From: Xi Ruoyao <xry111@xry111.site>
To: Zack Weinberg <zack@owlfolio.org>,
Jeff Law <jeffreyalaw@gmail.com>,
Siddhesh Poyarekar <siddhesh@gotplt.org>,
GNU libc development <libc-alpha@sourceware.org>
Cc: Adhemerval Zanella <adhemerval.zanella@linaro.org>,
Carlos O'Donell <carlos@redhat.com>,
"'Alejandro Colomar (man-pages)'" <alx.manpages@gmail.com>,
Andreas Schwab <schwab@suse.de>,
David Malcolm <dmalcolm@redhat.com>
Subject: Re: [PATCH v5] libio: Add nonnull attribute for most FILE * arguments in stdio.h
Date: Tue, 11 Jul 2023 05:03:15 +0800 [thread overview]
Message-ID: <2b0a78ff42fb00b92cf7a2d940dfeb141b0dfcfe.camel@xry111.site> (raw)
In-Reply-To: <f73bdacd-58f7-4d4c-9cee-614bc55f6193@app.fastmail.com>
On Mon, 2023-07-10 at 16:55 -0400, Zack Weinberg wrote:
> On Mon, Jul 10, 2023, at 4:33 PM, Jeff Law via Libc-alpha wrote:
> > Essentially up to the point where the UB happens we have to preserve
> > visible side effects. After the point where UB happens anything goes
> > and our goal has been mark the paths through the CFG as dying at that
> > point and forcing an immediate halt of the program (via __buitin_trap()).
> >
> > There this all gets fuzzy is something like the NULL pointer property
> > where the fact that a pointer must be non-null can backward propagate.
> > ie, if a parameter is marked as non-null, then we will mark the
> > corresponding SSA_NAME in the compiler as non-null. Thus if there was
> > some comparison of the SSA_NAME against NULL (perhaps well before the
> > call), we'll optimize away that comparison.
>
> Yep, see, that in and of itself is dangerous.
>
> The bright line I would draw is: optimizations based on the assumption
> that control cannot proceed past the point where UB occurs are OK;
> optimizations based on the assumption that control cannot *reach* the
> point where UB occurs are *not* OK. Removing a comparison to NULL,
> based on the observation that *later in some execution trace* the
> program will definitely dereference that pointer, falls in the latter
> category, *even if* there are no externally visible side effects in
> between the two points.
Why it's not OK if no externally visible side effects is between the two
points?
So what should we do now? Remove all __nonnull from the headers? Or
"some __nonnull are OK but my is not"?!
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
next prev parent reply other threads:[~2023-07-10 21:03 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-10 16:13 Xi Ruoyao
2023-07-10 17:12 ` Zack Weinberg
2023-07-10 17:27 ` Xi Ruoyao
2023-07-10 19:06 ` Zack Weinberg
2023-07-10 19:31 ` Xi Ruoyao
2023-07-10 17:51 ` Siddhesh Poyarekar
2023-07-10 18:41 ` Xi Ruoyao
2023-07-10 20:14 ` _Nullable and _Nonnull in GCC's analyzer (was: [PATCH v5] libio: Add nonnull attribute for most FILE * arguments in stdio.h) Alejandro Colomar
2023-07-10 20:16 ` Alejandro Colomar
2023-08-08 10:01 ` Martin Uecker
2023-08-09 0:14 ` enh
2023-08-09 1:11 ` Siddhesh Poyarekar
2023-08-09 7:26 ` Martin Uecker
2023-08-09 10:42 ` ISO C's [static] (was: _Nullable and _Nonnull in GCC's analyzer) Alejandro Colomar
2023-08-09 12:03 ` Martin Uecker
2023-08-09 12:37 ` Alejandro Colomar
2023-08-09 14:24 ` Martin Uecker
2023-08-09 13:46 ` Xi Ruoyao
2023-08-11 23:34 ` _Nullable and _Nonnull in GCC's analyzer (was: [PATCH v5] libio: Add nonnull attribute for most FILE * arguments in stdio.h) enh
2023-07-10 18:56 ` [PATCH v5] libio: Add nonnull attribute for most FILE * arguments in stdio.h Zack Weinberg
2023-07-10 19:31 ` Siddhesh Poyarekar
2023-07-10 19:35 ` Xi Ruoyao
2023-07-10 19:46 ` Siddhesh Poyarekar
2023-07-10 20:23 ` Xi Ruoyao
2023-07-10 20:33 ` Jeff Law
2023-07-10 20:44 ` Xi Ruoyao
2023-07-10 20:55 ` Zack Weinberg
2023-07-10 21:03 ` Xi Ruoyao [this message]
2023-07-10 21:22 ` Zack Weinberg
2023-07-10 21:33 ` Xi Ruoyao
2023-07-11 19:12 ` Zack Weinberg
2023-07-11 20:12 ` Siddhesh Poyarekar
2023-07-12 8:59 ` Xi Ruoyao
2023-07-10 22:09 ` Paul Eggert
2023-07-11 19:18 ` Zack Weinberg
2023-07-11 20:45 ` Jeff Law
2023-07-11 23:59 ` Paul Eggert
2023-07-12 2:40 ` Jeff Law
2023-07-10 22:48 ` Siddhesh Poyarekar
2023-07-11 0:45 ` Sam James
2023-07-10 21:51 ` Jeff Law
2023-07-11 13:03 ` Cristian Rodríguez
2023-07-10 22:34 ` Siddhesh Poyarekar
2023-07-10 22:59 ` Jeff Law
2023-07-11 0:51 ` Sam James
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2b0a78ff42fb00b92cf7a2d940dfeb141b0dfcfe.camel@xry111.site \
--to=xry111@xry111.site \
--cc=adhemerval.zanella@linaro.org \
--cc=alx.manpages@gmail.com \
--cc=carlos@redhat.com \
--cc=dmalcolm@redhat.com \
--cc=jeffreyalaw@gmail.com \
--cc=libc-alpha@sourceware.org \
--cc=schwab@suse.de \
--cc=siddhesh@gotplt.org \
--cc=zack@owlfolio.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).