweimer@redhat.com>,
Szabolcs Nagy via Gcc <gcc@gcc.gnu.org>
Cc: Szabolcs Nagy <szabolcs.nagy@arm.com>,
libc-alpha@sourceware.org, Mir Immad <mirimnan017@gmail.com>
Subject: Re: Adding file descriptor attribute(s) to gcc and glibc
Date: Wed, 13 Jul 2022 09:33:28 -0400 [thread overview]
Message-ID: <6460438cc9e634d0b5e40a1438038c9adce151bb.camel@redhat.com> (raw)
In-Reply-To: <877d4h1alh.fsf@oldenburg.str.redhat.com>
On Wed, 2022-07-13 at 14:05 +0200, Florian Weimer wrote:
> * Szabolcs Nagy via Gcc:
[adding Immad back to the CC list]
>
> > to be honest, i'd expect interesting fd bugs to be
> > dynamic and not easy to statically analyze.
> > the use-after-unchecked-open maybe useful. i would
> > not expect the access direction to catch many bugs.
>
> You might be right. But I think the annotations could help to catch
> use-after-close errors.
>
> By the way, I think it would help us if we didn't have to special-
> case
> AT_FDCWD using inline wrappers.
Florian: I confess I wasn't familiar with AT_FDCWD until I read your
email and did a little reading a few minutes ago; it seems to be a
"magic number" for an FD that has special meaning; on my system it has
the value -100.
GCC's current implementation of the various -Wanalyzer-fd-* warnings
will track state for constant integer values as well as symbolic
values; it doesn't have any special meanings for specific integer
values. So e.g. it doesn't assume that 0, 1, and 2 have specific
meaning or are opened with specific flags (the analysis doesn't
necessarily begin its execution path at the start of "main", so there's
no guarantee that the standard FDs have their standard meaning).
Presumably if someone attempts
close (AT_FDCWD);
they'll get -1 and errno set to EBADFD, right? I don't think GCC's -
fanalyzer needs to check for that.
-fanalyzer's filedescriptor support doesn't yet have a concept of
"directory filedescriptors". Should it? (similarly, it doesn't yet
know about sockets)
A possible way to annotate "openat":
int openat(int dirfd, const char *pathname, int flags)
__attr_fd_arg(1);
Dave
>
> Thanks,
> Florian
>
next prev parent reply other threads:[~2022-07-13 13:33 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-12 17:31 [PATCH] filedescriptor attribute Immad Mir
2022-07-12 17:33 ` Mir Immad
2022-07-12 22:16 ` Adding file descriptor attribute(s) to gcc and glibc David Malcolm
2022-07-12 22:25 ` David Malcolm
2022-07-13 8:37 ` Szabolcs Nagy
2022-07-13 8:46 ` Andreas Schwab
2022-07-13 12:05 ` Florian Weimer
2022-07-13 13:33 ` David Malcolm [this message]
2022-07-13 14:01 ` Florian Weimer
2022-07-13 16:55 ` David Malcolm
2022-07-14 8:30 ` Szabolcs Nagy
2022-07-14 15:22 ` David Malcolm
2022-07-14 17:07 ` Paul Eggert
2022-07-13 16:56 ` Mir Immad
2022-07-13 19:29 ` David Malcolm
2022-07-13 12:57 ` David Malcolm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6460438cc9e634d0b5e40a1438038c9adce151bb.camel@redhat.com \
--to=dmalcolm@redhat.com \
--cc=fweimer@redhat.com \
--cc=gcc@gcc.gnu.org \
--cc=libc-alpha@sourceware.org \
--cc=mirimnan017@gmail.com \
--cc=szabolcs.nagy@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).