[clang] [Clang] Add release note for pointer overflow optimization change (PR #122462)

[Nikita Popov via cfe-commits]

================
@@ -58,6 +58,26 @@ code bases.
   containing strict-aliasing violations. The new default behavior can be
   disabled using ``-fno-pointer-tbaa``.
 
+- Clang will now more aggressively use undefined behavior on pointer addition
+  overflow for optimization purposes. For example, a check like
+  ``ptr + unsigned_offset < ptr`` will now optimize to ``false``, because
+  ``ptr + unsigned_offset`` will cause undefined behavior if it overflows (or
+  advances past the end of the object).
+
+  Previously, ``ptr + unsigned_offset < ptr`` was optimized (by both Clang and
+  GCC) to ``(ssize_t)unsigned_offset < 0``. This also results in an incorrect
+  overflow check, but in a way that is less apparent when only testing with
+  pointers in the low half of the address space.
+
+  To avoid pointer addition overflow, it is necessary to perform the addition
+  on integers, for example using
+  ``(uintptr_t)ptr + unsigned_offset < (uintptr_t)ptr``.
+
+  Undefined behavior due to pointer addition overflow can be reliably detected
+  using ``-fsanitize=pointer-overflow``. It is also possible to use
+  ``-fno-strict-overflow`` to opt-in to a language dialect where signed integer
+  and pointer overflow are well-defined.
----------------
nikic wrote:

With Clang, `-fno-strict-overflow` and `-fwrapv` are the same. With GCC, `-fwrapv` only controls signed integer overflow, while pointer overflow uses a separate `-fwrapv-pointer` flag. That's why I'm recommending `-fno-strict-overflow` here, as it will work on both compilers with the same semantics.

I'm also considering adding `-fwrapv-pointer` to Clang, in which case we could recommend `-fwrapv-pointer` as the minimally intrusive option here.

https://github.com/llvm/llvm-project/pull/122462