This is the mail archive of the
mailing list for the GCC project.
Re: Obscure crashes due to gcc 4.9 -O2 => -fisolate-erroneous-paths-dereference
- From: Jeff Law <law at redhat dot com>
- To: Florian Weimer <fweimer at redhat dot com>, Andrew Haley <aph at redhat dot com>, Jeff Prothero <jprother at altera dot com>, gcc at gcc dot gnu dot org
- Date: Fri, 20 Feb 2015 10:01:12 -0700
- Subject: Re: Obscure crashes due to gcc 4.9 -O2 => -fisolate-erroneous-paths-dereference
- Authentication-results: sourceware.org; auth=none
- References: <pdf61azt48b dot fsf at sj-interactive3 dot altera dot com> <54E6FEA4 dot 8000104 at redhat dot com> <54E71E4A dot 3050503 at redhat dot com>
On 02/20/15 04:45, Florian Weimer wrote:
On 02/20/2015 10:30 AM, Andrew Haley wrote:
I doubt that such a thing is ever going to be safe. The idea that a
null pointer points to nothing is so hard-baked into the design of C
that you can't get away from it. Also, almost every C programmer and
especially library writer "knows" that a null pointer points to
NULL pointer dereferences (or NULL pointer with small offsets) were
common programming idioms in the DOS days because the interrupt vector
table was located at this address. Quite a few systems once had a
readable page zero, and (manual, I assume) optimizations for list
traversal (p != NULL && p->next != NULL â p->next != NULL) were commonly
used on these systems.
True, but thankfully this isn't blessed anymore.
We still have targets where page0 is special. The H8 for example comes
to mind. Folks regularly place data into page0 and mark it as special
so the compiler emits more efficient sequences to access that data.
I think the treatment of pointers not as addresses, but something that
has type information and provenience associated with it, came much
later, when most of the design was already settled.
Regardless, the right thing to do is to disable elimination of NULL
pointer checks on targets where page 0 is mapped and thus a reference to
*0 may not fault. In my mind this is an attribute of both the processor
(see H8 above) and/or the target OS.
On those targets the C-runtime had better also ensure that its headers
aren't decorated with non-null attributes, particularly for the mem* and