<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - Annotate libc++ with attribute no_sanitize("unsigned-integer-overflow")"

   href="https://llvm.org/bugs/show_bug.cgi?id=25706">25706</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Annotate libc++ with attribute no_sanitize("unsigned-integer-overflow")

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libc++

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>unspecified

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>All Bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedclangbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>gonzalobg88@gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org, mclow.lists@gmail.com

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Unsigned integer overflow is defined behavior, but that doesn't make unsigned

integer arithmetic easy. 

The UndefinedBehaviorSanitizer (UBSan) has an unsigned-integer-overflow check

that has found lots of bugs in my application related to corner cases of

unsigned integer arithmetic.

There are very few libc++ functions (mostly only the hash functions) that

use/rely on unsigned integer overflow.

It would be nice if these functions could be marked with the

[[no_sanitize("unsigned-integer-overflow")]] attribute, so that UBSan doesn't

complain on them when run using the "unsigned-integer-overflow" check. The test

suit could be then upgraded to run with this check.

The advantage would be that users could run the "unsigned-integer-overflow"

check on their own programs without getting false positives from libc++.

The fast way to do this is to just run the test suite with the sanitizer check,

and mark all the functions that produce a false positive with the attribute

(with current trunk no real positives are found). 

The "fine grained" way of doing this is to define a function:

template<typename T>

using uncvref_t = std::remove_reference_t<std::remove_cv_t<T>>;

template<typename T, class =

std::enable_if_t<std::is_unsigned<uncvref_t<T>>{}>>

[[no_sanitize("unsigned-integer-overflow")]]

T wrapping_add(T&& a, T&& b) { return a + b; }

and use it when overflow semantics is intended, which helps with documentation.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>