This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: array bounds, sanitizer, safe programming, and cilk array notation


Sorry for late reply.

On Tue, Jan 27, 2015 at 12:07:58AM +0000, Joseph Myers wrote:
> On Mon, 26 Jan 2015, Martin Uecker wrote:
> 
> > extern void bar2(int (*x)[5]);
> 
> > 	int c = 4;
> > 	int y[c];
> 
> > 	bar2(&y);	// not diagnosed (found by asan)
> 
> This is the undefined behavior "If the two array types are used in a 
> context which requires them to be compatible, it is undefined behavior if 
> the two size specifiers evaluate to unequal values." (C11 6.7.6.2#6).  
> Yes, it would make sense for ubsan to detect this.  Generally, most forms 
> of runtime undefined behavior listed in J.2 should have ubsan detection 
> unless hard to detect / detected by some other sanitizer such as asan.
 
I have created a table to that effect some time ago:
http://people.redhat.com/mpolacek/www/analyzability.html
Obviously the question marks should be replaced by a -fsanitize=
option that detects a particular UB.  Or say that a particular UB is a
compile-time error (e.g. "declaring a function at block scope with an explicit
storage-class specifier other than extern").

I don't know what to do with the UBs on the library side - those 7.* ones.

> Does adding new forms of sanitization require upstream libsanitizer 
> changes as well or can arbitrary ubsan checks be added without needing 
> libsanitizer changes?

I think we also need libubsan changes.  But it is usually just about
printing an error message along with some values - nothing terribly
complex.

	Marek


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]