Thank you Martin, Jonathan. I think I understand it now. Of cause I may have further questions in the future. By the way, is the -O2 option a must for OSC? What about other optimization levels? I did not find much details on it. Thanks! Yuchen Zhou TECHNICAL LEADER.ENGINEERING yuczhou@xxxxxxxxx Tel: +1 408 527 8200 Cisco Systems, Inc. 375 East Tasman Drive SAN JOSE 95134 United States cisco.com -----Original Message----- From: Jonathan Wakely [mailto:jwakely.gcc@xxxxxxxxx] Sent: Tuesday, February 6, 2018 1:43 PM To: Martin Sebor <msebor@xxxxxxxxx> Cc: Yuchen Zhou (yuczhou) <yuczhou@xxxxxxxxx>; gcc-help@xxxxxxxxxxx Subject: Re: GNU OSC (Object Size Checking) On 6 February 2018 at 20:19, Martin Sebor wrote: > But no runtime protection happens for libstdc++ containers, even with > _FORTIFY_SOURCE, because libstdc++ either uses the GCC built-in > functions (__builtin_memcpy) directly or "rolls" its own loops > (std::copy, etc.) that GCC transforms into calls to the non-checking > built-ins. For the former, it might be worth considering using the > checking built-ins instead. Jonathan will know best if this would > make sense and how much it might benefit. For the latter, I'm sure > there are opportunities for GCC to do better and check the bounds of > the copies either before emitting calls to these functions or > propagating their bounds. My completely unsubstantiated guess is that people might pass out-of-bounds pointers to std::string members more often than other containers. We certainly could add more checking, but I don't know if it's worth prioritizing. There are thousands of things we could do with more hands to do the work. I've opened https://gcc.gnu.org/PR84256 so it isn't forgotten.
