[PING] [WIP PATCH] add object access attributes (PR 83859)
Martin Sebor
msebor@gmail.com
Thu Oct 17 16:44:00 GMT 2019
Ping: https://gcc.gnu.org/ml/gcc-patches/2019-09/msg01690.html
Other than the suggestions I got for optimization (for GCC 11)
and additional buffer overflow detection for [static] arrays),
is there any feedback on the patch itself? Jeff?
Martin
On 9/29/19 1:51 PM, Martin Sebor wrote:
> -Wstringop-overflow detects a subset of past-the-end read and write
> accesses by built-in functions such as memcpy and strcpy. It relies
> on the functions' effects the knowledge of which is hardwired into
> GCC. Although it's possible for users to create wrappers for their
> own functions to detect similar problems, it's quite cumbersome and
> so only lightly used outside system libraries like Glibc. Even Glibc
> only checks for buffer overflow and not for reading past the end.
>
> PR 83859 asks to expose the same checking that GCC does natively for
> built-in calls via a function attribute that associates a pointer
> argument with the size argument, such as:
>
> Â __attribute__((buffer_size (1, 2))) void
> Â f (char* dst, size_t dstsize);
>
> The attached patch is my initial stab at providing this feature by
> introducing three new attributes:
>
> Â * read_only (ptr-argno, size-argno)
> Â * read_only (ptr-argno, size-argno)
> Â * read_write (ptr-argno, size-argno)
>
> As requested, the attributes associate a pointer parameter to
> a function with a size parameter. In addition, they also specify
> how the function accesses the object the pointer points to: either
> it only reads from it, or it only writes to it, or it does both.
>
> Besides enabling the same buffer overflow detection as for built-in
> string functions they also let GCC issue -Wuninitialized warnings
> for uninitialized objects passed to read-only functions by reference,
> and -Wunused-but-set warnings for objects passed to write-only
> functions that are otherwise unused (PR 80806). The -Wununitialized
> part is done. The -Wunused-but-set detection is implemented only in
> the C FE and not yet in C++.
>
> Besides the diagnostic improvements above the attributes also open
> up optimization opportunities such as DCE. I'm still working on this
> and so it's not yet part of the initial patch.
>
> I plan to finish the patch for GCC 10 but I don't expect to have
> the time to start taking advantage of the attributes for optimization
> until GCC 11.
>
> Besides regression testing on x86_64-linux, I also tested the patch
> by compiling Binutils/GDB, Glibc, and the Linux kernel with it. It
> found no new problems but caused a handful of -Wunused-but-set-variable
> false positives due to an outstanding bug in the C front-end introduced
> by the patch that I still need to fix.
>
> Martin
More information about the Gcc-patches
mailing list