Re: [PATCH 1/5] Poison non-POD memset & non-trivially-copyable memcpy/memmove

Mirror of the gdb-patches mailing list
 help / color / mirror / Atom feed

From: Pedro Alves <palves@redhat.com>
To: Simon Marchi <simon.marchi@polymtl.ca>
Cc: gdb-patches@sourceware.org
Subject: Re: [PATCH 1/5] Poison non-POD memset & non-trivially-copyable memcpy/memmove
Date: Thu, 27 Apr 2017 13:57:00 -0000	[thread overview]
Message-ID: <c85a53eb-6250-956c-6342-af58e51995a7@redhat.com> (raw)
In-Reply-To: <b19b285127612eb7fbcd45e0ae41d499@polymtl.ca>

Hi Simon,

Sorry for the delay.  Finally managed to get back to this.

On 04/24/2017 02:12 AM, Simon Marchi wrote:
> On 2017-04-12 22:27, Pedro Alves wrote:
>> This patch catches invalid initialization of non-POD types with
>> memset, at compile time.
> 
> Would it be possible to do something similar but to catch uses of
> XNEW/XCNEW with types that need new?  XNEW is defined as:
> 
> #define XNEW(T) ((T *) xmalloc (sizeof (T)))
> 
> I just tried this, and it seems to work well:
> 
> #define assert_pod(T) static_assert(std::is_pod<T>::value)
> 
> #undef XNEW
> #define XNEW(T) ({ assert_pod(T); (T *) xmalloc (sizeof (T)); })
> #undef XCNEW
> #define XCNEW(T)  ({ assert_pod(T); (T *) xcalloc (1, sizeof (T)); })
> 
> assuming the compiler knows about statement expressions.

I think that that's a great idea!  I tried that locally and see that
this already catches two bad cases (btrace_function and objfile).

We don't need to use non-standard statement expressions though.
Function templates should work just as well here:

template<typename T>
T *xnew ()
{
  static_assert (std::is_pod<T>::value, "use operator new instead");
  return (T *) xmalloc (sizeof (T));
}

template<typename T>
T *xcnew ()
{
  static_assert (std::is_pod<T>::value, "use operator new instead");
  return (T *) xcalloc (1, sizeof (T));
}

#undef XNEW
#define XNEW(T) xnew<T>()
#undef XCNEW
#define XCNEW(T) xcnew<T>()

As should lambdas:

#undef XNEW
#define XNEW(T) [] () -> T *						\
  {									\
    static_assert (std::is_pod<T>::value, "use operator new instead");	\
    return (T *) xmalloc (sizeof (T));					\
  } ()

#undef XCNEW
#define XCNEW(T) [] () -> T *						\
  {									\
    static_assert (std::is_pod<T>::value, "use operator new instead");	\
    return (T *) xcalloc (1, sizeof (T));				\
  } ()

I think the template version is likely a little bit easier
to understand and debug (e.g., easy to put a breakpoint on the function
template, not so easy to put a breakpoint on a lambda).  I'd just
confirm that the template/lambda is completely optimized out on an
optimized build (e.g., compare out of "$ size gdb" before and after
patch).

Thanks,
Pedro Alves

next prev parent reply	other threads:[~2017-04-27 13:57 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-13  2:27 [PATCH 0/4] " Pedro Alves
2017-04-13  2:28 ` [PATCH 3/5] Don't memset non-POD types: struct bp_location Pedro Alves
2017-04-13  2:28 ` [PATCH 2/5] Don't memcpy non-trivially-copyable types: Make enum_flags triv. copyable Pedro Alves
2017-04-20  3:34   ` Simon Marchi
2017-04-25  1:10     ` Pedro Alves
2017-04-13  2:28 ` [PATCH 4/5] Don't memset non-POD types: struct btrace_insn Pedro Alves
2017-04-13  7:57   ` Metzger, Markus T
2017-04-25  1:11     ` Pedro Alves
2017-04-13  2:28 ` [PATCH 1/5] Poison non-POD memset & non-trivially-copyable memcpy/memmove Pedro Alves
2017-04-20  3:27   ` Simon Marchi
2017-04-25  1:14     ` Pedro Alves
2017-04-25  1:19       ` Pedro Alves
2017-04-25  8:24       ` Yao Qi
2017-04-25  9:24         ` Pedro Alves
2017-04-25 10:02           ` Pedro Alves
2017-04-24  1:12   ` Simon Marchi
2017-04-24  1:53     ` Simon Marchi
2017-04-27 13:58       ` Pedro Alves
2017-04-30  1:51         ` Simon Marchi
2017-05-17 11:35           ` Pedro Alves
2017-05-17 13:11             ` Simon Marchi
2017-05-17 13:20               ` Pedro Alves
2017-04-27 13:57     ` Pedro Alves [this message]
2017-04-13  2:35 ` [PATCH 5/5] Don't memset non-POD types: struct breakpoint Pedro Alves
2017-04-20  4:00   ` Simon Marchi
2017-04-25  1:11     ` Pedro Alves

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c85a53eb-6250-956c-6342-af58e51995a7@redhat.com \
    --to=palves@redhat.com \
    --cc=gdb-patches@sourceware.org \
    --cc=simon.marchi@polymtl.ca \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox