<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <div class="moz-cite-prefix">Thank you a lot, Richard!</div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">01.02.2020 06:09, Richard Smith пишет:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAOfiQq=KYs=StHqrCju1RPPXurSXyvpkMj5Lfe1f-VfsFfCgvg@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">
        <div>... and in fact we also generate wrong code for this
          example with the sanitizers disabled -- we mark the reference
          parameter as dereferenceable(sizeof(A)) rather than
          dereferenceable(nvsize(A)). Oops!</div>
        <div><br>
        </div>
        <div>Fixed in master.</div>
        <br>
        <div class="gmail_quote">
          <div dir="ltr" class="gmail_attr">On Fri, 31 Jan 2020 at
            09:54, Richard Smith <<a
              href="mailto:richard@metafoo.co.uk" moz-do-not-send="true">richard@metafoo.co.uk</a>>
            wrote:<br>
          </div>
          <blockquote class="gmail_quote" style="margin:0px 0px 0px
            0.8ex;border-left:1px solid
            rgb(204,204,204);padding-left:1ex">
            <div dir="auto">
              <div>This looks like a bug to me; it looks like we're
                checking for the size of an A being available, but
                should only be checking for the nvsize since we don't
                know we have an object whose most-derived type is A.<br>
                <br>
                <div class="gmail_quote">
                  <div dir="ltr" class="gmail_attr">On Thu, 30 Jan 2020,
                    23:45 Alexey Sidorin via cfe-dev, <<a
                      href="mailto:cfe-dev@lists.llvm.org"
                      target="_blank" moz-do-not-send="true">cfe-dev@lists.llvm.org</a>>
                    wrote:<br>
                  </div>
                  <blockquote class="gmail_quote" style="margin:0px 0px
                    0px 0.8ex;border-left:1px solid
                    rgb(204,204,204);padding-left:1ex">
                    <div>
                      <p>Hello everyone,</p>
                      <p>The code example below triggers an undefined
                        behavior sanitizer warning when compiled with
                        -O1 and higher:</p>
                      <p><tt>     1  struct Aux {</tt><tt><br>
                        </tt><tt>     2    virtual ~Aux() = default;</tt><tt><br>
                        </tt><tt>     3    int i = 0;</tt><tt><br>
                        </tt><tt>     4  };</tt><tt><br>
                        </tt><tt>     5</tt><tt><br>
                        </tt><tt>     6  struct Base {</tt><tt><br>
                        </tt><tt>     7    virtual ~Base() = default;</tt><tt><br>
                        </tt><tt>     8  };</tt><tt><br>
                        </tt><tt>     9</tt><tt><br>
                        </tt><tt>    10  struct A : public virtual Base,
                          public Aux {};</tt><tt><br>
                        </tt><tt>    11</tt><tt><br>
                        </tt><tt>    12  struct B final : public virtual
                          A {};</tt><tt><br>
                        </tt><tt>    13</tt><tt><br>
                        </tt><tt>    14  void check(const A &a) {}</tt><tt><br>
                        </tt><tt>    15</tt><tt><br>
                        </tt><tt>    16  int main() {</tt><tt><br>
                        </tt><tt>    17    B b;</tt><tt><br>
                        </tt><tt>    18    check(b);</tt><tt> // UBSan
                          warns here<br>
                        </tt><tt>    19    return 0;</tt><tt><br>
                        </tt><tt>    20  }</tt><br>
                      </p>
                      <p>When compiled with -fsanitize=undefined:</p>
                      <p><tt>example.cpp:18:9: runtime error: reference
                          binding to address 0x7ffe652149c8 with
                          insufficient space for an object of type
                          'const A'</tt></p>
                      <p>When compiled with -fsanitize=object-size:</p>
                      <tt>example.cpp:12:8: runtime error: constructor
                        call on address 0x7ffc7988a2e0 with insufficient
                        space for an object of type 'A'</tt><tt><br>
                      </tt>
                      <p><tt>example.cpp:18:9: runtime error: reference
                          binding to address 0x7ffc7988a2e0 with
                          insufficient space for an object of type
                          'const A'</tt></p>
                      <p>Could someone tell if it is a sanitizer false
                        positive or does this case actually contains a
                        kind of UB? GCC doesn't give any warning for
                        this code.<br>
                      </p>
                      <p><br>
                      </p>
                    </div>
                    _______________________________________________<br>
                    cfe-dev mailing list<br>
                    <a href="mailto:cfe-dev@lists.llvm.org"
                      rel="noreferrer" target="_blank"
                      moz-do-not-send="true">cfe-dev@lists.llvm.org</a><br>
                    <a
                      href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev"
                      rel="noreferrer noreferrer" target="_blank"
                      moz-do-not-send="true">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br>
                  </blockquote>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
      </div>
    </blockquote>
    <p><br>
    </p>
  </body>
</html>