This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug sanitizer/67204] documentation for sanitizer missing/incomplete

From: "pinskia at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Thu, 13 Aug 2015 10:29:21 +0000
Subject: [Bug sanitizer/67204] documentation for sanitizer missing/incomplete
Auto-submitted: auto-generated
References: <bug-67204-4 at http dot gcc dot gnu dot org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67204

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Just for reference this is the documentation that is included in GCC (minus the
formating):
-fsanitize=address
Enable AddressSanitizer, a fast memory error detector. Memory access
instructions are instrumented to detect out-of-bounds and use-after-free bugs.
See http://code.google.com/p/address-sanitizer/ for more details. The run-time
behavior can be influenced using the ASAN_OPTIONS environment variable; see
https://code.google.com/p/address-sanitizer/wiki/Flags#Run-time_flags for a
list of supported options. 
-fsanitize=kernel-address
Enable AddressSanitizer for Linux kernel. See
http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel for
more details. 
-fsanitize=thread
Enable ThreadSanitizer, a fast data race detector. Memory access instructions
are instrumented to detect data race bugs. See
http://code.google.com/p/thread-sanitizer/ for more details. The run-time
behavior can be influenced using the TSAN_OPTIONS environment variable; see
https://code.google.com/p/thread-sanitizer/wiki/Flags for a list of supported
options. 
-fsanitize=leak
Enable LeakSanitizer, a memory leak detector. This option only matters for
linking of executables and if neither -fsanitize=address nor -fsanitize=thread
is used. In that case the executable is linked against a library that overrides
malloc and other allocator functions. See
https://code.google.com/p/address-sanitizer/wiki/LeakSanitizer for more
details. The run-time behavior can be influenced using the LSAN_OPTIONS
environment variable. 
-fsanitize=undefined
Enable UndefinedBehaviorSanitizer, a fast undefined behavior detector. Various
computations are instrumented to detect undefined behavior at runtime. Current
suboptions are:
-fsanitize=shift
This option enables checking that the result of a shift operation is not
undefined. Note that what exactly is considered undefined differs slightly
between C and C++, as well as between ISO C90 and C99, etc. 
-fsanitize=integer-divide-by-zero
Detect integer division by zero as well as INT_MIN / -1 division. 
-fsanitize=unreachable
With this option, the compiler turns the __builtin_unreachable call into a
diagnostics message call instead. When reaching the __builtin_unreachable call,
the behavior is undefined. 
-fsanitize=vla-bound
This option instructs the compiler to check that the size of a variable length
array is positive. 
-fsanitize=null
This option enables pointer checking. Particularly, the application built with
this option turned on will issue an error message when it tries to dereference
a NULL pointer, or if a reference (possibly an rvalue reference) is bound to a
NULL pointer, or if a method is invoked on an object pointed by a NULL pointer. 
-fsanitize=return
This option enables return statement checking. Programs built with this option
turned on will issue an error message when the end of a non-void function is
reached without actually returning a value. This option works in C++ only. 
-fsanitize=signed-integer-overflow
This option enables signed integer overflow checking. We check that the result
of +, *, and both unary and binary - does not overflow in the signed
arithmetics. Note, integer promotion rules must be taken into account. That is,
the following is not an overflow:
               signed char a = SCHAR_MAX;
               a++;

-fsanitize=bounds
This option enables instrumentation of array bounds. Various out of bounds
accesses are detected. Flexible array members, flexible array member-like
arrays, and initializers of variables with static storage are not instrumented. 
-fsanitize=bounds-strict
This option enables strict instrumentation of array bounds. Most out of bounds
accesses are detected, including flexible array members and flexible array
member-like arrays. Initializers of variables with static storage are not
instrumented. 
-fsanitize=alignment
This option enables checking of alignment of pointers when they are
dereferenced, or when a reference is bound to insufficiently aligned target, or
when a method or constructor is invoked on insufficiently aligned object. 
-fsanitize=object-size
This option enables instrumentation of memory references using the
__builtin_object_size function. Various out of bounds pointer accesses are
detected. 
-fsanitize=float-divide-by-zero
Detect floating-point division by zero. Unlike other similar options,
-fsanitize=float-divide-by-zero is not enabled by -fsanitize=undefined, since
floating-point division by zero can be a legitimate way of obtaining infinities
and NaNs. 
-fsanitize=float-cast-overflow
This option enables floating-point type to integer conversion checking. We
check that the result of the conversion does not overflow. Unlike other similar
options, -fsanitize=float-cast-overflow is not enabled by -fsanitize=undefined.
This option does not work well with FE_INVALID exceptions enabled. 
-fsanitize=nonnull-attribute
This option enables instrumentation of calls, checking whether null values are
not passed to arguments marked as requiring a non-null value by the nonnull
function attribute. 
-fsanitize=returns-nonnull-attribute
This option enables instrumentation of return statements in functions marked
with returns_nonnull function attribute, to detect returning of null values
from such functions. 
-fsanitize=bool
This option enables instrumentation of loads from bool. If a value other than
0/1 is loaded, a run-time error is issued. 
-fsanitize=enum
This option enables instrumentation of loads from an enum type. If a value
outside the range of values for the enum type is loaded, a run-time error is
issued. 
-fsanitize=vptr
This option enables instrumentation of C++ member function calls, member
accesses and some conversions between pointers to base and derived classes, to
verify the referenced object has the correct dynamic type.
While -ftrapv causes traps for signed overflows to be emitted,
-fsanitize=undefined gives a diagnostic message. This currently works only for
the C family of languages.

References:
- [Bug sanitizer/67204] New: documentation for sanitizer missing/incomplete
  - From: smagnet at yopmail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]