[cfe-dev] [LLVMdev] ubsan - active member check for unions

Yury Gribov y.gribov at samsung.com
Tue Dec 16 02:43:13 PST 2014


On 12/15/2014 10:24 PM, Ismail Pazarbasi wrote:
>      s.d = 42.0;
>      if (s.l > 100) // fire here

Note that code like this is frequently used to convert integers to 
floats so you'll get tons of false positives.  Emitting error for 
accessing differently sized elements of enum may work (but should 
already be handled by MSan?).

> I have a few questions regarding the overall design:
> 1. Do you think this is a useful check?

That's actually an interesting questions. It could be useful for tagged 
unions although I believe programmers usually surround them with 
checking asserts anyway.

> 2. Where can I store type and field info about the union; some form of
> a shadow memory or a simple array/map?

Without shadow it may be unacceptably slow in union-intensive 
applications. But with shadow, it'll greatly complicate UBSan.

> 3. Should sanitizer abort immediately or continue upon detection?

AFAIK normally UBSan checks continue after error (but there's a flag to 
alter this).

> 4. When/how can I remove entries from ubsan shadow memory when union's
> lifetime ends; perhaps in a module pass or at the end of each
> function?

Take a look at how ASan does this (it's not easy).

-Y




More information about the cfe-dev mailing list