Re: Emacs port to gcc -fcheck-pointer-bounds

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs port to gcc -fcheck-pointer-bounds

From:	Paul Eggert
Subject:	Re: Emacs port to gcc -fcheck-pointer-bounds
Date:	Sat, 9 Dec 2017 23:10:43 -0800
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0

On 12/09/2017 12:33 AM, Eli Zaretskii wrote:

can you say a few words
about the idea of your implementation of the support for
"-fcheck-pointer-bounds"?



Sure. Three basic points.

1. The Emacs C code should store pointer values only in objects declared to beof type pointer. Otherwise, every time Emacs converted an integer to a pointer,machine code generated by -fcheck-pointer-bounds would disable bounds checkingfor that pointer (which would defeat the point of bounds checking).

This is what the first patch does. I like this patch anyway, since it cleans upthe Emacs internals a bit and it doesn't significantly affect performance in thetypical case where -fcheck-pointer-bounds is not used.

This first patch does not mean Emacs can't cast integers to pointers; that's OK.Emacs just can't cast pointers to integers and back again and then dereferencethe result and expect pointer-bounds checking to catch errors there.

2. With the 1st patch installed, building with -fcheck-pointer-bounds makesEmacs crash due to some false alarms. A typical example is that Emacs takes twoindividually valid but unrelated pointers P and Q, computes Q-P, and then laterdereferences by computing P[Q - P], which crashes because Q-P falls outside P'sbounds. The 2nd patch inserts the minimal changes to Emacs to avoid thesecrashes, by widening P's bounds in such cases.

3. The downside of the 2nd patch is that pointer bounds are often made too wide,so bounds checking won't catch some errors that it could easily catch. To fixsome of this, the 3rd patch tightens pointer bounds when that is easy. Thispatch does not attempt to tighten bounds in all cases, as that would involve toomany changes to the code and would make bounds-checking even slower than it is.It merely tightens bounds in a few strategic places, mostly in allocators, sothat bounds errors are likely to be caught. It's a cost/benefit guesswork whereI've tried to minimize development and runtime cost while maximizingerror-catching benefit.

[Prev in Thread]

Current Thread

[Next in Thread]

Emacs port to gcc -fcheck-pointer-bounds, Paul Eggert, 2017/12/07
- Re: Emacs port to gcc -fcheck-pointer-bounds, Eli Zaretskii, 2017/12/08
  - Re: Emacs port to gcc -fcheck-pointer-bounds, Paul Eggert, 2017/12/08
    - Re: Emacs port to gcc -fcheck-pointer-bounds, Eli Zaretskii, 2017/12/09
    - Re: Emacs port to gcc -fcheck-pointer-bounds, Paul Eggert <=
    - Re: Emacs port to gcc -fcheck-pointer-bounds, Eli Zaretskii, 2017/12/10
    - Re: Emacs port to gcc -fcheck-pointer-bounds, Paul Eggert, 2017/12/11
    - Re: Emacs port to gcc -fcheck-pointer-bounds, Eli Zaretskii, 2017/12/11
    - Re: Emacs port to gcc -fcheck-pointer-bounds, Paul Eggert, 2017/12/12
    - Re: Emacs port to gcc -fcheck-pointer-bounds, Eli Zaretskii, 2017/12/13
    - Re: Emacs port to gcc -fcheck-pointer-bounds, Paul Eggert, 2017/12/13
    - Re: Emacs port to gcc -fcheck-pointer-bounds, Stefan Monnier, 2017/12/13
    - Re: Emacs port to gcc -fcheck-pointer-bounds, Paul Eggert, 2017/12/13
    - Re: Emacs port to gcc -fcheck-pointer-bounds, Paul Eggert, 2017/12/17
- Re: Emacs port to gcc -fcheck-pointer-bounds, Pip Cet, 2017/12/08

Prev by Date: Re: JSON/YAML/TOML/etc. parsing performance
Next by Date: Re: master 01db800: Merge from origin/emacs-26
Previous by thread: Re: Emacs port to gcc -fcheck-pointer-bounds
Next by thread: Re: Emacs port to gcc -fcheck-pointer-bounds
Index(es):
- Date
- Thread