Re: [PATCH 1/2] string: _FORTIFY_SOURCE=3 using __builtin_dynamic_object_size

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

From: Siddhesh Poyarekar <siddhesh@sourceware.org>
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>,
	libc-alpha@sourceware.org
Cc: fweimer@redhat.com, jakub@redhat.com
Subject: Re: [PATCH 1/2] string: _FORTIFY_SOURCE=3 using __builtin_dynamic_object_size
Date: Tue, 29 Dec 2020 20:44:10 +0530	[thread overview]
Message-ID: <616160c4-5077-b832-cc9a-3a84bcf0c09f@sourceware.org> (raw)
In-Reply-To: <3582945f-21f4-3640-426b-0a9e39329d04@linaro.org>

On 12/28/20 10:14 PM, Adhemerval Zanella via Libc-alpha wrote:
> For previous discussion I couldn't really grap what is the GCC intention
> regarding this new builtin. Would it willing to implement with the same
> semantic as LLVM has done or depending of result when glibc starts to
> provide it GCC will either change its semantic or not implement at all?

The original conversation around it is here[1], although the 
conversation is more about extending __builtin_object_size vs 
introducing a new builtin (i.e. the __builtin_dynamic_object_size that 
eventually went into llvm).

My understanding from that conversation is that the gcc community sees 
value in the builtin and is willing to consider it as long as its 
semantics are comprehensively documented.  Right now the only real 
explanation for __builtin_dynamic_object_size is that "it's like 
__builtin_object_size", which is inaccurate and misleading.

I wanted to do this first too, i.e. document 
__builtin_dynamic_object_size semantics and work on getting it included 
in gcc but I couldn't make the gcc stage 1 deadline (which was last 
month) and decided to pick it up in 2021.

> If the former, using _FORTIFY_SOURCE=3 should be fine.  However, if it
> is the latter I think it would be better to add it as another and different
> FORTIFY flag ( _FORTIFY_SOURCE_DYNAMIC or something like that).
> 
> I really want to avoid the issue where developers would not see the
> expected code generation when using _FORTIFY_SOURCE=3 with gcc or the worse,
> where _FORTIFY_SOURCE=3 would have different semantic depending of the
> compiler used.

I don't foresee semantic differences diverging enough to be a 
compatibility issue for developers using _FORTIFY_SOURCE=3.  At worst, 
it could result in developers either seeing performance differences 
(because one compiler emits better code than the other due to the kind 
of information it chooses to glean and retain from the builtin) or is 
able to (or not) fortify functions, again because of how well it can 
deduce object sizes.  Such differences already exist in 
__builtin_object_size.

Does that address your concern?

> This should be in a different patch, where glibc would handle not support
> _FORTIFY_SOURCE levels and emit the expected warnings.

OK.

> I think from previous version that Florian suggested renamed this internal macros
> to __glibc_objsize[0].

Hmm, I missed that.  I'll rename it to __glibc_objsize.

Thanks,
Siddhesh

[1] https://gcc.gnu.org/legacy-ml/gcc/2019-01/msg00188.html

next prev parent reply	other threads:[~2020-12-29 15:14 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-19  6:33 [PATCH v6 0/2] _FORTIFY_SOURCE=3 Siddhesh Poyarekar
2020-12-19  6:33 ` [PATCH 1/2] string: _FORTIFY_SOURCE=3 using __builtin_dynamic_object_size Siddhesh Poyarekar
2020-12-28 16:44   ` Adhemerval Zanella
2020-12-29 15:14     ` Siddhesh Poyarekar [this message]
2020-12-19  6:33 ` [PATCH 2/2] nonstring: " Siddhesh Poyarekar
2020-12-28 17:36   ` Adhemerval Zanella
2020-12-29 14:04     ` Siddhesh Poyarekar
2020-12-29 14:26     ` Jakub Jelinek
2020-12-22 13:00 ` [PATCH v6 0/2] _FORTIFY_SOURCE=3 Siddhesh Poyarekar
2020-12-22 21:49   ` Adhemerval Zanella
  -- strict thread matches above, loose matches on Subject: below --
2020-12-10 18:13 [PATCH " Siddhesh Poyarekar
2020-12-10 18:13 ` [PATCH 1/2] string: _FORTIFY_SOURCE=3 using __builtin_dynamic_object_size Siddhesh Poyarekar
2020-12-10 19:10   ` Paul Eggert
2020-12-11  1:36     ` Siddhesh Poyarekar
2020-12-11  2:42       ` Paul Eggert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=616160c4-5077-b832-cc9a-3a84bcf0c09f@sourceware.org \
    --to=siddhesh@sourceware.org \
    --cc=adhemerval.zanella@linaro.org \
    --cc=fweimer@redhat.com \
    --cc=jakub@redhat.com \
    --cc=libc-alpha@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).