From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=c1sm=C5=cristianrodriguez.net=cr@sourceware.org>
Received: from mail-oa1-x34.google.com (mail-oa1-x34.google.com [IPv6:2001:4860:4864:20::34])
	by sourceware.org (Postfix) with ESMTPS id 3BEC738582BD
	for <libc-alpha@sourceware.org>; Tue, 11 Jul 2023 13:04:01 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3BEC738582BD
Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=rodriguez.im
Authentication-Results: sourceware.org; spf=none smtp.mailfrom=cristianrodriguez.net
Received: by mail-oa1-x34.google.com with SMTP id 586e51a60fabf-1a35f67d8efso1117132fac.1
        for <libc-alpha@sourceware.org>; Tue, 11 Jul 2023 06:04:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=rodriguez.im; s=google; t=1689080640; x=1689685440;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=hccub9hXa3XL4wcRGc7MV7ogrrKoQMPabOg44u2VELs=;
        b=kiaUULapMU9xQ+1cGb1E1ZsLm+BxLsy9ncgSeebtHrSnOgUfqOef4egjJITuZ733oc
         djIJlocpB6LuUasDvIm9jyUCIFa0zxHBuLE4IYrlXOJTjXQ1QGf4VjITcnbUiarfOGQA
         6d11X9RQTRYt4fmldxrrPGdfNsnMmG4Vxqw68=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1689080640; x=1689685440;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=hccub9hXa3XL4wcRGc7MV7ogrrKoQMPabOg44u2VELs=;
        b=I5junCju9ycq9MPR4MNYohIHGHCCN/z/ieZLNzEQzxtzAsddILFsEFSEj6KcoCEj5Q
         7iODhb3FvJcdeaNyNx5ndQYPboE1wtFkdlo2vSx8CsYHbaS8qjUN4MC1eA3S0H9dHoXI
         hnb26J0XdYeDJ+akaC9zvEWKqn5NL1Es3l/xuEuFGWV7hd71UGQUZ8/EAVX55yArPEs9
         DMQelEwuMJcdfaXSmAtVb2j4Ttkh+NYqveT4gxMSl4ZFWCSafr7GGPegf0akWNv/xZVx
         7Um8u7WX79h5GDk97q7D3qrZ+IgN3j8fzBwh3fL+MF6WoMvYOhn7F6jltmtjmpq+PtzS
         pxyQ==
X-Gm-Message-State: ABy/qLaw24GtbC4LAE0vJo8Z5LrZJN/Uu4thb398IFYBEtFVQI+9eUnz
	j/C7nzmfMrA6KU2IoCiaqjza7kMPrZNWldned2rpMQ==
X-Google-Smtp-Source: APBJJlGwMSkSjNbJo1wJ7TET52deufzAnoJx9dj9yobL+LAYJXMtAGXXlJNIqlRBEfd3jN8iB4DUNnPJ4wXg/dF7kCc=
X-Received: by 2002:a05:6358:f1a:b0:134:cf15:92e1 with SMTP id
 b26-20020a0563580f1a00b00134cf1592e1mr5925641rwj.2.1689080640393; Tue, 11 Jul
 2023 06:04:00 -0700 (PDT)
MIME-Version: 1.0
References: <20230710161300.1678172-1-xry111@xry111.site> <a3a0c195-1149-461b-807e-46eaa3d68fcc@app.fastmail.com>
 <ed86d013-1df5-2880-3e39-0caf8f49a999@gotplt.org> <60947356-1710-4658-9169-9535505befd4@app.fastmail.com>
 <5d050e86-4c98-de22-5ef0-4cc9ead273d7@gotplt.org> <de4b1987522a3f9e1e2eecc0aae47960e55cc203.camel@xry111.site>
 <18affbe3-00c1-1cb1-6860-f7c78585f52b@gotplt.org> <e4674b4946decca0e6fe96876a8022b35ba9fc0f.camel@xry111.site>
 <25b31a74-5f06-1cce-dca5-ae84666c92b7@gmail.com> <f73bdacd-58f7-4d4c-9cee-614bc55f6193@app.fastmail.com>
 <968d6ae8-eb28-886f-ecc8-912dfb536048@gmail.com>
In-Reply-To: <968d6ae8-eb28-886f-ecc8-912dfb536048@gmail.com>
From: =?UTF-8?Q?Cristian_Rodr=C3=ADguez?= <cristian@rodriguez.im>
Date: Tue, 11 Jul 2023 09:03:49 -0400
Message-ID: <CAPBLoAcDti39WxNQUEH3chdOJJR+fHwrw8UipDWO-baa5fs_tw@mail.gmail.com>
Subject: Re: [PATCH v5] libio: Add nonnull attribute for most FILE * arguments
 in stdio.h
To: Jeff Law <jeffreyalaw@gmail.com>
Cc: Zack Weinberg <zack@owlfolio.org>, Xi Ruoyao <xry111@xry111.site>, 
	Siddhesh Poyarekar <siddhesh@gotplt.org>, GNU libc development <libc-alpha@sourceware.org>, 
	Adhemerval Zanella <adhemerval.zanella@linaro.org>, "Carlos O'Donell" <carlos@redhat.com>, 
	"Alejandro Colomar (man-pages)" <alx.manpages@gmail.com>, Andreas Schwab <schwab@suse.de>, 
	David Malcolm <dmalcolm@redhat.com>
Content-Type: multipart/alternative; boundary="000000000000917189060035bb59"
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

--000000000000917189060035bb59
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, Jul 10, 2023 at 5:51=E2=80=AFPM Jeff Law via Libc-alpha <
libc-alpha@sourceware.org> wrote:

>
> >
> > The bright line I would draw is: optimizations based on the assumption
> that control cannot proceed past the point where UB occurs are OK;
> optimizations based on the assumption that control cannot *reach* the poi=
nt
> where UB occurs are *not* OK.  Removing a comparison to NULL, based on the
> observation that *later in some execution trace* the program will
> definitely dereference that pointer, falls in the latter category, *even
> if* there are no externally visible side effects in between the two point=
s.
> I'd tend to agree these days and I think you've captured the issue
> pretty well.  And I suspect that probably contradicts statements I've
> made in the past in this space.   Time and experience have caused my
> position to evolve.
>


A single compiler flag disabling all this optimizations is needed. maybe
something like -fno-ub-abuse that sets -fno-strict-overflow
-fno-delete-null-pointer-checks -fother-non-obvious.flag-im-missing
or an -Osafer optimization level that makes sure that rules apply.

--000000000000917189060035bb59--