<div dir="ltr">Mahesh,<div><br></div><div>First, to clarify: the term "sanitizer" refers to a set of dynamic techniques for finding bugs and it does not intersect at all with these statically-detected compiler warnings. The AddressSanitizer would detect out-of-bounds issues like these at runtime and in my experience false negatives and false positives are very rare. Though since the access of b[11] is actually in-bounds, it would not trigger. This behavior is likely by design and not considered a bug.</div><div><br></div><div>So, regarding the warnings: </div><div><br></div><div>If you had declared the parameter with "static" qualifying the size, *and* you had passed an array smaller than the size indicated, that would result in another warning from the caller. Note that this is a C99 feature that is not present in C++.</div><div><br></div><div>Here's a demo showing the resulting warnings from clang when using that feature: <a href="https://godbolt.org/g/48NnME">https://godbolt.org/g/48NnME</a><br></div><div><br></div><div>Absent the "static" qualifier for the size, there's no real restriction from the language regarding the access of b[11] in the thisShallError() func beyond it failing to meet an implicit API.</div><div><br></div><div><br></div><div class="gmail_extra"><div class="gmail_quote">On Sat, Nov 4, 2017 at 2:01 PM, Mahesh Attarde via llvm-dev <span dir="ltr"><<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div>Hello fellas,<br></div> Recently i was working on bug, which is simplified as follow.<br><br></div><div><br></div><div>==============================<wbr>==============================<wbr>==============================<wbr>=========================<br></div>Code:<br><div><div style="color:rgb(0,0,0);background-color:rgb(255,255,254);font-family:"Fira Mono";font-weight:normal;font-size:14px;line-height:19px;white-space:pre-wrap"><div><span style="color:rgb(0,0,255)">#include</span><span style="color:rgb(0,0,0)"><iostream></span></div><br><div><span style="color:rgb(0,0,255)">int</span><span style="color:rgb(0,0,0)"> thisShallError(</span><span style="color:rgb(0,0,255)">int</span><span style="color:rgb(0,0,0)"> b[</span><span style="color:rgb(9,136,90)">10</span><span style="color:rgb(0,0,0)">]){</span></div><div><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(0,0,255)">int</span><span style="color:rgb(0,0,0)"> gaurdTop = </span><span style="color:rgb(48,48,192)">0xF0F0</span><span style="color:rgb(0,0,0)">;</span></div><div><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(0,0,255)">int</span><span style="color:rgb(0,0,0)"> c[</span><span style="color:rgb(9,136,90)">16</span><span style="color:rgb(0,0,0)">] = {</span><span style="color:rgb(9,136,90)">0</span><span style="color:rgb(0,0,0)">};</span></div><div><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(0,0,255)">int</span><span style="color:rgb(0,0,0)"> gaurdDown[</span><span style="color:rgb(9,136,90)">16</span><span style="color:rgb(0,0,0)">];</span></div><div><span style="color:rgb(0,0,0)"> gaurdDown[</span><span style="color:rgb(9,136,90)">0</span><span style="color:rgb(0,0,0)">] = </span><span style="color:rgb(48,48,192)">0x0F0F</span><span style="color:rgb(0,0,0)">;</span></div><div><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(0,0,255)">return</span><span style="color:rgb(0,0,0)"> c[</span><span style="color:rgb(9,136,90)">16</span><span style="color:rgb(0,0,0)">] | b[</span><span style="color:rgb(9,136,90)">11</span><span style="color:rgb(0,0,0)">];</span></div><div><span style="color:rgb(0,0,0)">}</span></div><br><div><span style="color:rgb(0,0,255)">int</span><span style="color:rgb(0,0,0)"> main(){</span></div><div><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(0,0,255)">int</span><span style="color:rgb(0,0,0)"> mb[</span><span style="color:rgb(9,136,90)">32</span><span style="color:rgb(0,0,0)">]={</span><span style="color:rgb(9,136,90)">0</span><span style="color:rgb(0,0,0)">};</span></div><div><span style="color:rgb(0,0,0)"> mb[</span><span style="color:rgb(9,136,90)">11</span><span style="color:rgb(0,0,0)">] = </span><span style="color:rgb(48,48,192)">0xF0F0</span><span style="color:rgb(0,0,0)">;</span></div><div><span style="color:rgb(0,0,0)"> std::cout<<std::hex << thisShallError(mb);</span></div><div><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(0,0,255)">return</span><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(9,136,90)">0</span><span style="color:rgb(0,0,0)">;</span></div><div><span style="color:rgb(0,0,0)">}</span></div></div><div style="color:rgb(0,0,0);background-color:rgb(255,255,254);font-family:"Fira Mono";font-weight:normal;font-size:14px;line-height:19px;white-space:pre-wrap"><br></div><div style="color:rgb(0,0,0);background-color:rgb(255,255,254);font-family:"Fira Mono";font-weight:normal;font-size:14px;line-height:19px;white-space:pre-wrap"><br></div><div style="color:rgb(0,0,0);background-color:rgb(255,255,254);font-family:"Fira Mono";font-weight:normal;font-size:14px;line-height:19px;white-space:pre-wrap">Warning:</div><div style="color:rgb(0,0,0);background-color:rgb(255,255,254);font-family:"Fira Mono";font-weight:normal;font-size:14px;line-height:19px;white-space:pre-wrap"><div class="gmail-m_-9176340631950564677gmail-lm_items" style="width:839px;height:909px"><div class="gmail-m_-9176340631950564677gmail-lm_item_container" style="width:839px;height:909px"><div class="gmail-m_-9176340631950564677gmail-lm_content" style="width:839px;height:909px"><pre class="gmail-m_-9176340631950564677gmail-content" style="font-size:10pt"><div><a href="https://godbolt.org/#" target="_blank">4 : <source>:4:9: warning: unused variable 'gaurdTop' [-Wunused-variable]</a></div><div> int gaurdTop = 0xF0F0;</div><div> ^</div><div><a href="https://godbolt.org/#" target="_blank">8 : <source>:8:12: warning: array index 16 is past the end of the array (which contains 16 elements) [-Warray-bounds]</a></div><div> return c[16] | b[11];</div><div> ^ ~~</div><div><a href="https://godbolt.org/#" target="_blank">5 : <source>:5:5: note: array 'c' declared here</a></div><div> int c[16] = {0};</div><div> ^</div><div>2 warnings generated.</div><div>Compiler exited with result code 0</div><div><br></div></pre><div>==============================<wbr>==============================<wbr>===================</div><div><br></div><div><br></div><div>Things to note here.</div><div>1. variable b's size is know at compile time and i was expecting error just like c [third warning]</div><div>2. thisShallError accepts size of array as 10 but it is clearly declared with 32. Should we do something. [Given fact that Array will decay to pointer but sanitizer may warn, if possible]</div><div><br></div><div>I want to confirm if this is bug or not,sanitizer has no false positive rule scenario??, will happy to patch it myself :)</div><div><br></div><div>Thanks</div><span class="gmail-HOEnZb"><font color="#888888"><div>Mahesh</div><div><br></div></font></span></div></div></div></div></div></div>
<br>______________________________<wbr>_________________<br>
LLVM Developers mailing list<br>
<a href="mailto:llvm-dev@lists.llvm.org">llvm-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/llvm-dev</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">-Brian</div>
</div></div>