[clang] [Clang] Add release note for pointer overflow optimization change (PR #122462)
Nikita Popov via cfe-commits
cfe-commits at lists.llvm.org
Mon Jan 13 02:10:57 PST 2025
https://github.com/nikic updated https://github.com/llvm/llvm-project/pull/122462
>From 6940157fa4b9c186f45b98206311b12ab78c40ff Mon Sep 17 00:00:00 2001
From: Nikita Popov <npopov at redhat.com>
Date: Fri, 10 Jan 2025 15:14:44 +0100
Subject: [PATCH 1/2] [Clang] Add release note for pointer overflow
optimization change
---
clang/docs/ReleaseNotes.rst | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 511a28c5554bbb..aea5eb2a04ac63 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -58,6 +58,26 @@ code bases.
containing strict-aliasing violations. The new default behavior can be
disabled using ``-fno-pointer-tbaa``.
+- Clang will now more aggressively use undefined behavior on pointer addition
+ overflow for optimization purposes. For example, a check like
+ ``ptr + unsigned_offset < ptr`` will now optimize to ``false``, because
+ ``ptr + unsigned_offset`` will cause undefined behavior if it overflows (or
+ advances past the end of the object).
+
+ Previously, ``ptr + unsigned_offset < ptr`` was optimized (by both Clang and
+ GCC) to ``(ssize_t)unsigned_offset < 0``. This also results in an incorrect
+ overflow check, but in a way that is less apparent when only testing with
+ pointers in the low half of the address space.
+
+ To avoid pointer addition overflow, it is necessary to perform the addition
+ on integers, for example using
+ ``(uintptr_t)ptr + unsigned_offset < (uintptr_t)ptr``.
+
+ Undefined behavior due to pointer addition overflow can be reliably detected
+ using ``-fsanitize=pointer-overflow``. It is also possible to use
+ ``-fno-strict-overflow`` to opt-in to a language dialect where signed integer
+ and pointer overflow are well-defined.
+
C/C++ Language Potentially Breaking Changes
-------------------------------------------
>From 53a106f43b3dcde62c25972c7f76dcab07c503b3 Mon Sep 17 00:00:00 2001
From: Nikita Popov <npopov at redhat.com>
Date: Mon, 13 Jan 2025 11:10:29 +0100
Subject: [PATCH 2/2] Suggest an alternative way to write the check
---
clang/docs/ReleaseNotes.rst | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index aea5eb2a04ac63..02967b75ff41be 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -71,7 +71,10 @@ code bases.
To avoid pointer addition overflow, it is necessary to perform the addition
on integers, for example using
- ``(uintptr_t)ptr + unsigned_offset < (uintptr_t)ptr``.
+ ``(uintptr_t)ptr + unsigned_offset < (uintptr_t)ptr``. Sometimes, it is also
+ possible to rewrite checks by only comparing the offset. For example,
+ ``ptr + offset < end_ptr && ptr + offset >= ptr`` can be written as
+ ``offset < (uintptr_t)(end_ptr - ptr)``.
Undefined behavior due to pointer addition overflow can be reliably detected
using ``-fsanitize=pointer-overflow``. It is also possible to use
More information about the cfe-commits
mailing list