<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 23, 2015 at 7:08 AM, Riyad Parvez <span dir="ltr"><<a href="mailto:riyad.parvez@uwaterloo.ca" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=riyad.parvez@uwaterloo.ca&cc=&bcc=&su=&body=','_blank');return false;">riyad.parvez@uwaterloo.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Thanks for the reply.<div><br></div><div>I am developing a fuzzer and interested to find overflows. </div></div></blockquote><div><br></div><div>So am I :) </div><div><a href="http://llvm.org/docs/LibFuzzer.html">llvm.org/docs/LibFuzzer.html</a><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div>Is there any way to detect when errors are detected? To explain more, I have instrumented the binary to see which functions are called in run-time. What are the functions that are called when overflow is detected? When these functions are called I will know overflow is detected.</div><div><br></div><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Thu, Oct 22, 2015 at 8:08 PM, Kostya Serebryany <span dir="ltr"><<a href="mailto:kcc@google.com" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=kcc@google.com&cc=&bcc=&su=&body=','_blank');return false;">kcc@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span>On Thu, Oct 22, 2015 at 11:52 AM, Riyad Parvez via cfe-dev <span dir="ltr"><<a href="mailto:cfe-dev@lists.llvm.org" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=cfe-dev@lists.llvm.org&cc=&bcc=&su=&body=','_blank');return false;">cfe-dev@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Hi All,<div><br></div><div>With "-fsanitize=integer" flag, when an overflow is detected the program is terminated with zero exit code.</div></div></blockquote><div><br></div></span><div>You can change this behavior by using env. var.</div><div>UBSAN_OPTIONS=halt_on_error=1<br></div><div><br></div></div></div></div></blockquote><div><br></div></span><div>I've tried this; didn't work.</div></div></div></div></blockquote><div><br></div><div>What exactly do you run? </div><div><br></div><div>Here is what works for me: </div><div><br></div><div><div>% cat int-overflow.c </div><div>#include <stdio.h></div><div>int x;</div><div>int main(int argc, char **argv) {</div><div> x += 1 << 30;</div><div> x += 1 << 30;</div><div> printf("%d\n", x);</div><div> return 0;</div><div>}</div></div><div><br></div><div><br></div><div><div>% clang -fsanitize=signed-integer-overflow int-overflow.c && ./a.out ; echo EXIT STATUS: $?</div><div>int-overflow.c:5:5: runtime error: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int'</div><div>-2147483648</div><div>EXIT STATUS: 0</div><div>% clang -fsanitize=signed-integer-overflow int-overflow.c && UBSAN_OPTIONS=halt_on_error=1 ./a.out ; echo EXIT STATUS: $?</div><div>int-overflow.c:5:5: runtime error: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int'</div><div>EXIT STATUS: 1</div><div>% </div></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span class=""><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div></div><div>(Not sure if this is properly documented anywhere. Alexey? )</div><span><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div> But with "-fsanitize=address" flag, the program terminates with non-zero exit code. I think the address sanitizer behavior of non-zero exit code is more intuitive since the program did exit in error. Is there any reason integer overflow sanitizer exits the program with zero exit code?</div></div></blockquote><div><br></div></span><div>One of the reasons, maybe:</div><div>Programs are more often ubsan-unclean than asan-unclean, and halting on every ubsan message makes it harder to deploy the tool. </div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div><br></div><div>Thanks,</div><div>Riyad</div></div>
<br>_______________________________________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@lists.llvm.org" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=cfe-dev@lists.llvm.org&cc=&bcc=&su=&body=','_blank');return false;">cfe-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br>
<br></blockquote></div><br></div></div>
</blockquote></span></div><br></div></div>
</blockquote></div><br></div></div>