[PATCH] D92634: [Analyzer] Diagnose signed integer overflow

Ella Ma via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Sun Jan 3 19:59:54 PST 2021


OikawaKirie added a comment.

In D92634#2476161 <https://reviews.llvm.org/D92634#2476161>, @danielmarjamaki wrote:

>> Besides, the return value should be the exact value computed from the two integers, even unknown, rather than undefined. As the developers may overflow an integer on purpose.
>
> I am not sure what you mean. If there is undefined behavior then the value should be undefined and nothing else.. right?

Exactly, it is undefined behavior in the C++ standard. However, the mainstream compilers like GCC and Clang implement this as the overflowed value, and some programmers also use this feature to do some tricky things. Therefore I suggest the computed value should be "the exact value computed from the two integers". Or it can be the `Unknown` `SVal`, but rather than the `Undefined` `SVal`, as the `Undefined` `SVal` is used to represent what is read from an uninitialized variable.

But I do not favour the `Unknown` solution, as it could also trigger other problems in the engine, just as what has been mentioned by steakhal. Or maybe it would be no longer a problem if you implement this in a checker, but as a non-fatal error it is, you can just leave the overflowed value as it is, and report the problem only without terminating the symbol execution on this path. There is no need to report this problem all the time.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D92634/new/

https://reviews.llvm.org/D92634



More information about the cfe-commits mailing list