[PATCH] D92634: [Analyzer] Diagnose signed integer overflow
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Jan 5 00:59:01 PST 2021
NoQ added a comment.
This patch adds a new core checker. I wouldn't be comfortable enabling it by default without a much more careful evaluation (than a single lit test). In particular, i'm worried about false positives due to constraint solving issues and our incorrect cast representation - it sounds like both of these may disproportionally affect this checker. I also still wonder about "intentional" use of signed overflows; it's likely that some developers would prefer to silence the check. At least we should have a rough idea about how loud it is.
In D92634#2454438 <https://reviews.llvm.org/D92634#2454438>, @martong wrote:
> +1
> To provide warnings on overflows is a great idea. However, perhaps a separate new checker should emit a report with more information (i.e. that an overflow could happen vs "undefined").
Not necessarily a new checker but bug reports from this checker are already lacking a lot of information. In this new check both operands should be tracked with visitors. Also in other checks there's a bailout path that produces generic diagnostics ("the result... is undefined" without explaining why); we should probably silence those instead because it's clear that we can't explain what's going on.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D92634/new/
https://reviews.llvm.org/D92634
More information about the cfe-commits
mailing list