From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=hH4N=AW=gmail.com=priour.be@sourceware.org>
Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536])
	by sourceware.org (Postfix) with ESMTPS id EBBFE3858D28
	for <gcc@gcc.gnu.org>; Mon,  1 May 2023 12:43:26 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org EBBFE3858D28
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-pg1-x536.google.com with SMTP id 41be03b00d2f7-51b4ef5378bso2093656a12.1
        for <gcc@gcc.gnu.org>; Mon, 01 May 2023 05:43:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1682945004; x=1685537004;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=bM5z2JSI0RfXIHg7qKtuuFhyFdM3IQq/ls0XXLMZXTE=;
        b=I7xVC5N/Kw9Ln0oNhc27GLvwjLEyUk17GPmatUjqsKG2YCgTV2yVhBSvKE001uPPwC
         eoDmt6Olfw9fEpBJDpOW+ntoeHaOe0bvtk1Eekr256iXZKrTjKnphqDZN3FrG1F/lC0K
         UDNThCLA0QpMburAS9EXH3tJsU5XUCuuSQsXGcmFuY8YtaGft+IoCZUuLDl/BpjifEJy
         MYg2GFTFFipxI0eoxKRxHMbPkzWbY3T+NHza8U+lTLh1S5UFO9tE+RWGit3xJQ1iYlK0
         TmzZ2uT17eyz7dyrBzueg2wQWe/CTP7J8B6FXegWGagPPO5//1mlhTrHRHg8H/wQYj/K
         4Khg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1682945004; x=1685537004;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=bM5z2JSI0RfXIHg7qKtuuFhyFdM3IQq/ls0XXLMZXTE=;
        b=JKHbUa7goaSlELgg5rbO+l6qs103otaI7KcknNk1gSVlQvpbuLLHOFVy8oJkx1JTZ5
         Ox8JJO6D1PzFnQqywGHaOBbgSpHCj0jAgCgl9AoumcmKEjfe7T7w0Rp1qls+r4NyAPI3
         DrCKSwgilnJ8DaCTfRnAR/GsaLsxDd2h4VI3O387ThvwN2Y4YRf3jlAh6QuHe0sHVi/E
         mA+qKtuvVGW6hQNePVDbTQWKRqfHNRQt6NoWfH0oeLqIkuTb3H/5Bbwp+OE9B3mPECsT
         AY7n/8YKXJnCB5TxgP2+xYygsaenVXjysnL2GUJynRMDb3lIf+slRPdw+CmD4RjOkTtM
         s2Vg==
X-Gm-Message-State: AC+VfDyrWiIR8ULDBnshZrSkHQKFvyW2h/8EN0g2fS5AN95H7b6hOl2r
	meDQ2XZFnCIOHTl1HKUIjmar67Ud8lP50iZuXg==
X-Google-Smtp-Source: ACHHUZ7j23BOJ7vIpaQQo/rJG8uldnEvD8++JoDLf/hUW/ygCBVVBC2SCPz/Q0ziKjOAX1Qt14gT+BaSupJWOjHULIQ=
X-Received: by 2002:a17:90a:4897:b0:23b:3699:b8a9 with SMTP id
 b23-20020a17090a489700b0023b3699b8a9mr13547801pjh.17.1682945003970; Mon, 01
 May 2023 05:43:23 -0700 (PDT)
MIME-Version: 1.0
From: Benjamin Priour <priour.be@gmail.com>
Date: Mon, 1 May 2023 14:43:13 +0200
Message-ID: <CAKiQ0GE97=4Z6VZFkxi-UAD06qZ3XrxNQ_CyNTdZyPj4DOCvxw@mail.gmail.com>
Subject: PR109439 - Terminate analysis path when OOB detected
To: David Malcolm <dmalcolm@redhat.com>, gcc@gcc.gnu.org
Content-Type: multipart/alternative; boundary="0000000000002364ed05faa12b91"
X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc.gcc.gnu.org>

--0000000000002364ed05faa12b91
Content-Type: text/plain; charset="UTF-8"

Hi David,

Sorry for not being active these past two weeks I've been overwhelmed at my
university with creating a new club and other uni stuff.

I just went back to solving these 3 bugs we discussed last time.

<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109439>
PR109439 <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109439> is the one
about the double warnings emitted (both OOB and use of uninitialized value).
Your second suggestion of terminating the diagnostic path on an OOB proved
to interfere with PR109437.
I might actually close PR109437 as solving PR109439 will probably solve it
too.
I'm going with your first suggestion of bubbling a boolean from
check_region_bounds up to get_rvalue.
I'm considering two approaches
 1. preventing the check_for_poison call if there is an OOB Read.
 2. or marking the OOB values as Unknown rather than Poisoned, but then we
are semantically incorrect.

Another unrelated question, I felt like the use of an uninitialized value
terminating the path was a bit strong. No other warnings will be considered
for the remaining of the function if there is such use, even for unrelated
stuff. Like a double free on a completely different variable.
Couldn't we tune that so we only ignore everything related to any variable
tainted by this uninitialized value ?

Sorry again for the past weeks, the club is finally running (somewhat).
Benjamin.

PS: I submitted a patch, bootstrapped and regtested, for the bug I was
solving on gcc-request. I guess I'm not too clear on the process of
submitting a patch, as I probably had to commit and push it afterwards,
sadly there was no feedback on the previous RFC as well as on the patch
submission - no blaming at all, people are busy and the flow of mails is
massive.
I believe I still don't have the right to commit it directly to the repo,
and honestly even if I would using my fresh gcc account, I would prefer not
to commit it myself for the first patch, I don't wanna mess with anything
because of an oversight.

--0000000000002364ed05faa12b91--