On Tue, Nov 12, 2013 at 07:08:22PM +0100, Marc Glisse wrote: > On Tue, 12 Nov 2013, Jeff Law wrote: > > >On 11/12/13 10:14, Marc Glisse wrote: > >>You didn't like Jakub's comment about __builtin_unreachable? > >No, it's certainly not appropriate for this optimization. The > >problem with using builtin_unreachable is if you do reach that > >point, you fall into an unrelated blob of code in the executable. > >That is a huge security issue. > > I guess this will end up as a flag and the debate will only be about > the default value of the flag? > > (-fsanitize=Idontrememberwhat would already be such a flag ;-) but > you may prefer a more specific one)
Incidentally, I'll post a patch that implements -fsanitize=null in a bit. Well, I yet have to write ChangeLogs, so don't hold your breath ;). -fsanitize=null will call an ubsan builtin if the control flow reaches the point where we're loading from/storing to a NULL pointer. The maybe bad thing is that these builtins are not noreturn, so after issuing an error message, we happily dereference the NULL pointer (I did it this way because it's what clang does). Changing these builtins to be noreturn is possible, though not as easy as it seems. Marek