[cfe-dev] [PATCH] Integer Sanitizer Initial Patches

Eli Friedman eli.friedman at gmail.com
Wed Nov 7 17:26:15 PST 2012

On Wed, Nov 7, 2012 at 5:15 PM, Will Dietz <willdtz at gmail.com> wrote:
> Hi all,
> Attached are patches that add a new 'sanitizer' to clang for detecting
> and reporting integer overfllows.  Unlike the checks added by
> -fcatch-undefined-behavior, these also include non-undefined-behavior
> checks.

It's not obvious to me that it's useful to add runtime instrumentation
for unsigned overflow in particular; my instinct is that you'll get a
ton of false positives for existing codebases.  Also, there isn't any
obvious way to fix code which legitimately takes advantage of unsigned
overflow.  Do you have any data here?

> The attached clang patch adds:
> -fsanitize=unsigned-integer-overflow
> and
> -fsanitize=integer

Suspicious-behavior checkers are fundamentally not the same thing as
the existing sanitizers because the code might be correct as-is.  Does
it make sense to put them under -fsanitize?


More information about the cfe-dev mailing list