This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] warn for unsafe calls to __builtin_return_address
- From: Segher Boessenkool <segher at kernel dot crashing dot org>
- To: Jeff Law <law at redhat dot com>
- Cc: Martin Sebor <msebor at redhat dot com>, Gcc Patch List <gcc-patches at gcc dot gnu dot org>
- Date: Sat, 25 Jul 2015 09:20:35 -0500
- Subject: Re: [PATCH] warn for unsafe calls to __builtin_return_address
- Authentication-results: sourceware.org; auth=none
- References: <555E2FC6 dot 60804 at redhat dot com> <555E50A5 dot 60309 at redhat dot com> <557A0617 dot 6040605 at redhat dot com> <55B1C845 dot 1030000 at redhat dot com>
On Thu, Jul 23, 2015 at 11:08:21PM -0600, Jeff Law wrote:
> >There's the following comment in expand_builtin_frame_address:
> >
> > /* Some ports cannot access arbitrary stack frames. */
> >
> >just before a block of code where the function can lead to
> >an "invalid argument" warning which would cause the newly
> >added tests to fail (since the newly added warning wouldn't
> >be issued).
> >
> >I tried to determine what ports these might be so I could add
> >conditionals to the tests to prevent false positives there but
> >couldn't find any.
A quick grep shows aarch64. Also many other ports, for
__builtin_return_address. For __builtin_frame_address there is no
non-hacky way for ports to say "I cannot access other frames"; see
mmix_dynamic_chain_address for more complaints about this.
> You have to start thinking creatively. For example, consider ports
> without dwarf2 unwinders :-) Consider ports where the linker inserts
> stubs between caller & callee for various reasons Consider cases where
> the next outermost frame is compiled by something other than GCC, or
> perhaps was written in pure assembly. Or consider the case when we're
> currently in a signal handling frame...
Or simply the case where the caller does not have a frame pointer, and
the ABI does not provide another way to get at (the size of) stack frames.
> So, my suggestion would be to warn for any call with a nonzero value.
The current documentation says that you should only use nonzero values
for debug purposes. A warning would help yes, how many people read the
manual after all :-)
Segher