Re: C provenance semantics proposal

[Jens Gustedt <jens dot gustedt at inria dot fr>]

Hello Jakub,

On Fri, 19 Apr 2019 10:49:08 +0200 Jakub Jelinek <jakub@redhat.com>
wrote:

> On Fri, Apr 19, 2019 at 10:19:28AM +0200, Jens Gustedt wrote:
> > > OTOH GCC transforms
> > > (uintptr_t)&a != (uintptr_t)(&b+1)
> > > into &a != &b + 1 (for equality compares) and then
> > > doesn't follow this C rule anyways.  
> > 
> > Actually our proposal we are discussing here goes exactly the other
> > way around. It basically reduces
> > 
> >   &a != &b + 1
> > 
> > to
> > 
> >   (uintptr_t)&a != (uintptr_t)(&b+1)
> > 
> > with only an exception for null pointers, but which probably don't
> > matter for a platform where null pointers are just all bits 0.  
> 
> That penalizes quite a few optimizations though.
> If you have
> ptr != ptr2
> and points-to analysis finds a set of variables ptr as well as ptr2
> points to and the sets would be disjoint, it would be nice to be able
> to optimize that comparison away

yes

> (gcc does);

great

> similarly, if one of the
> pointers is &object or &object + sizeof (object).

Here I don't follow. Why would one waste brain and ressources to
optimize code that does such tricks?

> By requiring what you request above, it can be pretty much never
> optimized, unless the points-to analysis is able to also record if
> the pointer points to the start, middle or end of object and only if
> it is known to be in the middle it can safely optimize, for start or
> end it would need to prove the other pointer is to end or start and
> only non-zero sized objects are involved.

I have the impression that you just propose an inversion of the
roles. What you require is the user to keep track of this kind of
information, and to know when they do (or should not) compare a
one-passed pointer to something with a different provenance.

I just don't feel that it is adequate to impose such a detailed
knowledge on users, which is basically about a marginal use
case. One-off pointers don't occur "naturally" in many places, I'd
guess. Using them for anything else than to test bounds for array
traversal is insane, and there "usually" the test is with `<`, anyhow,
which has different rules.

Jens

-- 
:: INRIA Nancy Grand Est ::: Camus ::::::: ICube/ICPS :::
:: ::::::::::::::: office Strasbourg : +33 368854536   ::
:: :::::::::::::::::::::: gsm France : +33 651400183   ::
:: ::::::::::::::: gsm international : +49 15737185122 ::
:: http://icube-icps.unistra.fr/index.php/Jens_Gustedt ::

Attachment: pgp5r16a4erOZ.pgp
Description: Digitale Signatur von OpenPGP