This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFC][Draft patch] Introduce IntegerSanitizer in GCC.


On Tue, Jul 05, 2016 at 10:31:31AM +0300, Maxim Ostapenko wrote:
> CC'ing Jakub, Marek and Kostya, sanitizer maintainers in GCC.

I'm not convinced it is a good idea, that is why we've intentionally left it
out when adding UBSan support, IMHO such an option defines substantially
different languages.

The wrapping behavior of unsigned integer arithmetics is
integral part of the language, lots of code obviously relies on it.
E.g. in unsigned arithmetics, x - y and t = -y; x + t is the same thing,
while the patch would treat that differently.  Or would it even allow
unary negation of non-zero unsigned values?  On IRC I've mentioned e.g.
loops with unsigned iterator and bounds that can iterate forward or backward
at runtime, like:
void foo (unsigned start, unsigned end, unsigned step)
{
  for (unsigned i = start; i != end; i += step)
    ...
}
would one have to rewrite this to do something like: "step_is_negative" ? i -= -step : i += step
instead?  How would code portably say that for a given arithmetics it really
does assume wrapping behavior?  Replacing x = y + z; with
(void) __builtin_add_overflow (y, z, &x);
is not sufficiently portable, trying x = (y + z) & ~(unsigned) 0;
I assume would still trigger, because the unsigned arithmetics still
"overflows".

I'm really surprised you didn't run into many more "issues" during your
tests.

	Jakub


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]