This is the mail archive of the
mailing list for the GCC project.
Re: detecting "container overflow" bugs in std::vector
- From: Konstantin Serebryany <konstantin dot s dot serebryany at gmail dot com>
- To: Jonathan Wakely <jwakely at redhat dot com>
- Cc: "libstdc++" <libstdc++ at gcc dot gnu dot org>, GCC Patches <gcc-patches at gcc dot gnu dot org>, Jakub Jelinek <jakub at redhat dot com>, Paul Pluzhnikov <ppluzhnikov at google dot com>
- Date: Tue, 3 Jun 2014 11:23:41 +0400
- Subject: Re: detecting "container overflow" bugs in std::vector
- Authentication-results: sourceware.org; auth=none
- References: <CAGQ9bdyUm0c7g=kUmTonm3myB24ESjwnwYAH3xS9FxbrBvSEyw at mail dot gmail dot com> <20140526141230 dot GT6953 at redhat dot com> <CAGQ9bdwv9kSfGirBfcQJeRwompeQtgGnKxoRzakj72MSruswmg at mail dot gmail dot com> <20140529142948 dot GE6953 at redhat dot com>
On Thu, May 29, 2014 at 6:29 PM, Jonathan Wakely <firstname.lastname@example.org> wrote:
> On 26/05/14 19:19 +0400, Konstantin Serebryany wrote:
>>> It does look useful but I'm concerned about a proliferation of
>>> container checks, we already have the libstdc++ Debug Mode
>>> and I'd
>>> like to see some of the lightweight checks from the Google branch
>>> added to trunk too.
>> Me too, but these checks are mostly orthogonal to the proposed
> Thanks for clarifying that (and to Paul).
>>> Aren't they still much cheaper than asan
>> Of course, they are much cheaper than asan. But they do not cover the case
>> that motivated the container overflow annotations (when the contents
>> of vector are accessed via
> Yes, I don't think I've ever seen that error in code I work with, but
These errors are indeed much less frequent that others.
But in our code base we've cleaned most of those popular ones and now
chasing the long tail of infrequent types of bugs.
Our current variant of libstdc++ patch (+asan) found quite a few of them.
> if Asan can be made to detect it then I'm in favour of the changes.
Thanks, I'll work on the updated libstdc++ path then.