This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [Patch] Fix undefined behaviors in regex
- From: Jakub Jelinek <jakub at redhat dot com>
- To: Marek Polacek <polacek at redhat dot com>
- Cc: Tim Shen <timshen91 at gmail dot com>, Paolo Carlini <paolo dot carlini at oracle dot com>, libstdc++ <libstdc++ at gcc dot gnu dot org>, gcc-patches <gcc-patches at gcc dot gnu dot org>
- Date: Thu, 17 Oct 2013 09:17:04 +0200
- Subject: Re: [Patch] Fix undefined behaviors in regex
- Authentication-results: sourceware.org; auth=none
- References: <CAPrifD=a7-RxtmyAxVJaTV9xjd9fEousVYM-DeEb=MqFPd4oTw at mail dot gmail dot com> <525F0FA5 dot 9040709 at oracle dot com> <CAPrifDnpdN_rRDSDkAy+R_kzmDunF=H7EfN30OgTJYqD=D=X6w at mail dot gmail dot com> <525F1444 dot 5080500 at oracle dot com> <CAPrifDnJzn4WAbTBW=PfGEgW6WiV+BnKF07ZHjWAd8-rji92cA at mail dot gmail dot com> <525F1652 dot 4050405 at oracle dot com> <CAPrifD=1S2nYEz5=ihNuwa2QbY-4cmQ9eA8E9dpd+jO4GRn8dg at mail dot gmail dot com> <20131017071241 dot GF10967 at redhat dot com>
- Reply-to: Jakub Jelinek <jakub at redhat dot com>
On Thu, Oct 17, 2013 at 09:12:41AM +0200, Marek Polacek wrote:
> On Wed, Oct 16, 2013 at 07:02:03PM -0400, Tim Shen wrote:
> > > To be honest, I was thinking something much smaller than the whole <regex>
> > > ;) But let's add Marek in CC.
> >
> > int work() {
> > }
> >
> > int main() {
> > int a = work();
> > return a;
> > }
> >
> > /* This is a smaller case to test the sanitizer. It seems that the
> > undefined sanitizer is not merged? I use `g++ (GCC) 4.9.0 20131003`,
> > is that too old? */
>
> No, that's not too old, the thing is -fsanitize=undefined isn't
> complete - we currently sanitize shift, division by zero, and
> __builtin_unreachable call; VLA sanitization is done, but not commited
> because I'm waiting for a review of the C++ FE part of that patch,
> and on NULL pointer checking I'm working now.
>
> Missing return statement will definitely be added, too (quite
> easy, I should think), and that would detect the bug in your
> testcase.
Though, in the above case, the question is why people ignore warnings
from the compiler and need to have special runtime instrumentation to remind
them instead. I'm not objecting to that sanitization, only find it weird.
Jakub