[clang] [compiler-rt] [Sanitizer] add signed-integer-wrap sanitizer (PR #80089)
Fangrui Song via cfe-commits
cfe-commits at lists.llvm.org
Wed Feb 14 17:07:40 PST 2024
MaskRay wrote:
This is a UI discussion about how command line options should behave.
Some folks prefer simpler rules while some prefer smart rules (guessing what the user intends).
A [-fwrapv](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fwrapv) user may either:
* rely on the wraparound behavior
* or prevent certain optimizations that would raise security concerns
Our -fsanitize=signed-integer-overflow design have been assuming that -fwrapv users don't need the check.
This PR suggests that an important user does want overflow checks.
It seems very confusing to have two options doing the same thing.
I think we can try -fsanitize=signed-integer-overflow effective when -fwrapv.
There is a precedent that -fsanitize=undefined enables different checks for different targets.
We could make -fsanitize=undefined not imply -fsanitize=signed-integer-overflow when -fwrapv is specified, if we do want to guess the user intention.
Personally I'd prefer moving away from such behaviors and be more orthogonal.
https://github.com/llvm/llvm-project/pull/80089
More information about the cfe-commits
mailing list