https://gcc.gnu.org/bugzilla/show_bug.cgi?id=59850
--- Comment #26 from Tom Tromey <tromey at gcc dot gnu.org> --- (In reply to PaX Team from comment #23) > some data points based on my experience with the 'checker' gcc plugin in PaX: Hi. Thanks for your reply. I didn't easily find a git repository holding the checker plugin source. Is it available somewhere? > 1. the C address space infrastructure available since gcc 4.6 can be sort of > coerced into implementing the __user/__kernel/etc address spaces and it > works reasonably well (i'd say even better than sparse as it produces no > false positives in my experience and caught real bugs such as CVE-2014-0038). FWIW I looked into the existing C address space stuff in gcc and after some deliberation decided not to use it. It wasn't directly applicable and tricks like taking some subset of the address space values for use by the attribute would have meant difficult-to-test patches to various back ends. Your code apparently hijacks the target hook, which seems pretty clever, though I guess more suitable in a plugin than in gcc proper. > 2. __force itself presents a problem as its semantics isn't well defined and > only sparse knows how to model it. in gcc it cannot be an attribute as > attributes apply to the outermost variable/etc, e.g., you can't use them on > a pointee in a pointer context. Could you elaborate on this? I think I looked at all the sparse test cases here and I don't recall encountering any real issues (for address space I had to have a hack to deal with function return types, but this didn't seem to affect force). If you have extra tests not in sparse, that would be super.
