[cfe-dev] Summer of Code idea -- detecting undefined behavior (fwd)

Chris Hacking chacking at cs.washington.edu
Thu Mar 25 00:49:13 PDT 2010 

Ah, my bad - I have static analysis on the brain and didn't realize you were talking about runtime checks. Those are certainly very handy. It would be interesting to know what the difference in binary size and runtime performance is with those checks.

The hybrid approach (dynamic checks when your static analysis can't tell for sure) would be great, but I'm not sure how one would put that together. Adding the ability to include runtime checks is probably a more important initial step.

-----Original Message-----
From: Ahmed Charles [mailto:ahmedcharles at gmail.com] 
Sent: Wednesday, March 24, 2010 3:07 PM
To: Chris Hacking
Cc: cfe-dev at cs.uiuc.edu
Subject: Re: [cfe-dev] Summer of Code idea -- detecting undefined behavior (fwd)

On Tue, Mar 23, 2010 at 10:20 PM, Chris Hacking <chacking at cs.washington.edu> wrote:
> I suspect some of these tests might incur a significant performance 
> penalty if run as part of compilation. Simple and easy tests are good, 
> but anything that is too expensive might make more sense to move into 
> the Clang Static Analyzer instead.
>
> That said, some work from the CSA might be usable here. For example, I 
> believe that the CSA already detects divide-by-zero. While a full 
> analysis of the source code would be overkill for the compiler to do 
> every time, adding the ability to detect divide-by-zero from literals:
>
> int a = 5; int b = 5/0;
>
> or using constant propagation:
>
> int a = 5; int b = 0; int c = a/b;
>
> would certainly be useful and probably relatively easy.
>
> Chris Hacking

Assuming the static analyzer doesn't actually produce executables (why would it, it's static), it wouldn't be useful here, since finding undefined behavior in general, is a runtime thing, like:

int i;
cin >> i;
int x = 5 / i;

static analysis can't detect this case of divide by zero. It could tell that i is runtime defined and not proven to be zero, therefore it should be tested for zero before used in the denominator of a divide.

That said, you could eliminate checks for cases where it's proven that undefined behavior could not occur, based on static analysis, which would result in the resulting program running faster.

More information about the cfe-dev mailing list