From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-138650-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 60472 invoked by alias); 27 Apr 2017 13:57:15 -0000
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
Received: (qmail 60458 invoked by uid 89); 27 Apr 2017 13:57:14 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.7 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=Hx-spam-relays-external:!192.168.0.102!, H*RU:!192.168.0.102!
X-HELO: mail-wr0-f180.google.com
Received: from mail-wr0-f180.google.com (HELO mail-wr0-f180.google.com) (209.85.128.180) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 27 Apr 2017 13:57:13 +0000
Received: by mail-wr0-f180.google.com with SMTP id l9so17704833wre.1        for <gdb-patches@sourceware.org>; Thu, 27 Apr 2017 06:57:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20161025;        h=x-gm-message-state:subject:to:references:cc:from:message-id:date         :user-agent:mime-version:in-reply-to:content-transfer-encoding;        bh=MYc0Gxxn0COPeqRQS4icAq/W3PcE34J6scd3bNCTQVI=;        b=Wt5go8WuNZxYgnmb+J6fFOAomuJsopk7M8xHDgz9GH3TCeP0YxyjA1toVj4aJMApAr         BAMstOOhl1hdWYk6G+53PvfozFoECbSF9uVEqD8oBwhZpQgLef5E2iuKFOyBFzHz5yvr         yIh+LjKRIQKdEvtDp0sIjtyt8d51dovxr3K7D7rwzJr+hiufo+Vjy7YmvrifkzdHFL/l         pNh6rqqZbkiWbxxLHgGFKX6Wzstw52And934RrZVV5lHo1NClYOZFzPbiwNSszcaR2OC         hIJQaBA78soGqIk1ij8NBbw6Ti0aRjUBvofHVA0q3xYYAfLx2hZtdbb+Kpof7NTdqIdo         Av8g==
X-Gm-Message-State: AN3rC/4u8GjxsiQ28jlI4bAGY2NFzQ/oC/K6nkfJ5hd0UwBTU2vL0kDu	dwpBa6/4Md4i7iAHYWDH/A==
X-Received: by 10.223.136.134 with SMTP id f6mr3589807wrf.187.1493301433068;        Thu, 27 Apr 2017 06:57:13 -0700 (PDT)
Received: from [192.168.0.102] ([37.189.166.198])        by smtp.gmail.com with ESMTPSA id l29sm2992666wmi.8.2017.04.27.06.57.11        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);        Thu, 27 Apr 2017 06:57:12 -0700 (PDT)
Subject: Re: [PATCH 1/5] Poison non-POD memset & non-trivially-copyable memcpy/memmove
To: Simon Marchi <simon.marchi@polymtl.ca>
References: <1492050475-9238-1-git-send-email-palves@redhat.com> <1492050475-9238-2-git-send-email-palves@redhat.com> <b19b285127612eb7fbcd45e0ae41d499@polymtl.ca>
Cc: gdb-patches@sourceware.org
From: Pedro Alves <palves@redhat.com>
Message-ID: <c85a53eb-6250-956c-6342-af58e51995a7@redhat.com>
Date: Thu, 27 Apr 2017 13:57:00 -0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <b19b285127612eb7fbcd45e0ae41d499@polymtl.ca>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-SW-Source: 2017-04/txt/msg00734.txt.bz2

Hi Simon,

Sorry for the delay.  Finally managed to get back to this.

On 04/24/2017 02:12 AM, Simon Marchi wrote:
> On 2017-04-12 22:27, Pedro Alves wrote:
>> This patch catches invalid initialization of non-POD types with
>> memset, at compile time.
> 
> Would it be possible to do something similar but to catch uses of
> XNEW/XCNEW with types that need new?  XNEW is defined as:
> 
> #define XNEW(T) ((T *) xmalloc (sizeof (T)))
> 
> I just tried this, and it seems to work well:
> 
> #define assert_pod(T) static_assert(std::is_pod<T>::value)
> 
> #undef XNEW
> #define XNEW(T) ({ assert_pod(T); (T *) xmalloc (sizeof (T)); })
> #undef XCNEW
> #define XCNEW(T)  ({ assert_pod(T); (T *) xcalloc (1, sizeof (T)); })
> 
> assuming the compiler knows about statement expressions.

I think that that's a great idea!  I tried that locally and see that
this already catches two bad cases (btrace_function and objfile).

We don't need to use non-standard statement expressions though.
Function templates should work just as well here:

template<typename T>
T *xnew ()
{
  static_assert (std::is_pod<T>::value, "use operator new instead");
  return (T *) xmalloc (sizeof (T));
}

template<typename T>
T *xcnew ()
{
  static_assert (std::is_pod<T>::value, "use operator new instead");
  return (T *) xcalloc (1, sizeof (T));
}

#undef XNEW
#define XNEW(T) xnew<T>()
#undef XCNEW
#define XCNEW(T) xcnew<T>()

As should lambdas:

#undef XNEW
#define XNEW(T) [] () -> T *						\
  {									\
    static_assert (std::is_pod<T>::value, "use operator new instead");	\
    return (T *) xmalloc (sizeof (T));					\
  } ()

#undef XCNEW
#define XCNEW(T) [] () -> T *						\
  {									\
    static_assert (std::is_pod<T>::value, "use operator new instead");	\
    return (T *) xcalloc (1, sizeof (T));				\
  } ()

I think the template version is likely a little bit easier
to understand and debug (e.g., easy to put a breakpoint on the function
template, not so easy to put a breakpoint on a lambda).  I'd just
confirm that the template/lambda is completely optimized out on an
optimized build (e.g., compare out of "$ size gdb" before and after
patch).

Thanks,
Pedro Alves