On Thu, Jun 17, 2021 at 09:44:27PM +0100, Jonny Grant wrote:
> On 16/06/2021 18:59, Segher Boessenkool wrote:
> > On Wed, Jun 16, 2021 at 02:01:05PM +0100, Jonny Grant wrote:
> >> I guess a separate static analyser would do it, GCC is more focused on compilation so I shouldn't ask for it to have so many features it can't support.
> >
> > -fsanitize=undefined already catches null pointer dereferences, is that
> > enough for your case?
>
> Hello
> Thank you for the suggestion, yes, I had used that before. I did just check, it's runtime checks. I had hoped for something at compile time. warning for every function that didn't check pointer for NULL before de-referencing.
That doesn't make too much sense really. Check pointer and then do
what? Your code can check for null pointers itself, of course.
Anyway, without any sanitize options, from the following code:
int f(int *p) { return *p; }
int g(void) { return f(0); }
you get on powerpc64le:
f:
lwa 3,0(3)
blr
g:
li 9,0
lfiwax 0,0,9
trap
or on aarch64:
f:
ldr w0, [x0]
ret
g:
mov x0, 0
ldr w0, [x0]
brk #1000
or on x86_64:
f:
movl (%rdi), %eax
ret
g:
movl 0, %eax
ud2
GCC knows the code after the load is not reachable, that is why it
generates a trap instruction there. I will still do the load though, so
that you get good errors and a reasonable debug experience.
Segher
