[clang] [Clang] Add wraps attribute (for granular integer overflow handling) (PR #86618)
Justin Stitt via cfe-commits
cfe-commits at lists.llvm.org
Thu Apr 25 17:15:08 PDT 2024
JustinStitt wrote:
@efriedma-quic:
> Attributes mostly do modify the type. The few that don't, like "aligned" and "may_alias", are a constant source of problems because they get accidentally stripped off. (I don't have any personal experience with "noderef".)
So do you believe the current approach is a no-go? I am happy to do whatever it takes to get this feature over the line but hear me out:
Any way of implementing this feature is subject to corner cases and can be broken -- like a lot of stuff in C. For its specific use case, this attribute provides immense power and clarity to existing code bases; the Linux Kernel would benefit massively as we could then enable multiple arithmetic sanitizers. With my custom wraps-enabled compiler and a syzkaller instance I've already located [dozens of potential bugs](https://gist.github.com/JustinStitt/51f988421522d9ab7d5dbf1c2025e7a0) that could be fixed with this attribute! (and ~hundreds of others with the `unsigned-integer-overflow` and `implicit-integer-truncation` sanitizers -- which I have yet to fuzz with).
The tests made by @kees (mostly kernel-tailored) and the tests I've checked in with this PR all pass without regression to existing integer sanitizer uses.
I'd love to hear more folk's opinions, too. With more feedback, we can make this feature and its documentation/testing as solid as possible.
https://github.com/llvm/llvm-project/pull/86618
More information about the cfe-commits
mailing list