| |||||||||||||
C's notion of null _is_ the _only_ relevantC's notion of null _is_ the _only_ relevantPosted Jul 21, 2009 6:22 UTC (Tue) by alankila (subscriber, #47141)In reply to: C's notion of null _is_ the _only_ relevant by xoddam Parent article: Linux 2.6.30 exploit posted
You may be underestimating how easy it is to generate dead code. Functions which are called with statically allocated objects passed via pointers will never get a NULL and thus any if (foo == NULL) check is unnecessary. A good compiler doesn't generate object code that spends time testing conditions that can't be true, so it is reasonable that it eliminates this test. Neither can it produce a warning without driving everyone crazy, because I stipulate that this is a very common situation in defensively written code.
(Log in to post comments)
C's notion of null _is_ the _only_ relevant Posted Jul 21, 2009 7:09 UTC (Tue) by xoddam (subscriber, #2322) [Link]
Determining that code is dead is easy (and I heartily approve it) if the actual values can be computed at compile time. For the particular case you mention (all callers pass pointers which are known not to be null), you would probably need whole-program optimisation to determine it.
However, knowing that the program has already attempted to dereference a pointer is not quite the same as statically determining that the pointer is definitely non-NULL.
I submit that removing such a test when some possible sources of the value are not visible to the compiler is an excessive optimisation and warrants a warning.
People write defensive code for a reason.
|
|||||||||||||