[cfe-commits] r167479 - in /cfe/trunk/docs: ReleaseNotes.html UsersManual.html
Richard Smith
richard-llvm at metafoo.co.uk
Tue Nov 6 11:23:14 PST 2012
Author: rsmith
Date: Tue Nov 6 13:23:14 2012
New Revision: 167479
URL: http://llvm.org/viewvc/llvm-project?rev=167479&view=rev
Log:
Updates to user's manual and release notes for -fsanitize= options.
Modified:
cfe/trunk/docs/ReleaseNotes.html
cfe/trunk/docs/UsersManual.html
Modified: cfe/trunk/docs/ReleaseNotes.html
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/docs/ReleaseNotes.html?rev=167479&r1=167478&r2=167479&view=diff
==============================================================================
--- cfe/trunk/docs/ReleaseNotes.html (original)
+++ cfe/trunk/docs/ReleaseNotes.html Tue Nov 6 13:23:14 2012
@@ -170,11 +170,14 @@
</li>
- <li>Clang's <tt>-fcatch-undefined-behavior</tt> option has grown the ability
- to check for several new types of undefined behavior.
+ <li>Clang's <tt>-fcatch-undefined-behavior</tt> option has been renamed to
+ <tt>-fsanitize=undefined</tt> and has grown the ability to check for several
+ new types of undefined behavior. See the Users Manual for more information.
<!-- Flesh this out prior to release. -->
+ <!-- Document renaming of -faddress-sanitizer and -fthread-sanitizer. -->
+
</li>
</ul>
Modified: cfe/trunk/docs/UsersManual.html
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/docs/UsersManual.html?rev=167479&r1=167478&r2=167479&view=diff
==============================================================================
--- cfe/trunk/docs/UsersManual.html (original)
+++ cfe/trunk/docs/UsersManual.html Tue Nov 6 13:23:14 2012
@@ -874,45 +874,77 @@
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<dl>
-<dt id="opt_fcatch-undefined-behavior"><b>-fcatch-undefined-behavior</b>: Turn
-on runtime code generation to check for undefined behavior.</dt>
+<dt id="opt_fsanitize"><b>-fsanitize=check1,check2</b>: Turn on runtime checks
+for various forms of undefined behavior.</dt>
+
+<dd>This option controls whether Clang adds runtime checks for various forms of
+undefined behavior, and is disabled by default. If a check fails, a diagnostic
+message is produced at runtime explaining the problem. The main checks are:
-<dd>This option, which defaults to off, controls whether or not Clang
-adds runtime checks for undefined runtime behavior. If a check fails,
-<tt>__builtin_trap()</tt> is used to indicate failure.
-The currently implemented checks include:
<ul>
-<li>Subscripting where the static type of one operand is a variable
- which is decayed from an array type and the other operand is
- greater than the size of the array or less than zero.</li>
-<li>Shift operators where the amount shifted is greater or equal to the
- promoted bit-width of the left-hand-side or less than zero.</li>
-<li>If control flow reaches __builtin_unreachable.</li>
-<li>Reads and writes for objects which are inappropriately aligned or are not
- large enough (in cases where the size can be determined).
-<li>Signed integer overflow, including all the checks added by <tt>-ftrapv</tt>
- and also checking for signed left shift overflow.</li>
-<li>Binding a reference to a storage location which is not of an appropriate
- alignment or size (in cases where the size can be determined), or binding
- a reference to an empty glvalue (a dereferenced null pointer).
-<li>Class member access or member function call where the <tt>this</tt>
- pointer is not of an appropriate alignment or size (in cases where the size
- can be determined), or where it is null.</li>
+<li id="opt_fsanitize_address"><tt>-fsanitize=address</tt>:
+ <a href="AddressSanitizer.html">AddressSanitizer</a>, a memory error
+ detector.</li>
+<li id="opt_fsanitize_thread"><tt>-fsanitize=thread</tt>:
+ <a href="ThreadSanitizer.html">ThreadSanitizer</a>, an <em>experimental</em>
+ data race detector. Not ready for widespread use.</li>
+<li id="opt_fsanitize_undefined"><tt>-fsanitize=undefined</tt>:
+ Enables all the checks listed below.</li>
</ul>
-<p>The sizes of objects are determined using <tt>__builtin_object_size</tt>, and
-consequently may be able to detect more problems at higher optimization levels.
-Bit-fields and vectors are not yet checked.</p>
+The following more fine-grained checks are also available:
+<ul>
+<li id="opt_fsanitize_alignment"><tt>-fsanitize=alignment</tt>:
+ Use of a misaligned pointer or creation of a misaligned reference.</li>
+<li id="opt_fsanitize_divide-by-zero"><tt>-fsanitize=divide-by-zero</tt>:
+ Division by zero.</li>
+<li id="opt_fsanitize_float-cast-overflow"><tt>-fsanitize=float-cast-overflow</tt>:
+ Conversion to, from, or between floating-point types which would overflow
+ the destination.</li>
+<li id="opt_fsanitize_null"><tt>-fsanitize=null</tt>:
+ Use of a null pointer or creation of a null reference.</li>
+<li id="opt_fsanitize_object-size"><tt>-fsanitize=object-size</tt>:
+ An attempt to use bytes which the optimizer can determine are not part of
+ the object being accessed.
+ The sizes of objects are determined using <tt>__builtin_object_size</tt>, and
+ consequently may be able to detect more problems at higher optimization
+ levels.</li>
+<li id="opt_fsanitize_return"><tt>-fsanitize=return</tt>:
+ In C++, reaching the end of a value-returning function without returning a
+ value.</li>
+<li id="opt_fsanitize_shift"><tt>-fsanitize=shift</tt>:
+ Shift operators where the amount shifted is greater or equal to the
+ promoted bit-width of the left hand side or less than zero, or where
+ the left hand side is negative. For a signed left shift, also checks
+ for signed overflow in C, and for unsigned overflow in C++.</li>
+<li id="opt_fsanitize_signed-integer-overflow"><tt>-fsanitize=signed-integer-overflow</tt>:
+ Signed integer overflow, including all the checks added by <tt>-ftrapv</tt>,
+ and checking for overflow in signed division (<tt>INT_MIN / -1</tt>).</li>
+<li id="opt_fsanitize_unreachable"><tt>-fsanitize=unreachable</tt>:
+ If control flow reaches __builtin_unreachable.</li>
+<li id="opt_fsanitize_vla-bound"><tt>-fsanitize=vla-bound</tt>:
+ A variable-length array whose bound does not evaluate to a positive value.</li>
+<li id="opt_fsanitize_vptr"><tt>-fsanitize=vptr</tt>:
+ Use of an object whose vptr indicates that it is of the wrong dynamic type,
+ or that its lifetime has not begun or has ended. Incompatible with
+ <tt>-fno-rtti</tt>.</li>
+</ul>
+
+The <tt>-fsanitize=</tt> argument must also be provided when linking, in order
+to link to the appropriate runtime library. It is not possible to combine the
+<tt>-fsanitize=address</tt> and <tt>-fsanitize=thread</tt> checkers in the same
+program.
</dd>
<dt id="opt_faddress-sanitizer"><b>-f[no-]address-sanitizer</b>:
-Turn on <a href="AddressSanitizer.html">AddressSanitizer</a>,
-a memory error detector.
+Deprecated synonym for <a href="#opt_fsanitize_address"><tt>-f[no-]sanitize=address</tt></a>.
<dt id="opt_fthread-sanitizer"><b>-f[no-]thread-sanitizer</b>:
-Turn on ThreadSanitizer, an <em>experimental</em> data race detector.
-Not ready for widespread use.
+Deprecated synonym for <a href="#opt_fsanitize_address"><tt>-f[no-]sanitize=thread</tt></a>.
+
+<dt id="opt_fcatch-undefined-behavior"><b>-fcatch-undefined-behavior</b>:
+Deprecated synonym for <a href="#opt_fsanitize_undefined"><tt>-fsanitize=undefined</tt></a>.
<dt id="opt_fno-assume-sane-operator-new"><b>-fno-assume-sane-operator-new</b>:
Don't assume that the C++'s new operator is sane.</dt>
More information about the cfe-commits
mailing list