On 06/08/2019 09:37, Miroslav Lichvar wrote:
On Mon, Aug 05, 2019 at 09:36:47AM -0700, Andrew Lutomirski wrote:
On Mon, Aug 5, 2019 at 8:22 AM Andrew Lutomirski <luto@xxxxxxx> wrote:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91357
Depending on the resolution of that bug, I suggest that Fedora
consider dropping _GLIBCXX_ASSERTIONS from the default hardened build
options. IMO Fedora's default RPM build options should not cause
crashes on valid, if less-than-stylistically-great, code. I don't
think that package maintainers should need to update package source to
use C++ in a more polite way.
And the bug has spoken. v[v.size()] is undefined behavior. Don't do it!
Ok, but does that mean the program has to abort? Could gcc do anything
dangerous here? If we were actually trying to catch undefined behavior
(e.g. with -fsanitize=undefined), I suspect Fedora wouldn't even boot
without a crash.
Well of course the program doesn't have to abort - we have chosen to
compile in a mode where it does.
We do that because by default this is invoking the nasal daemons clause
and the compiler is allowed to do absolutely anything it feels like.
Yes at the moment you might well find that in fact the compiler does
what people "expect" and, because it's only taking a reference, it never
tries to read the memory - that can change at any time however.
For an example see what happened when gcc got cleverer about assuming
that this won't be null in a method and started making optimisations
around that and things which had "worked" suddenly started crashing as
a result. Because they had been invoking undefined behaviour all along.
Obviously there is a trade off, which is why we don't compile everything
with sanitisers, because it would make them much slower - you should
absolutely build your code with them in development though and run all
your tests like that.
Presumably in this case the performance penalty was considered small
enough that it was worth building even production code with this mode
enabled.
Tom
--
Tom Hughes (tom@xxxxxxxxxx)
http://compton.nu/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx