On Tue, Nov 12, 2013 at 07:08:22PM +0100, Marc Glisse wrote:
> On Tue, 12 Nov 2013, Jeff Law wrote:
>
> >On 11/12/13 10:14, Marc Glisse wrote:
> >>You didn't like Jakub's comment about __builtin_unreachable?
> >No, it's certainly not appropriate for this optimization. The
> >problem with using builtin_unreachable is if you do reach that
> >point, you fall into an unrelated blob of code in the executable.
> >That is a huge security issue.
>
> I guess this will end up as a flag and the debate will only be about
> the default value of the flag?
>
> (-fsanitize=Idontrememberwhat would already be such a flag ;-) but
> you may prefer a more specific one)
Incidentally, I'll post a patch that implements -fsanitize=null
in a bit. Well, I yet have to write ChangeLogs, so don't hold your
breath ;).
-fsanitize=null will call an ubsan builtin if the control flow reaches
the point where we're loading from/storing to a NULL pointer. The maybe
bad thing is that these builtins are not noreturn, so after issuing
an error message, we happily dereference the NULL pointer (I did it
this way because it's what clang does). Changing these builtins to be
noreturn is possible, though not as easy as it seems.
Marek
