[llvm-dev] [Sanitizer] Sanitizer does not identify violation

Brian Cain via llvm-dev llvm-dev at lists.llvm.org
Sat Nov 4 12:32:52 PDT 2017 

Mahesh,

First, to clarify: the term "sanitizer" refers to a set of dynamic
techniques for finding bugs and it does not intersect at all with these
statically-detected compiler warnings.  The AddressSanitizer would detect
out-of-bounds issues like these at runtime and in my experience false
negatives and false positives are very rare.  Though since the access of
b[11] is actually in-bounds, it would not trigger.  This behavior is likely
by design and not considered a bug.

So, regarding the warnings:

If you had declared the parameter with "static" qualifying the size, *and*
you had passed an array smaller than the size indicated, that would result
in another warning from the caller.  Note that this is a C99 feature that
is not present in C++.

Here's a demo showing the resulting warnings from clang when using that
feature: https://godbolt.org/g/48NnME

Absent the "static" qualifier for the size, there's no real restriction
from the language regarding the access of b[11] in the thisShallError()
func beyond it failing to meet an implicit API.


On Sat, Nov 4, 2017 at 2:01 PM, Mahesh Attarde via llvm-dev <
llvm-dev at lists.llvm.org> wrote:

> Hello fellas,
>   Recently i was working on bug, which is simplified as follow.
>
>
> ============================================================
> =======================================================
> Code:
> #include<iostream>
>
> int thisShallError(int b[10]){
> int gaurdTop = 0xF0F0;
> int c[16] = {0};
> int gaurdDown[16];
> gaurdDown[0] = 0x0F0F;
> return c[16] | b[11];
> }
>
> int main(){
> int mb[32]={0};
> mb[11] = 0xF0F0;
> std::cout<<std::hex << thisShallError(mb);
> return 0;
> }
>
>
> Warning:
>
> 4 : <source>:4:9: warning: unused variable 'gaurdTop' [-Wunused-variable] <https://godbolt.org/#>
>     int gaurdTop = 0xF0F0;
>         ^
> 8 : <source>:8:12: warning: array index 16 is past the end of the array (which contains 16 elements) [-Warray-bounds] <https://godbolt.org/#>
>     return c[16] | b[11];
>            ^ ~~
> 5 : <source>:5:5: note: array 'c' declared here <https://godbolt.org/#>
>     int c[16] = {0};
>     ^
> 2 warnings generated.
> Compiler exited with result code 0
>
> ============================================================
> ===================
>
>
> Things to note here.
> 1. variable b's size is know at compile time and i was expecting error
> just like c [third warning]
> 2. thisShallError accepts size of array as 10 but it is clearly declared
> with 32. Should we do something. [Given fact that Array will decay to
> pointer but sanitizer may warn, if possible]
>
> I want to confirm if this is bug or not,sanitizer has no false positive
> rule scenario??, will happy to patch it myself :)
>
> Thanks
> Mahesh
>
>
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>
>


-- 
-Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20171104/4dbae874/attachment.html>

More information about the llvm-dev mailing list