emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs port to gcc -fcheck-pointer-bounds


From: Paul Eggert
Subject: Re: Emacs port to gcc -fcheck-pointer-bounds
Date: Wed, 13 Dec 2017 11:39:53 -0800
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0

On 12/13/2017 11:17 AM, Stefan Monnier wrote:
The fake pointer catches (at compile-time) common faults like the one the attached patch fixes, where an int was passed where a Lisp_Object was expected. These are the most important faults that --enable-check-lisp-object-type catches.
... it doesn't catch things like `x + n` since adding a constant to a pointer is also a valid operation

Actually it catches even (x + n), because Lisp_Object is 'union Lisp_X *', and the union type is deliberately incomplete so the C compiler does not know its size and cannot multiply n by sizeof (union Lisp_X). The C Standard requires a diagnostic for (x + n) and practice compilers invariably issue at least a warning.

There are some things it doesn't catch. Most of these (e.g., 'Lisp_Object x = 0;', or 'Lisp Object x = FOO, y = BAR; return x == y;') are harmless annoyances. The only worrisome thing not caught is converting between void * and Lisp_Object, e.g., 'Lisp_Object z = malloc (n);'. However, to my mind it's overkill to --enable-check-lisp-object-type by default just to catch this, as void * is dangerous with every C pointer type and there's little extra harm to making it dangerous with Lisp_Object too.

Maybe we can turn it into a no-op.

Yes, that's my thought too.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]