This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Make tree-ssa-strlen.c handle partial unterminated strings

From: Jeff Law <law at redhat dot com>
To: Martin Sebor <msebor at gmail dot com>, Jakub Jelinek <jakub at redhat dot com>, Andi Kleen <andi at firstfloor dot org>
Cc: gcc-patches at gcc dot gnu dot org, richard dot sandiford at linaro dot org
Date: Fri, 5 May 2017 10:38:30 -0600
Subject: Re: Make tree-ssa-strlen.c handle partial unterminated strings
Authentication-results: sourceware.org; auth=none
Authentication-results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=law at redhat dot com
Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 8E27667301
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 8E27667301
References: <87efw3sebf.fsf@linaro.org> <87efw3gv6b.fsf@firstfloor.org> <20170505155526.GE1809@tucnak> <6a572568-434b-095f-e9c4-ad8e97019d79@gmail.com>

On 05/05/2017 10:28 AM, Martin Sebor wrote:

On 05/05/2017 09:55 AM, Jakub Jelinek wrote:

On Fri, May 05, 2017 at 08:50:04AM -0700, Andi Kleen wrote:

Richard Sandiford <richard.sandiford@linaro.org> writes:

tree-ssa-strlen.c looks for cases in which a string is built up using
operations like:

    memcpy (a, "foo", 4);
    memcpy (a + 3, "bar", 4);
    int x = strlen (a);

As a side-effect, it optimises the non-final memcpys so that they don't
include the nul terminator.

However, after removing some "& ~0x1"s from tree-ssa-dse.c, the DSEpass

does this optimisation itself (because it can tell that later memcpys

overwrite the terminators). The strlen pass wasn't able to handlethese

pre-optimised calls in the same way as the unoptimised ones.

This patch adds support for tracking unterminated strings.


Would that be useful as a warning too? If the pass can figure out
the final string can be not null terminated when passed somewhere else,
warn, because it's likely a bug in the program.


Why would it be a bug?  Not all sequences of chars are zero terminated
strings, it can be arbitrary memory and have size somewhere on the side.
Also, the fact that strlen pass sees a memcpy (a, "foo", 3); and a passed

somewhere else doesn't mean a isn't zero terminated, the pass recordsonly

what it can prove, so even when you have:
memcpy (a, "abcdefgh", 9);
*p = 0; // unrelated pointer, but compiler can't prove that
memcpy (a, "foo", 3);
call (a);


There have been requests for a warning to diagnose invalid uses
of character arrays that are not nul-terminated, such as arguments
to functions that expect a (nul-terminated) string.  For example:

     char *p = (char*)malloc (20);
     memcpy (p, "/tmp/", 5);
     strcat (p, "file.text");   // << warn here

It would be helpful to diagnose such cases (while avoiding false
positives on the indeterminate cases you mention, of course).

Can't we just start at point where the string must be terminated (strcatcall in this case) and walk the VUSE/VDEF chain back to determine ifobject's NUL termination status is:


1. Terminated
2. Not terminated
3. Indeterminate

You'd probably want to have some kind of propagation step so that youdon't just give up when you see a PHI node. Instead you recurse on thePHI args before determining the state at the PHI itself.


Jeff

References:
- Make tree-ssa-strlen.c handle partial unterminated strings
  - From: Richard Sandiford
- Re: Make tree-ssa-strlen.c handle partial unterminated strings
  - From: Andi Kleen
- Re: Make tree-ssa-strlen.c handle partial unterminated strings
  - From: Jakub Jelinek
- Re: Make tree-ssa-strlen.c handle partial unterminated strings
  - From: Martin Sebor

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]