[LLVMdev] GSoC - Range Analysis
John Regehr
regehr at cs.utah.edu
Mon Apr 2 21:28:33 PDT 2012
> I actually disagree on the last point. For static array bounds checking with
> SAFECode, we want to assume that all integer operations can overflow
> (including those with the nsw attribute). We don't care about the other
> integer semantic rules from C (like the promotion rules) or whether overflow
> is language defined or not (for those who don't know, unsigned ints have
> defined overflow in C; signed ints do not). All we want to know is whether a
> pointer p is within the bounds of a set of valid objects, and we just need to
> take integer overflow into account because it can happen on the hardware.
I'd have to see some specific examples to figure out if what you're saying
makes sense. All of my experience with integer overflows in C/C++ had lead
me to the conclusion that playing games with the semantics usually gets
you into hot water.
John
More information about the llvm-dev
mailing list