This is the mail archive of the
mailing list for the GCC project.
Re: Obscure crashes due to gcc 4.9 -O2 => -fisolate-erroneous-paths-dereference
- From: Andrew Haley <aph at redhat dot com>
- To: Jeff Prothero <jprother at altera dot com>, gcc at gcc dot gnu dot org
- Date: Fri, 20 Feb 2015 09:30:12 +0000
- Subject: Re: Obscure crashes due to gcc 4.9 -O2 => -fisolate-erroneous-paths-dereference
- Authentication-results: sourceware.org; auth=none
- References: <pdf61azt48b dot fsf at sj-interactive3 dot altera dot com>
On 18/02/15 19:21, Jeff Prothero wrote:
> BTW, I'd also be curious to know what is regarded as engineering
> best practice for writing a value to address zero when this is
> architecturally required by the hardware platform at hand.
> Obviously one can do various things to obscure the process
> sufficiently that the current gcc implementation won't detect it and
> complain, but as gcc gets smarter about optimization those are at
> risk of failing in a future release. It would be nice to have a
> guaranteed-to-work future-proof idiom for doing this. Do we have
> one, short of retreating to assembly code?
I doubt that such a thing is ever going to be safe. The idea that a
null pointer points to nothing is so hard-baked into the design of C
that you can't get away from it. Also, almost every C programmer and
especially library writer "knows" that a null pointer points to
nothing. The only way to initialize an interrupt vector table at
address zero is to go outside the language. While it may be possible
to use some proprietary GCC options to get around this, it's never
going to be a good idea because some GCC author (or indeed library
author) may make the "mistake" of assuming that null pointer point to
nothing. Using C to initialize anything at address zero is so
dangerous that we shouldn't tell people that they can use
such-and-such a GCC option to support it; we should warn them never to
do it, and provide as many warnings as we can.
IMO, engineering best practice is to use assembly code.