[cfe-dev] [RFC] Extending and improving Clang's undefined behavior checking

[Sean McBride]

On Wed, 22 Aug 2012 11:36:10 -0700, Chris Lattner said:

>> Do you have any opinions on my "undefined behavior levels" idea?  In
>most cases, I don't think users want to fiddle around with a whole bunch
>of options for a whole bunch of checks that they don't understand; I
>think a dial that trades off run-time performance for more strict
>checking (in the same way that -O is a dial that trades off compile-time
>for faster code) is easier to use.
>
>I agree with you that only experts (or compiler hackers :) should be
>expected to twiddle detailed options.  I think that there are a few
>really important levels that we should focus on in order of priority:
>
>1. The "on by default" configuration.  Checks that are cheap enough and
>important enough to be included even in production builds, like certain
>cases of stack canaries and "fortify source" are now.
>
>2. The default -fcatch-undefined-behavior configuration.  This should be
>an obvious blend of checks that doesn't cause a tortuous performance hit
>(I think valgrind's 20x hit would be too much, but maybe 2-4x would be
>ok) but that find a lot of bugs that people care about.  We probably
>don't want to include checks for implementation-defined behavior in
>this, because that is likely to find a lot of bugs that "people don't
>care about".

I have followed this discussion with great interest.

In the "find a lot of bugs that 'people don't care about'" category, might I suggest that floating point divide by zero be something that can be toggled on/off.  See also:

<http://llvm.org/bugs/show_bug.cgi?id=11854>

Cheers,

-- 
____________________________________________________________
Sean McBride, B. Eng                 sean at rogue-research.com
Rogue Research                        www.rogue-research.com 
Mac Software Developer              Montréal, Québec, Canada