[cfe-dev] [PATCH] IOC (Undefined behavior checks only)

Will Dietz w at wdtz.org
Fri Aug 24 19:48:53 PDT 2012


Hi All, Richard:

Attached are initial patches for IOC (http://embed.cs.utah.edu/ioc/),
with the goal of getting its functionality into mainline clang.  IOC
has been used to find many bugs in open source applications, with a
number of developers expressing interest in having it available in
Clang so they can make use of it.

The checks added in these patches are (as of today :)) entirely
achievable through existing options (-ftrapv and
-fcatch-undefined-behavior), but use of the new flags results in
useful details about the nature of the failed check.
For now, all functionality is added with *new* flags in an attempt to
preserve all existing use cases.  Exactly what each of the existing
flags should do merits discussion, and it's easy to do the flag
plumbing later once that's sorted out.

The third patch (002-*) is a simple follow-up adding an option to
terminate after a check fails, making it a step away from being able
to replace -ftrapv.

New flags:

-fioc-signed
  Nicer version of -ftrapv.

-fioc-shifts
  Enables IOC checks for shift by more than bitwidth.  Trapping
versions of these checks are currently implemented with
-fcatch-undefined-behavior.

-fioc-strict-shifts
  Enables IOC checks for 'strict' shift rules in C99/C++11.  Trapping
versions of these checks are currently implemented with
-fcatch-undefined-behavior as of earlier today.

Corresponding lit tests included.

Example execution:
$ ./test_ioc:
test_ioc.c:5:7: runtime error: signed addition overflow [ expr = '+=',
lval = (sint32) 2147483646, rval = (sint32) 10 ]
test_ioc.c:11:7: runtime error: signed multiplication overflow [ expr
= '*=', lval = (sint32) 1073741823, rval = (sint32) 1073741823 ]
test_ioc.c:17:11: runtime error: left shift by more than bitwidth [
expr = '<<', lval = (sint32) 1, rval = (sint32) 32 ]
test_ioc.c:19:14: runtime error: left shift into or beyond sign bit [
expr = '<<', lval = (sint32) -1, rval = (sint32) 2 ]
test_ioc.c:24:10: runtime error: signed subtraction overflow [ expr =
'unary -', lval = (sint32) 0, rval = (sint32) -2147483648 ]
test_ioc.c:32:5: runtime error: signed multiplication overflow [ expr
= '*=', lval = (sint64) 1004006004001, rval = (sint64) 1004006004001 ]
test_ioc.c:33:5: runtime error: signed multiplication overflow [ expr
= '*=', lval = (sint64) 5726162197579951681, rval = (sint64)
5726162197579951681 ]
test_ioc.c:39:10: runtime error: signed addition overflow [ expr =
'unary ++', lval = (sint32) 2147483647, rval = (sint32) 1 ]
test_ioc.c:44:11: runtime error: signed addition overflow [ expr =
'unary ++', lval = (sint32) 2147483647, rval = (sint32) 1 ]
test_ioc.c:61:5: runtime error: remainder by zero is undefined [ expr
= '%=', lval = (sint32) -2147483648, rval = (sint32) 0 ]

Please review or reply with any general comments.

Thank you for your time,

~Will
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-fioc-signed-shifts-strict-shifts-to-check-for-un.patch
Type: application/octet-stream
Size: 40185 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20120824/784dfcac/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-basic-IOC-runtime-logging-library.patch
Type: application/octet-stream
Size: 12605 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20120824/784dfcac/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-ioc-Add-option-to-abort-on-error-instead-of-resuming.patch
Type: application/octet-stream
Size: 6332 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20120824/784dfcac/attachment-0002.obj>


More information about the cfe-dev mailing list