This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] Implement -fsanitize=bounds and internal calls in FEs
- From: Marek Polacek <polacek at redhat dot com>
- To: Gerald Pfeifer <gerald at pfeifer dot com>
- Cc: Jakub Jelinek <jakub at redhat dot com>, GCC Patches <gcc-patches at gcc dot gnu dot org>, Jason Merrill <jason at redhat dot com>, "Joseph S. Myers" <joseph at codesourcery dot com>, Richard Biener <rguenther at suse dot de>, Jeff Law <law at redhat dot com>
- Date: Thu, 3 Jul 2014 12:41:46 +0200
- Subject: Re: [PATCH] Implement -fsanitize=bounds and internal calls in FEs
- Authentication-results: sourceware.org; auth=none
- References: <20140616103907 dot GD17965 at redhat dot com> <20140616112304 dot GD19001 at tucnak dot redhat dot com> <20140619145653 dot GL17965 at redhat dot com> <20140619171931 dot GR31640 at tucnak dot redhat dot com> <20140620084304 dot GN17965 at redhat dot com> <20140620085747 dot GV31640 at tucnak dot redhat dot com> <20140620093426 dot GP17965 at redhat dot com> <20140620093923 dot GW31640 at tucnak dot redhat dot com> <20140620100234 dot GA14420 at redhat dot com> <alpine dot LSU dot 2 dot 11 dot 1406281849280 dot 30120 at tuna dot site>
On Sat, Jun 28, 2014 at 06:52:00PM +0200, Gerald Pfeifer wrote:
> On Fri, 20 Jun 2014, Marek Polacek wrote:
> +@item -fsanitize=bounds
> +@opindex fsanitize=bounds
> +
> +This option enables instrumentation of array bounds. Various out of bounds
> +accesses are detected. Flexible array members are not instrumented, as well
> +as initializers of variables with static storage.
>
> Can you make this "Flexible array members and initializers..." (or
> "...as well as...")? The current wording confused me a bit at first.
>
> And I believe there should be no empty line after @opindex.
Thanks, I'll fix both with the following. Also
-fsanitize=float-divide-by-zero and -fsanitize=float-cast-overflow
descriptions were at a wrong place, so moved a little bit above.
Applying to trunk as obvious.
2014-07-03 Marek Polacek <polacek@redhat.com>
* doc/invoke.texi (-fsanitize=bounds): Tweak wording.
(-fsanitize=float-divide-by-zero): Move to the table with
-fsanitize=undefined suboptions.
(-fsanitize=float-cast-overflow): Likewise.
diff --git gcc/doc/invoke.texi gcc/doc/invoke.texi
index b1f6f4b..046ea58 100644
--- gcc/doc/invoke.texi
+++ gcc/doc/invoke.texi
@@ -5400,26 +5400,22 @@ at runtime. Current suboptions are:
@item -fsanitize=shift
@opindex fsanitize=shift
-
This option enables checking that the result of a shift operation is
not undefined. Note that what exactly is considered undefined differs
slightly between C and C++, as well as between ISO C90 and C99, etc.
@item -fsanitize=integer-divide-by-zero
@opindex fsanitize=integer-divide-by-zero
-
Detect integer division by zero as well as @code{INT_MIN / -1} division.
@item -fsanitize=unreachable
@opindex fsanitize=unreachable
-
With this option, the compiler will turn the @code{__builtin_unreachable}
call into a diagnostics message call instead. When reaching the
@code{__builtin_unreachable} call, the behavior is undefined.
@item -fsanitize=vla-bound
@opindex fsanitize=vla-bound
-
This option instructs the compiler to check that the size of a variable
length array is positive. This option does not have any effect in
@option{-std=c++1y} mode, as the standard requires the exception be thrown
@@ -5427,7 +5423,6 @@ instead.
@item -fsanitize=null
@opindex fsanitize=null
-
This option enables pointer checking. Particularly, the application
built with this option turned on will issue an error message when it
tries to dereference a NULL pointer, or if a reference (possibly an
@@ -5435,7 +5430,6 @@ rvalue reference) is bound to a NULL pointer.
@item -fsanitize=return
@opindex fsanitize=return
-
This option enables return statement checking. Programs
built with this option turned on will issue an error message
when the end of a non-void function is reached without actually
@@ -5443,7 +5437,6 @@ returning a value. This option works in C++ only.
@item -fsanitize=signed-integer-overflow
@opindex fsanitize=signed-integer-overflow
-
This option enables signed integer overflow checking. We check that
the result of @code{+}, @code{*}, and both unary and binary @code{-}
does not overflow in the signed arithmetics. Note, integer promotion
@@ -5456,20 +5449,12 @@ a++;
@item -fsanitize=bounds
@opindex fsanitize=bounds
-
This option enables instrumentation of array bounds. Various out of bounds
-accesses are detected. Flexible array members are not instrumented, as well
-as initializers of variables with static storage.
-
-@end table
-
-While @option{-ftrapv} causes traps for signed overflows to be emitted,
-@option{-fsanitize=undefined} gives a diagnostic message.
-This currently works only for the C family of languages.
+accesses are detected. Flexible array members and initializers of variables
+with static storage are not instrumented.
@item -fsanitize=float-divide-by-zero
@opindex fsanitize=float-divide-by-zero
-
Detect floating-point division by zero. Unlike other similar options,
@option{-fsanitize=float-divide-by-zero} is not enabled by
@option{-fsanitize=undefined}, since floating-point division by zero can
@@ -5477,11 +5462,16 @@ be a legitimate way of obtaining infinities and NaNs.
@item -fsanitize=float-cast-overflow
@opindex fsanitize=float-cast-overflow
-
This option enables floating-point type to integer conversion checking.
We check that the result of the conversion does not overflow.
This option does not work well with @code{FE_INVALID} exceptions enabled.
+@end table
+
+While @option{-ftrapv} causes traps for signed overflows to be emitted,
+@option{-fsanitize=undefined} gives a diagnostic message.
+This currently works only for the C family of languages.
+
@item -fsanitize-recover
@opindex fsanitize-recover
By default @option{-fsanitize=undefined} sanitization (and its suboptions
Marek