<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - The implicit-integer-sign-change is pointless for symbolic constants"
href="https://bugs.llvm.org/show_bug.cgi?id=46025">46025</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>The implicit-integer-sign-change is pointless for symbolic constants
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>10.0
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>C
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedclangbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>bruno@clisp.org
</td>
</tr>
<tr>
<th>CC</th>
<td>blitzrakete@gmail.com, dgregor@apple.com, erik.pilkington@gmail.com, llvm-bugs@lists.llvm.org, richard-llvm@metafoo.co.uk
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=23512" name="attach_23512" title="Test case">attachment 23512</a> <a href="attachment.cgi?id=23512&action=edit" title="Test case">[details]</a></span>
Test case
The -fsanitize=implicit-integer-sign-change checks can be useful in general.
But when involving symbolic constants defined by a library's header file, as I
user I don't control whether they evaluate to 'int' or 'unsigned int'.
Here's a test case:
============================ foo.c ============================
#include <signal.h>
int
main ()
{
struct sigaction act;
act.sa_flags = /* SA_NODEFER | SA_ONSTACK | */ SA_RESETHAND;
return 0;
}
===============================================================
$ clang -Wall foo.c -E | grep sa_flags
int sa_flags;
act.sa_flags = 0x80000000;
$ clang -Wall foo.c -fsanitize=implicit-integer-sign-change
$ ./a.out
foo.c:7:50: runtime error: implicit conversion from type 'unsigned int' of
value 2147483648 (32-bit, unsigned) to type 'int' changed the value to
-2147483648 (32-bit, signed)
So, glibc defines the 'sa_flags' field as being of type 'int' (like POSIX
mandates, see
<a href="https://pubs.opengroup.org/onlinepubs/9699919799/functions/sigaction.html">https://pubs.opengroup.org/onlinepubs/9699919799/functions/sigaction.html</a>).
glibc also defines SA_RESETHAND as 0x80000000. Per ISO C, this constant is of
type 'unsigned int'. The sanitizer then complains about an implicit conversion
from 'unsigned int' to 'int'.
This is not useful, as the programmer did not make a mistake here.
As a programmer, I do not want to add an explicit cast:
act.sa_flags = (int)(/* SA_NODEFER | SA_ONSTACK | */ SA_RESETHAND);
because generally, such explicit casts introduce bugs when the standards change
or some platform is not 100% standards compliant.
The library authors also surely don't want to write
#define SA_RESETHAND (~0x7fffffff)
because 1) the value is meant to be a single bit, and writing it this way would
obfuscate this bit (mask) aspect, 2) there are hundreds of such bit masks
defined in the libc headers (think of all possible ioctl values).
The library authors also surely don't want to write
#define SA_RESETHAND (int)0x80000000
either, because then SA_RESETHAND would not be usable in a preprocessor
expression (e.g., squid/src/tools.cc has "#if SA_RESETHAND == 0 &&
!_SQUID_WINDOWS_").
So, if clang does not change the implicit-integer-sign-change sanitizer, I can
only recommend to everyone to not use this particular sanitizer.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>