[cfe-dev] [PATCH] Integer Sanitizer Initial Patches
Eli Friedman
eli.friedman at gmail.com
Wed Nov 7 17:26:15 PST 2012
On Wed, Nov 7, 2012 at 5:15 PM, Will Dietz <willdtz at gmail.com> wrote:
> Hi all,
>
> Attached are patches that add a new 'sanitizer' to clang for detecting
> and reporting integer overfllows. Unlike the checks added by
> -fcatch-undefined-behavior, these also include non-undefined-behavior
> checks.
It's not obvious to me that it's useful to add runtime instrumentation
for unsigned overflow in particular; my instinct is that you'll get a
ton of false positives for existing codebases. Also, there isn't any
obvious way to fix code which legitimately takes advantage of unsigned
overflow. Do you have any data here?
>
> The attached clang patch adds:
>
> -fsanitize=unsigned-integer-overflow
> and
> -fsanitize=integer
Suspicious-behavior checkers are fundamentally not the same thing as
the existing sanitizers because the code might be correct as-is. Does
it make sense to put them under -fsanitize?
-Eli
More information about the cfe-dev
mailing list