On Thu, 2021-07-08 at 13:06 +0200, Alejandro Colomar (man-pages) via
Gcc-help wrote:
> On 7/8/21 12:07 PM, Jonny Grant wrote:
> > Thank you for your reply.
> >
> > We can't guarantee safestrlen() won't be called with NULL. So because
> > strlen() itself doesn't check for NULL in C standard we'd need to call
> > the wrapper so that NULL can be checked for.
> >
> > I'd like to avoid the compiler removing certain execution paths.
> > I'd rather keep all code paths, even if they are not taken, just in
> > case a NULL pointer creeps in due to an external device that is
> > connected to an embedded system.
If you are taking a pointer from external device "correctly", gcc won't
delete your NULL checking path. For example:
// defined by linker script
extern volatile char *an_io_port_providing_a_pointer;
int f()
{
char *ptr = an_io_port_providing_a_pointer;
// C standard disallows to remove it
if (ptr == NULL) {
gracefully_report_bug("some message");
return -EINVAL;
}
return g(ptr);
}
Or
// in assembly
extern char *read_pointer_from_io_port(int io_port_id);
int f()
{
char *ptr = read_pointer_from_io_port(IO_PORT_A);
// C standard disallows to remove it
if (ptr == NULL) {
gracefully_report_bug("some message");
return -EINVAL;
}
return g(ptr);
}
OTOH, if you are taking the pointer from external input incorrectly (i.
e. violating C standard and invoking some UB), even if you used some way
to enforce the compiler to keep the NULL checking, it would be still
unsafe.
Even if you want to be "careful" (I'd rather call this "paranoid"), you
can use -fno-delete-null-pointer-checks, instead of turning off all
optimizations.
And, GCC "optimize" attribute/pragma is somewhat buggy and only intended
for debugging GCC. If you need to turn off some optmization for a
function, it's better to put the function into a seperate TU and use
command line option to disable the optimization.
By the way, if C can't provide the safety feature you need (for example
programming something launching a nuclear missile :), maybe it's better
to use Ada or something.
--
Xi Ruoyao <xry111@xxxxxxxxxxxxxxxx>
School of Aerospace Science and Technology, Xidian University
