https://github.com/nikic updated https://github.com/llvm/llvm-project/pull/122462
>From 6940157fa4b9c186f45b98206311b12ab78c40ff Mon Sep 17 00:00:00 2001 From: Nikita Popov <npo...@redhat.com> Date: Fri, 10 Jan 2025 15:14:44 +0100 Subject: [PATCH 1/2] [Clang] Add release note for pointer overflow optimization change --- clang/docs/ReleaseNotes.rst | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index 511a28c5554bbb..aea5eb2a04ac63 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -58,6 +58,26 @@ code bases. containing strict-aliasing violations. The new default behavior can be disabled using ``-fno-pointer-tbaa``. +- Clang will now more aggressively use undefined behavior on pointer addition + overflow for optimization purposes. For example, a check like + ``ptr + unsigned_offset < ptr`` will now optimize to ``false``, because + ``ptr + unsigned_offset`` will cause undefined behavior if it overflows (or + advances past the end of the object). + + Previously, ``ptr + unsigned_offset < ptr`` was optimized (by both Clang and + GCC) to ``(ssize_t)unsigned_offset < 0``. This also results in an incorrect + overflow check, but in a way that is less apparent when only testing with + pointers in the low half of the address space. + + To avoid pointer addition overflow, it is necessary to perform the addition + on integers, for example using + ``(uintptr_t)ptr + unsigned_offset < (uintptr_t)ptr``. + + Undefined behavior due to pointer addition overflow can be reliably detected + using ``-fsanitize=pointer-overflow``. It is also possible to use + ``-fno-strict-overflow`` to opt-in to a language dialect where signed integer + and pointer overflow are well-defined. + C/C++ Language Potentially Breaking Changes ------------------------------------------- >From 53a106f43b3dcde62c25972c7f76dcab07c503b3 Mon Sep 17 00:00:00 2001 From: Nikita Popov <npo...@redhat.com> Date: Mon, 13 Jan 2025 11:10:29 +0100 Subject: [PATCH 2/2] Suggest an alternative way to write the check --- clang/docs/ReleaseNotes.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index aea5eb2a04ac63..02967b75ff41be 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -71,7 +71,10 @@ code bases. To avoid pointer addition overflow, it is necessary to perform the addition on integers, for example using - ``(uintptr_t)ptr + unsigned_offset < (uintptr_t)ptr``. + ``(uintptr_t)ptr + unsigned_offset < (uintptr_t)ptr``. Sometimes, it is also + possible to rewrite checks by only comparing the offset. For example, + ``ptr + offset < end_ptr && ptr + offset >= ptr`` can be written as + ``offset < (uintptr_t)(end_ptr - ptr)``. Undefined behavior due to pointer addition overflow can be reliably detected using ``-fsanitize=pointer-overflow``. It is also possible to use _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
