On 02/02/2018 04:03 PM, Bruno Haible wrote:
What do you mean by "cause problems" and "messes up bounds
checking"? As far as I understand, it will disable bounds checking on the
returned pointer and its derivatives, right?

I'm operating from memory here (my work desktop doesn't have MPX, nor do my school's servers), but as I recall GCC sometimes generated a pointer that had no bounds checking, and sometimes generated a pointer that could not be dereferenced. Both behaviors conform to ISO C.

How about this? Will this work?

Yes and no. In the sense of just getting -fcheck-pointer-bounds to work with GCC, it'll need some work and testing but is on the right path. For example, it should be safer to narrow the pointer than to set its bounds (this is assuming P currently has no bounds checking). Also, freea will need to widen its argument to dereference the alignment byte that precedes the memory block.

One other thing. An advantage of the #ifdef __CHKP__ code I suggested is that it never calculates a pointer outside the bounds of the newly-allocated block (or to just past the block). Such calculations violate the C standard, and I wouldn't be surprised if GCC or some other fancy optimizer exploits this to generate code to do the "wrong" thing with these calculations. With that in mind, I suppose in hindsight that my patch should have said "#ifdef __GNUC__" instead of "#ifdef __CHKP__".

By the way, why write "if __GNUC__ >= 5 && !defined __cplusplus && !defined __clang__" instead of "ifdef __CHKP__"? The latter is easier to read....

Reply via email to