This is the mail archive of the
gcc-help@gcc.gnu.org
mailing list for the GCC project.
Re: GNU OSC (Object Size Checking)
On 02/05/2018 05:34 PM, Yuchen Zhou (yuczhou) wrote:
Hi Martin,
Just to be sure I am clear on this when you said it supports both languages:
I thought OSC is for C language only since it's listed under "C-Extensions":
https://gcc.gnu.org/onlinedocs/gcc/C-Extensions.html#C-Extensions
As examples, does OSC support multi inheritance, templates, iterator, copy constructor, member initializer, etc. as well as C++11/14 features such as map, set, etc. which all involve object sizes in some way?
The first set of features you mention don't involve the user
specifying the sizes of things -- the sizes are all provided
by the compiler -- so there's nothing for the compiler to
check.
The second set of C++ features -- C++ containers -- would
benefit from checking preconditions on their inputs. E.g.,
that the sequences they are copying data from or to do, in
fact have, have the expected amount of space. For example:
const int a[] = { 1, 2, 3 };
std::vector<int> v (a, a + sizeof a); // read past the end
char b[4];
std::string s ("1234");
s.copy (b, s.length () + 1); // write past the end
Some of this checking already happens at compile-time thanks
to the -Wstringop-overflow warning. The read past the end
is already diagnosed (unfortunately only with -Wsystem-headers).
The string overflow is not diagnosed yet because of other
limitations in GCC (not necessarily in Object Size Checking).
But no runtime protection happens for libstdc++ containers,
even with _FORTIFY_SOURCE, because libstdc++ either uses
the GCC built-in functions (__builtin_memcpy) directly or
"rolls" its own loops (std::copy, etc.) that GCC transforms
into calls to the non-checking built-ins. For the former,
it might be worth considering using the checking built-ins
instead. Jonathan will know best if this would make sense
and how much it might benefit. For the latter, I'm sure
there are opportunities for GCC to do better and check
the bounds of the copies either before emitting calls to
these functions or propagating their bounds.
But other than using the checking built-ins in libstdc++
none of this is in the intersection of C++ and Object Size
Checking. It applies to both C and C++.
If this isn't what you have in mind, can you give us
a specific example of C++ code that you think Object Size
Checking could be extended to detect overflow in?
Martin
Thanks!
Yuchen Zhou
TECHNICAL LEADER.ENGINEERING
Cisco Systems Inc.
-----Original Message-----
From: Martin Sebor [mailto:msebor@gmail.com]
Sent: Monday, February 5, 2018 2:02 PM
To: Yuchen Zhou (yuczhou) <yuczhou@cisco.com>; gcc-help@gcc.gnu.org
Subject: Re: GNU OSC (Object Size Checking)
On 02/05/2018 01:11 PM, Yuchen Zhou (yuczhou) wrote:
Hi,
GNU OSC is a C extension. Is there any work in progress for C++? I understand checking on C++ object sizes is a lot more difficult but would like to know if such effort exists....
It works in both languages. With the exception of a couple of minor enhancements that I've done some work on in the GCC
7 and 8 cycles that either weren't accepted (bug 77608) or that I'm not done with yet (bug 83859) there is no work that I'm aware of. What kind of C++ extensions do you have in mind?
Martin