Re: Having fun with the following C code (UB)

To: debian-devel@lists.debian.org
Subject: Re: Having fun with the following C code (UB)
From: Julian Taylor <jtaylor.debian@googlemail.com>
Date: Mon, 14 Apr 2014 20:07:37 +0200
Message-id: <[🔎] 534C23E9.6020800@googlemail.com>
In-reply-to: <[🔎] ligk5k$gcn$1@ger.gmane.org>
References: <CA+7wUsxcFAYzKJ-nTJviE_v5y_-2c9G79R4gL0GYEat0Db2E+w@mail.gmail.com> <[🔎] 20140410100321.GB18703@grep.be> <[🔎] 20140410102950.GA7517@jwilk.net> <[🔎] 20140410104203.GD18703@grep.be> <[🔎] 21318.32941.351261.72783@chiark.greenend.org.uk> <[🔎] Pine.BSM.4.64L.1404101147250.23837@herc.mirbsd.org> <[🔎] 20140410153409.GA32321@xvii.vinc17.org> <[🔎] 21318.56319.795404.108549@chiark.greenend.org.uk> <[🔎] 5346F981.9010802@debian.org> <[🔎] 20140412203827.GA25376@khazad-dum.debian.net> <[🔎] 5349F72D.4030401@debian.org> <[🔎] 87wqeurm01.fsf@windlord.stanford.edu> <[🔎] ligk5k$gcn$1@ger.gmane.org>

On 14.04.2014 14:26, Raphael Geissert wrote:
> Russ Allbery wrote:
>> Shachar Shemesh <shachar@debian.org> writes:
>>> Do you really want to get a "Warning: signed integer overflow yields
>>> undefined behavior" on this function?
>>
>> I would certainly like to be able to enable such a thing.  I write a lot
>> of code where I'd love the compiler to double-check that I've established
>> bounds checks on a and b before doing the addition that guarantee that it
>> won't overflow.
> 
> Not quite to that point, but you might be interested in the UBS:
> 
> http://clang.llvm.org/docs/UsersManual.html#controlling-code-generation
> 
> More specifically, two options: -fsanitize=undefined and -fsanitize=integer
> 
> And some nice examples:
> http://blog.regehr.org/archives/1054
> http://blog.regehr.org/archives/963
> 
> Cheers,
> 

fyi, gcc-4.9 which is currently available as a release candidate also
has the undefined behavior (and address/thread) sanitizer included, it
is enabled the same way with -fsanitize=...
http://gcc.gnu.org/gcc-4.9/changes.html

but it can only detect it when undefined behavior really occurs (and
ubsan has a check for it), which is not often the case in regular
testsuites or normal application runs.
It is probably most useful combined with fuzz testing to trigger code
paths you didn't account for.

Reply to:

References:
- Re: Having fun with the following C code (UB)
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Jakub Wilk <jwilk@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Having fun with the following C code (UB)
  - From: Thorsten Glaser <tg@mirbsd.de>
- Re: Having fun with the following C code (UB)
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Having fun with the following C code (UB)
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Having fun with the following C code (UB)
  - From: Shachar Shemesh <shachar@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Shachar Shemesh <shachar@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Russ Allbery <rra@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Raphael Geissert <geissert@debian.org>

Prev by Date: Re: Why Debian
Next by Date: Bug#744790: ITP: gnuais - Automatic Identification System Receiver
Previous by thread: Re: Having fun with the following C code (UB)
Next by thread: Re: Having fun with the following C code (UB)
Index(es):
- Date
- Thread