On 08/09/15 17:00 +0200, Florian Weimer wrote:
On 09/07/2015 09:59 PM, Jonathan Wakely wrote:
On 07/09/15 21:31 +0200, Florian Weimer wrote:
* Jonathan Wakely:
This patch adds the "debug mode lite" we've been talking about, by
changing __glibcxx_assert to be activated by _GLIBCXX_ASSERTIONS
instead of _GLIBCXX_DEBUG (and making the latter imply the former).
Interesting. Is this mode ABI-compatible with the default mode?
Yes, that's the main reason I want to make this change.
Good. Past discussions of similar proposals indicated that these
#ifdefs are still ODR violations.
Well technically even using assert() in an inline function or template
is an ODR violation unless every file including the function uses the
same value of NDEBUG.
I tend to ignore that technicality :-)
Should _FORTIFY_SOURCE imply _GLIBCXX_ASSERTIONS?
Yes, I think it should.
You can read my notes on these "debug mode lite" checks at
https://gcc.gnu.org/wiki/LibstdcxxDebugMode (including "This should be
discussed with Glibc and security teams" and I specifically had you in
mind when I wrote that :-)
I doubt we can achieve the complexity goals in all cases. I expect that
for (int i = 0; i < 10000; ++i) {
vector[i];
}
is optimized away in default mode, but with _GLIBCXX_ASSERTIONS, it is not.
The last time I looked at this, GCC was unable to move bounds checks out
of loops.
Maybe we don't want to make _FORTIFY_SOURCE imply _GLIBCXX_ASSERTIONS
then, so they can be enabled independently. We don't have to make that
decision right away.
