[Bug tree-optimization/94527] RFE: Add an __attribute__ that marks a function as freeing an object

[torvalds@linux-foundation.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94527

--- Comment #4 from Linus Torvalds <torvalds@linux-foundation.org> ---
(In reply to Jeffrey A. Law from comment #3)
> GCC already knows that free() "kills" the pointed-to memory and should be
> doing DSE with that in mind.  It doesn't however know that other functions
> have free-like semantics, so it wouldn't do so in for kfree. 

Oh, ok, so the logic already exists, just not the interface to tell anybody
else.

I suspect even non-kernel users might have wrappers around free that might be
able to use a "this acts like free()" marker.

> With regard to the warnings.  When we were investigating use-after-free and
> double-free diagnostics it was our conclusion that do to any kind of
> reasonable job you really have to do a whole program analysis.  Otherwise
> it's just a toy.  As a result the focal point for those diagnostics is the
> static analyzer David Malcolm is working on.

Obviously a static analyzer is better.

That said, we've had some stupid bugs wrt kfree(). Things like releasing things
twice in error paths etc.

So yeah, doing it in the compiler isn't going to catch the subtle cases, but
catching the stupid cases early would still be a good thing.

But I also realize that it might not be worth it to you guys. Since you already
effectively have the DSE code, that looks like a much cheaper thing to do.

(And maybe one day somebody will go "I can trivially see use-after-free things
too, and warn about it", so just having the marker might result in the warnings
at some point too).