On Wed, Nov 10, 2021 at 12:31:26AM +0530, Siddhesh Poyarekar wrote: > - Instead of bailing out on non-constant sizes with > __builtin_object_size, it should be possible to use ranger to > get an upper and lower bound on the size expression and use that to > implement __builtin_object_size.
I'd prefer not to. One thing is that VRP heavily relies on UB not happening in the program, while __bos is typically used to catch UB in those programs. And, I'm afraid fairly often VRP would result in runtime tests for limits that aren't useful for security at all. Say VRP figures out that some integer isn't negative or doesn't have MSB set etc., suddenly we have range of [0, INT_MAX] or similar and making that imply __builtin_object_size INT_MAX rather than ~(size_t) 0 would mean we need to use __*_chk and compare at runtime, even when it is very unlikely an object would be that big... The compiler computes some range, but there is not information on how much the range actually maps to the actual range the program is using, or when it is some much larger superset of the actual range (same problem is with Martin's warnings BTW). Some unrelated inlined function can perform some comparison just in case, perhaps some jump threading is done and all of sudden there is non-VARYING range. Jakub