From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.devel Subject: Re: Emacs port to gcc -fcheck-pointer-bounds Date: Sat, 9 Dec 2017 23:10:43 -0800 Organization: UCLA Computer Science Department Message-ID: References: <83indhwcx5.fsf@gnu.org> <83k1xwuwq3.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: blaine.gmane.org 1512889942 32469 195.159.176.226 (10 Dec 2017 07:12:22 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sun, 10 Dec 2017 07:12:22 +0000 (UTC) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 Cc: pipcet@gmail.com, Emacs-devel@gnu.org To: Eli Zaretskii Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Dec 10 08:12:16 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eNvmZ-00089t-3w for ged-emacs-devel@m.gmane.org; Sun, 10 Dec 2017 08:12:15 +0100 Original-Received: from localhost ([::1]:43708 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eNvmg-0000An-Ax for ged-emacs-devel@m.gmane.org; Sun, 10 Dec 2017 02:12:22 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36191) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eNvlD-00089w-OV for Emacs-devel@gnu.org; Sun, 10 Dec 2017 02:10:52 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eNvl9-0006vB-QU for Emacs-devel@gnu.org; Sun, 10 Dec 2017 02:10:51 -0500 Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:44476) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eNvl9-0006tZ-JO; Sun, 10 Dec 2017 02:10:47 -0500 Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id CF2B61613D1; Sat, 9 Dec 2017 23:10:44 -0800 (PST) Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id HDBfPp1PYkdg; Sat, 9 Dec 2017 23:10:44 -0800 (PST) Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 04B7A1613CD; Sat, 9 Dec 2017 23:10:44 -0800 (PST) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id hxivFbxbA5oY; Sat, 9 Dec 2017 23:10:43 -0800 (PST) Original-Received: from [192.168.1.9] (unknown [47.154.30.119]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id D25541607EC; Sat, 9 Dec 2017 23:10:43 -0800 (PST) In-Reply-To: <83k1xwuwq3.fsf@gnu.org> Content-Language: en-US X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-Received-From: 131.179.128.68 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:220846 Archived-At: On 12/09/2017 12:33 AM, Eli Zaretskii wrote: > can you say a few words > about the idea of your implementation of the support for > "-fcheck-pointer-bounds"? Sure. Three basic points. 1. The Emacs C code should store pointer values only in objects declared to be of type pointer. Otherwise, every time Emacs converted an integer to a pointer, machine code generated by -fcheck-pointer-bounds would disable bounds checking for that pointer (which would defeat the point of bounds checking). This is what the first patch does. I like this patch anyway, since it cleans up the Emacs internals a bit and it doesn't significantly affect performance in the typical case where -fcheck-pointer-bounds is not used. This first patch does not mean Emacs can't cast integers to pointers; that's OK. Emacs just can't cast pointers to integers and back again and then dereference the result and expect pointer-bounds checking to catch errors there. 2. With the 1st patch installed, building with -fcheck-pointer-bounds makes Emacs crash due to some false alarms. A typical example is that Emacs takes two individually valid but unrelated pointers P and Q, computes Q-P, and then later dereferences by computing P[Q - P], which crashes because Q-P falls outside P's bounds. The 2nd patch inserts the minimal changes to Emacs to avoid these crashes, by widening P's bounds in such cases. 3. The downside of the 2nd patch is that pointer bounds are often made too wide, so bounds checking won't catch some errors that it could easily catch. To fix some of this, the 3rd patch tightens pointer bounds when that is easy. This patch does not attempt to tighten bounds in all cases, as that would involve too many changes to the code and would make bounds-checking even slower than it is. It merely tightens bounds in a few strategic places, mostly in allocators, so that bounds errors are likely to be caught. It's a cost/benefit guesswork where I've tried to minimize development and runtime cost while maximizing error-catching benefit.