[cfe-dev] Unsigned Integer Wrap and -fsanitize=integer
Sean McBride
sean at rogue-research.com
Tue Jul 30 07:46:06 PDT 2013
On Tue, 30 Jul 2013 07:00:52 -0400, Jeffrey Walton said:
>I'm testing a crypto library under the sanitizers. Crypto libraries
>are notorious for doing clever (and sometimes undefined) things to
>integers.
>
>I'm catching a number of errors similar to below. Is (or should)
>unsigned wrap be an error condition? I thought it was implementation
>defined. Or is -fsanitize=integer catching signed integer overflow
>(which is undefined behavior) and incorrectly reporting it?
Unsigned wrapping is well-defined. See here:
<http://clang.llvm.org/docs/UsersManual.html#controlling-code-generation>
Notice for "-fsanitize=integer" they say "Enables checks for undefined or suspicious integer behavior." The 'suspicious' part refers to unsigned overflow, which, though well-defined, is often unexpected (though probably not in a crypto lib).
I think you want -fsanitize=undefined.
>Related: is -fsanize-integer Peng and Regehr's Integer Overflow
>Checker? I'm very interested in IOC because Intel's ICC is ruthless
>about removing code with undefined behavior.
It is.
Cheers,
--
____________________________________________________________
Sean McBride, B. Eng sean at rogue-research.com
Rogue Research www.rogue-research.com
Mac Software Developer Montréal, Québec, Canada
More information about the cfe-dev
mailing list