From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by sourceware.org (Postfix) with ESMTPS id 7FA213858CDA for ; Mon, 10 Jul 2023 20:55:27 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7FA213858CDA Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=owlfolio.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=owlfolio.org Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 082A65C0167; Mon, 10 Jul 2023 16:55:27 -0400 (EDT) Received: from imap42 ([10.202.2.92]) by compute1.internal (MEProxy); Mon, 10 Jul 2023 16:55:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=owlfolio.org; h= cc:cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1689022527; x=1689108927; bh=0W pzuy4IeCzMYwlseZGbH0YHPy9CddlqMUDCUBFcR7c=; b=p5o/wnX2C1d50Jri2J m+e7xP6eiR8czcpLh6yzhvMKnAI/hyw31uEWWkh9AqHvJwHcRGQhcumfvRNCUVeO vyW2d0qmelf1ldwUsEG9HoVv38tsvpNLug0fMHFNbTQOKHcHR4KhH8jZonTjMKpP IicONhEF2OP4fWc1Fbg1oOOebeDkkPJFbVSz8Sv0XG4stNCCHBpF1eUvaqYP0pad a1vAX2qh0hpzjWpK7wi/unkYFlzAfVfe+YW6XubcOa2Zx5WmEaROAiuHxeBSGMl5 rg/PKIBDh0WdHqDXUdpq/pjtluPJ7yleasvCMZVumyNefwC0rBeeSOUqVuKZZgb/ r6sw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1689022527; x=1689108927; bh=0Wpzuy4IeCzMY wlseZGbH0YHPy9CddlqMUDCUBFcR7c=; b=fbA5RyHm/8ld+Ap7aFizaljb7Nf5c A4g0mTLr1KIoyzGZ77HnCARbUuAq3HPxt547Upff7nBzTFv0u1uXPrZZ9NH2VC2N VjeUk+gZlGsyVz+yBZZL7mAfrTf1fK2+bBEbqjMjj2JoWv/tmJECjMBpZtbiG/3g zuugV/F2nb3tYApTUFkTJ6VDBVSiuYCZnBcfpF/f+QgIxelfZBGZucRQSEkHHset GIc/Jj48v0SXMl9xby6txotH7drNXhA9hgfHtgdLH7qOkXjyE6Mdmvp5fEQZek1w 9ykaTkeqxshh5ExTvdwcFxFnicwFf831vLSpJqa6OypKZsPt61VCHZydw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrvdekgddugeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsehttdertderredtnecuhfhrohhmpedfkggr tghkucghvghinhgsvghrghdfuceoiigrtghksehofihlfhholhhiohdrohhrgheqnecugg ftrfgrthhtvghrnhephfelfeehudfhleegheegjeevheeuieehvdfgueeuteetleeiieet heefhfeludeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepiigrtghksehofihlfhholhhiohdrohhrgh X-ME-Proxy: Feedback-ID: i876146a2:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 90FE9BC0083; Mon, 10 Jul 2023 16:55:26 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-531-gfdfa13a06d-fm-20230703.001-gfdfa13a0 Mime-Version: 1.0 Message-Id: In-Reply-To: <25b31a74-5f06-1cce-dca5-ae84666c92b7@gmail.com> References: <20230710161300.1678172-1-xry111@xry111.site> <60947356-1710-4658-9169-9535505befd4@app.fastmail.com> <5d050e86-4c98-de22-5ef0-4cc9ead273d7@gotplt.org> <18affbe3-00c1-1cb1-6860-f7c78585f52b@gotplt.org> <25b31a74-5f06-1cce-dca5-ae84666c92b7@gmail.com> Date: Mon, 10 Jul 2023 16:55:06 -0400 From: "Zack Weinberg" To: "Jeff Law" , "Xi Ruoyao" , "Siddhesh Poyarekar" , "GNU libc development" Cc: "Adhemerval Zanella" , "Carlos O'Donell" , "'Alejandro Colomar (man-pages)'" , "Andreas Schwab" , "David Malcolm" Subject: Re: [PATCH v5] libio: Add nonnull attribute for most FILE * arguments in stdio.h Content-Type: text/plain X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,JMQ_SPF_NEUTRAL,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Mon, Jul 10, 2023, at 4:33 PM, Jeff Law via Libc-alpha wrote: > Essentially up to the point where the UB happens we have to preserve > visible side effects. After the point where UB happens anything goes > and our goal has been mark the paths through the CFG as dying at that > point and forcing an immediate halt of the program (via __buitin_trap()). > > There this all gets fuzzy is something like the NULL pointer property > where the fact that a pointer must be non-null can backward propagate. > ie, if a parameter is marked as non-null, then we will mark the > corresponding SSA_NAME in the compiler as non-null. Thus if there was > some comparison of the SSA_NAME against NULL (perhaps well before the > call), we'll optimize away that comparison. Yep, see, that in and of itself is dangerous. The bright line I would draw is: optimizations based on the assumption that control cannot proceed past the point where UB occurs are OK; optimizations based on the assumption that control cannot *reach* the point where UB occurs are *not* OK. Removing a comparison to NULL, based on the observation that *later in some execution trace* the program will definitely dereference that pointer, falls in the latter category, *even if* there are no externally visible side effects in between the two points. zw