This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: array bounds, sanitizer, safe programming, and cilk array notation

From: Joseph Myers <joseph at codesourcery dot com>
To: Martin Uecker <uecker at eecs dot berkeley dot edu>
Cc: gcc Mailing List <gcc at gcc dot gnu dot org>, Jeff Law <law at redhat dot com>, Jakub Jelinek <jakub at redhat dot com>, Marek Polacek <polacek at redhat dot com>, Florian Weimer <fw at deneb dot enyo dot de>, "Balaji V. Iyer" <balaji dot v dot iyer at intel dot com>
Date: Tue, 27 Jan 2015 00:07:58 +0000
Subject: Re: array bounds, sanitizer, safe programming, and cilk array notation
Authentication-results: sourceware.org; auth=none
References: <20150126115359 dot 295659da at lemur>

On Mon, 26 Jan 2015, Martin Uecker wrote:

> extern void bar2(int (*x)[5]);

> 	int c = 4;
> 	int y[c];

> 	bar2(&y);	// not diagnosed (found by asan)

This is the undefined behavior "If the two array types are used in a 
context which requires them to be compatible, it is undefined behavior if 
the two size specifiers evaluate to unequal values." (C11 6.7.6.2#6).  
Yes, it would make sense for ubsan to detect this.  Generally, most forms 
of runtime undefined behavior listed in J.2 should have ubsan detection 
unless hard to detect / detected by some other sanitizer such as asan.

Does adding new forms of sanitization require upstream libsanitizer 
changes as well or can arbitrary ubsan checks be added without needing 
libsanitizer changes?

-- 
Joseph S. Myers
joseph@codesourcery.com

References:
- array bounds, sanitizer, safe programming, and cilk array notation
  - From: Martin Uecker

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]