<div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Mon, May 14, 2018 at 12:07 PM Friedman, Eli <<a href="mailto:efriedma@codeaurora.org">efriedma@codeaurora.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 5/12/2018 9:23 PM, Philip Reames via llvm-dev wrote:<br>
> Fair warning, the following is a devil's advocate position, but it's <br>
> also a serious question.<br>
><br>
> Given the entire point of this flag appears to be bug mitigation, why <br>
> not frame this as a sanitizer?  If we had a hypothetical <br>
> -fsanitize=dereference which tried to catch dereferenced pointers <br>
> derived from null, wouldn't that handle the case at hand?<br>
<br>
It's called "-fsanitize=null": it catches stuff like "x[3]" where x is <br>
null. It's not quite complete; we don't check for arithmetic on a null <br>
pointer.<br>
<br>
Yes, that would handle the situation in question, but putting implicit <br>
null checks all over the place is pretty expensive; I don't think most <br>
people would turn that on in production.<br>
<br>
-Eli<br></blockquote><div><br></div><div><div style="color:rgb(34,34,34);font-family:sans-serif;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">We had a similar discussion on an internal thread a while back if we can use "-fsanitize=null" where clang</div><div style="color:rgb(34,34,34);font-family:sans-serif;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">would generate ud2 instruction for null pointer dereferences. Unfortunately, this doesn't work in kernel context.</div><div style="color:rgb(34,34,34);font-family:sans-serif;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="color:rgb(34,34,34);font-family:sans-serif;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">Quoting the reply from our kernel team:</div><div style="color:rgb(34,34,34);font-family:sans-serif;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="color:rgb(34,34,34);font-family:sans-serif;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">"It will not cause a kernel panic: it's an exception trigger, and it's<br></div><div style="color:rgb(34,34,34);font-family:sans-serif;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><div>up to the exception handler to decide if it will return (WARN) or not</div><div>(BUG). In the referenced function, this is calling WARN_ON() which</div><div>will resume execution. (And note that the BUG() implementations are</div><div>specifically marked with __attribute__((noreturn)). "</div></div> </div></div></div>