<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Sep 1, 2014 at 2:36 AM, Jakub Jelinek <span dir="ltr"><<a href="mailto:jakub@redhat.com" target="_blank">jakub@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Wed, Aug 27, 2014 at 11:23:54PM -0700, Alexey Samsonov wrote:<br>
> Ok, looks like I wasn't updating this thread for a while, sorry about that.<br>
> The current status is:<br>
> -fsanitize=returns-nonnull-attribute is implemented in Clang trunk<br>
> -fsanitize=nonnull-attribute is now being reviewed (<br>
> <a href="http://reviews.llvm.org/D5082" target="_blank">http://reviews.llvm.org/D5082</a>). There were delays here due to numerous<br>
> problems with __attribute__((nonnull)) implementation in Clang and<br>
> uncertainties about nonnull semantic:<br>
><br>
> __attribute__((nonnull)) void foo(int a, ...);<br>
> void call_foo() { foo(42, (void*)0); } //should we report error in this<br>
> case? Probably yes, as GCC prints compile-time warning here.<br>
<br>
</span>I'd say so, that is what the GCC documentation says for nonnull without<br>
arguments.<br>
<span class=""><br>
> Now, the question is about the __ubsan_handle_nonnull_arg parameters.<br>
> Originally you proposed, to pass SourceLocation of a call in static data<br>
> and argument index in dynamic data (to be able to merge locations).<br>
> However, I think the error reports can benefit if we:<br>
> 1) pinpoint the location of a specific argument that incorrectly evaluates<br>
> to NULL.<br>
> 2) print the location of a function declaration which contains the nonnull<br>
> attribute.<br>
<br>
</span>IMHO that is too big data size price for the limited benefit, locus of<br>
function call and argument number already uniquely identifies where the bug<br>
is. But if you feel too strongly about it, do whatever you prefer on the<br>
clang/compiler-rt side and I'll need to adjust my GCC patch anyway, at least<br>
for the new names of the -fsanitize= arguments.<br></blockquote><div><br></div><div>OK. I've submitted the patches to Clang and UBSan runtime which implement</div><div>-fsanitize=nonnull-attribute and -fsanitize=returns-nonnull-attribute (the last</div><div>commit is r217400). I've added source locations of attribute declarations to</div><div>the static data passed in UBSan handlers to print them in the error reports: it makes</div><div>sense to actually show user the declaration which forbids passing/returning null pointer.</div><div>This location is also added to returns-nonull attribute, because the attribute might be</div><div>declared far from the actual function definition with incorrect return-statement.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class="HOEnZb"><font color="#888888"><br>
Jakub<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Alexey Samsonov<br><a href="mailto:vonosmas@gmail.com" target="_blank">vonosmas@gmail.com</a></div>
</div></div>