From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=0Fps=6N=gmail.com=jwakely.gcc@sourceware.org>
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529])
	by sourceware.org (Postfix) with ESMTPS id 8039938493E6
	for <gcc@gcc.gnu.org>; Fri, 17 Feb 2023 11:25:02 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8039938493E6
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-ed1-x529.google.com with SMTP id co2so2541978edb.13
        for <gcc@gcc.gnu.org>; Fri, 17 Feb 2023 03:25:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=U6J4FKYe4EFAi5U/7/hOaEe4O2nCPqlzPNx9oxdpXQw=;
        b=BED6wl61Rhg/eBIkwqNMltlkwbyCExGwomNDtblqfoB8L0l3G7bteVQx7yKRCNbBKk
         hpr4uvXn5PT82a1A4q7N3S1Yww8D3D+gvXNmK3muQz8gfJuOJBEHH4WmRwv7plKk1BQk
         SZrVNQMRjGo/t73GddVdfZtYGJNMQfaG9MBEfX+txuFcS1PfGWRi/dta7f7wCzzaxnME
         1SLqu4VcquGu/fwkGOinDD4S2Ok/7p6XIEreYyIy5axskXf+muiT0vSU940GSrgQWIJf
         kwLjJFvc5YXskqD/HskaYgBL03CdUMvpM5FQt1/nNqb8tOmLsMByI3g6JK/6C0p9HUSI
         NrDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=U6J4FKYe4EFAi5U/7/hOaEe4O2nCPqlzPNx9oxdpXQw=;
        b=QzfP75HgejDM31AaoNTiqc6SvAlfVKcfCEBreFK3xwiDtbTcd0pD2XnmwWO/aiqYyx
         TdjfvzJi6yfZhDRv0U7mvuIeVK1WIkPx6MyndCS5Dd9aITOqGMHfS1RIcTMeBpaQzUmc
         7JwS9g4lAjja2NgHAvrzhJFdC545DKt9JkB9uqW+tFlWfDYHRfHO0PZ1pr25sXe/mUXv
         Xtks3N6JmEv1a3/w8yx9mqyiCCgL/Zll+rWBYdcNSl4kEr/828m726/thMg9YR9Idtd2
         LgTse9B7gLd6eLx5CebB6Ckn+Axoi06OVbjH4pZjwZsLRm78bnAE/hNW+jhlwraZ6TPI
         ZcGQ==
X-Gm-Message-State: AO0yUKU4Ti7ZhE+Yt/3uyrfh1+mAWAYKIwJ8YaWk+JkSQNx6Zd6QVbS8
	fwqg77qLwTHJHGOmyEfAOUo21Ubbe9zaLjgU5vY=
X-Google-Smtp-Source: AK7set/Yz27ZS+M09F8UeOU3l10DarXl6eLrBtrccuOC5STgKDt/pA2zyf/WydT79JYdWwPyRmGol46fTMJjijWZqBM=
X-Received: by 2002:a17:907:987b:b0:879:e5b2:e12d with SMTP id
 ko27-20020a170907987b00b00879e5b2e12dmr250528ejc.13.1676633101282; Fri, 17
 Feb 2023 03:25:01 -0800 (PST)
MIME-Version: 1.0
References: <8ed6d28c-69dc-fed8-5ab5-99f685f06fac@gmail.com>
 <38e7e994a81d2a18666404dbaeb556f3508a6bd6.camel@redhat.com> <d2b243e9-a9a9-bc58-5364-4cca938a9590@gotplt.org>
In-Reply-To: <d2b243e9-a9a9-bc58-5364-4cca938a9590@gotplt.org>
From: Jonathan Wakely <jwakely.gcc@gmail.com>
Date: Fri, 17 Feb 2023 11:24:48 +0000
Message-ID: <CAH6eHdSSX1_PSiicNqDe3HdP32uS5E-0ZUhL23u-qcD1r_FzWw@mail.gmail.com>
Subject: Re: Missed warning (-Wuse-after-free)
To: Siddhesh Poyarekar <siddhesh@gotplt.org>
Cc: David Malcolm <dmalcolm@redhat.com>, Alejandro Colomar <alx.manpages@gmail.com>, GCC <gcc@gcc.gnu.org>, 
	Iker Pedrosa <ipedrosa@redhat.com>
Content-Type: multipart/alternative; boundary="0000000000006bb27405f4e390c3"
X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc.gcc.gnu.org>

--0000000000006bb27405f4e390c3
Content-Type: text/plain; charset="UTF-8"

On Fri, 17 Feb 2023, 03:49 Siddhesh Poyarekar, <siddhesh@gotplt.org> wrote:

> On 2023-02-16 10:15, David Malcolm via Gcc wrote:
> > I'm not convinced that it's useful to the end-user to warn about the
> > "use of q itself" case.
>
> FWIW, -Wuse-after-free=3 already should do this:
>
> At level 3, the warning also diagnoses uses of indeterminate pointers in
> equality expressions.  All uses of indeterminate pointers are undefined
> but equality tests sometimes appear after
> calls to "realloc" as an attempt to determine whether the call resulted
> in relocating the object to a different address.  They are diagnosed at
> a separate level to aid legacy code gradually
> transition to safe alternatives.  For example, the equality test in the
> function below is diagnosed at this level:
>
> Jakub and I had discussed this in the context of _FORTIFY_SOURCE=3
> (which is anal about this and can break things) and we got pr#105217,
> but that is also a best-effort thing, not really a guarantee.
>
> IMO the analyzer should go that extra mile and warn for the use of q
> itself and maybe deprecate -Wuse-after-free=3 in its favour.
>


Please be aware that in C++ it's implementation-defined, not undefined.

That means that an implementation without trap representations for pointers
can choose to make it behave just like using (uintptr_t)p.

https://cplusplus.github.io/CWG/issues/1438.html
https://cplusplus.github.io/CWG/issues/623.html
https://cplusplus.github.io/CWG/issues/616.html
https://cplusplus.github.io/CWG/issues/312.html

We could still warn in C++ (because the code isn't portable) but I would
strongly suggest we don't influence C++ codegen based on deallocated
pointers being undefined. I don't think gcc supports any targets with
trapping pointers, and there are quite enough sources of UB already. We
don't need to create traps for users where there are no traps for pointers
:-)

--0000000000006bb27405f4e390c3--