This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] pthread_cleanup_push macro generates warning when -Wclobbered is set

From: Florian Weimer <fweimer at redhat dot com>
To: Joseph Myers <joseph at codesourcery dot com>
Cc: Paul Carroll <Paul_Carroll at mentor dot com>, libc-alpha at sourceware dot org
Date: Wed, 15 Nov 2017 09:14:27 +0100
Subject: Re: [PATCH] pthread_cleanup_push macro generates warning when -Wclobbered is set
Authentication-results: sourceware.org; auth=none
References: <3255e05c-196f-be61-799d-ad64828a721a@mentorg.com> <17ece02a-c5fd-21f0-f5ca-6511e9fa768b@redhat.com> <alpine.DEB.2.20.1711142145250.16320@digraph.polyomino.org.uk> <387aa346-0440-b636-248c-69ac84b332a7@redhat.com> <alpine.DEB.2.20.1711142201520.16320@digraph.polyomino.org.uk>

On 11/14/2017 11:06 PM, Joseph Myers wrote:

On Tue, 14 Nov 2017, Florian Weimer wrote:

On 11/14/2017 10:47 PM, Joseph Myers wrote:

On Tue, 14 Nov 2017, Florian Weimer wrote:

Your test case already used an indirect call before the change with GCC 7.
I
think we should try to fix this in GCC.  GCC 4.8 used to generate a direct
call here, so this is a minor regression in the area of security
hardening.


How do you suggest the compiler could tell that longjmp is only ever
called from the same iteration of the outer loop as setjmp?


I'm not sure if I understand your question correctly.

The jump buffer does not even live as long as one iteration of the loop, so it
necessarily has to be the same iteration.


The "returns twice" information in GCC does not link the possible second
return to the lifetime of a particular object.

But the control flow in pthread_cleanup_push is such that for bothreturns, local objects of limited scope are referenced immediately, sothe compiler could infer that.

We could however take the position that C11 requires that once you callsetjmp, the lifetime of all objects begins and ends and the beginningand end of the closest enclosing scope which has an object of variablymodified type. This would preclude unrolling loops and putting declaredobjects at different addresses, for example. With this interpretation,the compiler cannot infer that the loop iteration is the same. (GCCcould perform the this transformation conservatively for any frame whichhas a call to a returns-twice function; no new attribute is needed.)

However, I still don't see how this matters here. __cancel_routine and__cancel_arg are not addressable and not written to after initialization(and that's also true for the future argument in Paul's reproducer).This means that even with the POSIX interpretation if setjmp (whereobject lifetimes do not float outwards, and the address of the jumpbuffer matters), there is no wiggle room for the implementation tochange the value of these variables.


Thanks,
Florian

Follow-Ups:
- Re: [PATCH] pthread_cleanup_push macro generates warning when -Wclobbered is set
  - From: Joseph Myers

References:
- [PATCH] pthread_cleanup_push macro generates warning when -Wclobbered is set
  - From: Paul Carroll
- Re: [PATCH] pthread_cleanup_push macro generates warning when -Wclobbered is set
  - From: Florian Weimer
- Re: [PATCH] pthread_cleanup_push macro generates warning when -Wclobbered is set
  - From: Joseph Myers
- Re: [PATCH] pthread_cleanup_push macro generates warning when -Wclobbered is set
  - From: Florian Weimer
- Re: [PATCH] pthread_cleanup_push macro generates warning when -Wclobbered is set
  - From: Joseph Myers

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]