[llvm-bugs] [Bug 25706] New: Annotate libc++ with attribute no_sanitize("unsigned-integer-overflow")

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Dec 2 02:07:45 PST 2015 

https://llvm.org/bugs/show_bug.cgi?id=25706

            Bug ID: 25706
           Summary: Annotate libc++ with attribute
                    no_sanitize("unsigned-integer-overflow")
           Product: libc++
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: All Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: gonzalobg88 at gmail.com
                CC: llvm-bugs at lists.llvm.org, mclow.lists at gmail.com
    Classification: Unclassified

Unsigned integer overflow is defined behavior, but that doesn't make unsigned
integer arithmetic easy. 

The UndefinedBehaviorSanitizer (UBSan) has an unsigned-integer-overflow check
that has found lots of bugs in my application related to corner cases of
unsigned integer arithmetic.

There are very few libc++ functions (mostly only the hash functions) that
use/rely on unsigned integer overflow.

It would be nice if these functions could be marked with the
[[no_sanitize("unsigned-integer-overflow")]] attribute, so that UBSan doesn't
complain on them when run using the "unsigned-integer-overflow" check. The test
suit could be then upgraded to run with this check.

The advantage would be that users could run the "unsigned-integer-overflow"
check on their own programs without getting false positives from libc++.

The fast way to do this is to just run the test suite with the sanitizer check,
and mark all the functions that produce a false positive with the attribute
(with current trunk no real positives are found). 

The "fine grained" way of doing this is to define a function:

template<typename T>
using uncvref_t = std::remove_reference_t<std::remove_cv_t<T>>;

template<typename T, class =
std::enable_if_t<std::is_unsigned<uncvref_t<T>>{}>>
[[no_sanitize("unsigned-integer-overflow")]]
T wrapping_add(T&& a, T&& b) { return a + b; }

and use it when overflow semantics is intended, which helps with documentation.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20151202/0a98f482/attachment.html>

More information about the llvm-bugs mailing list