[clang] c2979c5 - [Clang] Add release note for pointer overflow optimization change (#122462)

via cfe-commits cfe-commits at lists.llvm.org
Mon Jan 13 02:24:06 PST 2025 

Author: Nikita Popov
Date: 2025-01-13T11:24:02+01:00
New Revision: c2979c58d49bf3c7dc892ed9fb49cdca389130ee

URL: https://github.com/llvm/llvm-project/commit/c2979c58d49bf3c7dc892ed9fb49cdca389130ee
DIFF: https://github.com/llvm/llvm-project/commit/c2979c58d49bf3c7dc892ed9fb49cdca389130ee.diff

LOG: [Clang] Add release note for pointer overflow optimization change (#122462)

Add a release note for optimization change related to pointer overflow
checks. I've put this in the breaking changes section to give it the
best chance of being seen.

Added: 
    

Modified: 
    clang/docs/ReleaseNotes.rst

Removed: 
    


################################################################################
diff  --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index a14fb189c8e132..8f4adbcd705181 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -58,6 +58,29 @@ code bases.
   containing strict-aliasing violations. The new default behavior can be
   disabled using ``-fno-pointer-tbaa``.
 
+- Clang will now more aggressively use undefined behavior on pointer addition
+  overflow for optimization purposes. For example, a check like
+  ``ptr + unsigned_offset < ptr`` will now optimize to ``false``, because
+  ``ptr + unsigned_offset`` will cause undefined behavior if it overflows (or
+  advances past the end of the object).
+
+  Previously, ``ptr + unsigned_offset < ptr`` was optimized (by both Clang and
+  GCC) to ``(ssize_t)unsigned_offset < 0``. This also results in an incorrect
+  overflow check, but in a way that is less apparent when only testing with
+  pointers in the low half of the address space.
+
+  To avoid pointer addition overflow, it is necessary to perform the addition
+  on integers, for example using
+  ``(uintptr_t)ptr + unsigned_offset < (uintptr_t)ptr``. Sometimes, it is also
+  possible to rewrite checks by only comparing the offset. For example,
+  ``ptr + offset < end_ptr && ptr + offset >= ptr`` can be written as
+  ``offset < (uintptr_t)(end_ptr - ptr)``.
+
+  Undefined behavior due to pointer addition overflow can be reliably detected
+  using ``-fsanitize=pointer-overflow``. It is also possible to use
+  ``-fno-strict-overflow`` to opt-in to a language dialect where signed integer
+  and pointer overflow are well-defined.
+
 C/C++ Language Potentially Breaking Changes
 -------------------------------------------

More information about the cfe-commits mailing list