Re: checking against signed integer overflow

Sat, 05 Dec 2020 17:52:08 -0800 

On 12/5/20 7:03 AM, Bruno Haible wrote:


   * The only appropriate answer that is left is
     '-fsanitize=signed-integer-overflow -fsanitize-undefined-trap-on-error'.

Could we document this in the Gnulib documentation?


I gave it a shot by installing the attached patches.
There are a bunch of other flags we could mention, but it might be out of scope for the Gnulib manual.
I'm reluctant to recommend -fsanitize=whatever flags for production builds because they're ABI-incompatible with future library versions; at least, that's what Florian said a couple of years ago <https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc/>. 


Would it make sense to tell the GCC people that
   - the '-fsanitize=signed-integer-overflow 
-fno-sanitize-recover=signed-integer-overflow'
     options are practically useless when they force a dependency towards 
libstdc++,
   - the 'ftrapv' option is useless when it does not work in combination with
     '-O2' ?
I'm not observing the latter problem with GCC 10.2.1 (Red Hat 10.2.1-9) on Fedora 33 x86-64; maybe it's fixed now? I didn't investigate the former problem, but if it's an issue I suppose it's worth reporting. 
From f144df31352a3912693c47995faea3c50af569db Mon Sep 17 00:00:00 2001
From: Paul Eggert <egg...@cs.ucla.edu>
Date: Sat, 5 Dec 2020 17:31:43 -0800
Subject: [PATCH 1/2] doc: mention static and dynamic checking

* doc/gnulib-readme.texi (High Quality): Add a bit of advice
for static and dynamic checking.
---
 ChangeLog              |  4 ++++
 doc/gnulib-readme.texi | 22 ++++++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 72895ac78..d07d96878 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2020-12-05  Paul Eggert  <egg...@cs.ucla.edu>
 
+	doc: mention static and dynamic checking
+	* doc/gnulib-readme.texi (High Quality): Add a bit of advice
+	for static and dynamic checking.
+
 	intprops: Add INT_ADD_OK etc.
 	* doc/intprops.texi (Checking Integer Overflow): New section.
 	* lib/intprops.h: From a suggestion by Bruno Haible in:
diff --git a/doc/gnulib-readme.texi b/doc/gnulib-readme.texi
index 4775fa89a..a2a59628b 100644
--- a/doc/gnulib-readme.texi
+++ b/doc/gnulib-readme.texi
@@ -529,3 +529,25 @@ break.  This means that before any change can be committed to the
 repository, a test suite program must be produced that exposes the bug
 for regression testing.  All experimental work should be done on
 branches to help promote this.
+
+When compiling and testing Gnulib and Gnulib-using programs, certain
+compiler options can help improve reliability.  The
+@code{manywarnings} module enables several forms of static checking in
+GCC and related compilers (@pxref{manywarnings}).  For dynamic checking,
+you can run @code{configure} with @code{CFLAGS} options appropriate
+for your compiler.  For example:
+
+@example
+./configure \
+ CFLAGS='-g3 -O2'\
+' -D_FORTIFY_SOURCE=2'\
+' -fsanitize=undefined'\
+' -fsanitize-undefined-trap-on-error'
+@end example
+
+@noindent
+Here, @code{-D_FORTIFY_SOURCE=2} enables extra security hardening
+checks in the GNU C library, @code{-fsanitize=undefined} enables GCC's
+undefined behavior sanitizer (@code{ubsan}), and
+@code{-fsanitize-undefined-trap-on-error} prevents @code{ubsan}'s
+linking to unnecessary libraries like @code{libstdc++}.
-- 
2.27.0


From 0fcd7c693a775e3313ed3e84ff3acf3dc2c3686b Mon Sep 17 00:00:00 2001
From: Paul Eggert <egg...@cs.ucla.edu>
Date: Sat, 5 Dec 2020 17:33:29 -0800
Subject: [PATCH 2/2] doc: fix curved quotes issue

* doc/gnulib.texi: Set txicodequoteundirected and
txicodequotebacktick so that ` and ' in examples do not generate
curved single quotes that do the wrong thing when cut and pasted.
---
 ChangeLog       | 5 +++++
 doc/gnulib.texi | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index d07d96878..5378f177a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 2020-12-05  Paul Eggert  <egg...@cs.ucla.edu>
 
+	doc: fix curved quotes issue
+	* doc/gnulib.texi: Set txicodequoteundirected and
+	txicodequotebacktick so that ` and ' in examples do not generate
+	curved single quotes that do the wrong thing when cut and pasted.
+
 	doc: mention static and dynamic checking
 	* doc/gnulib-readme.texi (High Quality): Add a bit of advice
 	for static and dynamic checking.
diff --git a/doc/gnulib.texi b/doc/gnulib.texi
index 0620118bf..bddb80624 100644
--- a/doc/gnulib.texi
+++ b/doc/gnulib.texi
@@ -2,6 +2,14 @@
 @comment %**start of header
 @setfilename gnulib.info
 @settitle GNU Gnulib
+@c These two require Texinfo 5.0 or later, so we use the older
+@c equivalent @set variables supported in 4.11 and hence
+@ignore
+@codequotebacktick on
+@codequoteundirected on
+@end ignore
+@set txicodequoteundirected
+@set txicodequotebacktick
 @c Define a new index for the magic constants in regex.texi.
 @defcodeindex cn
 @syncodeindex fn cp
-- 
2.27.0

Reply via email to