On Sat, 26 Apr 2025 at 16:23, Nathan Chancellor <nat...@kernel.org> wrote: > > Pardon my ignorance though, isn't something like this > basically just '-fsanitize=undefined -fsanitize-trap=all'?
Sure. Except -fsanitize=undefined is a horrible horrible thing. Why? Because it pointlessly adds code to *look* for undefined behavior, which is only extra overhead. I)OW, if we have a divide, just *DO THE DIVIDE*. Don't some extra pointless code to "is the divisor zero, and trap if so". Because dammit, that's what the divide instruction ALREADY DOES. The whole concept of "use undefined C behavior to change code generation" is complete and utter BS. It's wrong. It's stupid. And a compiler shouldn't do it. The argument for it is "once it's udnefined, I might as well optimize it away". But in reality, that argument is pure garbage. It's garbage for several reasons: - there's no real life optimization to have in practice. You aren't actually improving code generation. - there are real and serious downsides in security, and this case is an example of that very issue - the historical reason for most C undefined behavior DOES NOT ACTUALLY EXIST ANY MORE. Nick Desaulniers recently pointed me at a paper that is worth reading by any compiler person: https://web.ist.utl.pt/nuno.lopes/pubs/ub-pldi25.pdf which backs me up on that "UD optimizations aren't actually optimizing anything" thing. So please. Clang people need to get a clue. Yes, we care *deeply* about performance in the kernel, but a C compiler that thinks that using UD to generate "better" code is a disgrace and pure garbage. Because security matters a whole lot too, and the downsides of turning undefined behavior into random garbage are about a million times bigger than the "I can remove one integer instruction for zero gain". For the kerrnel, we want to disable absolutely all undefined behavior crap ideas by the compiler. It's why we use -fwrapv and have for years. It's why we disable the idiotic "strict alias" stuff that should never have become part of C. And it's why I want that "turn UD into unreachable" mindfart fixed. The notion of "optimizing" unreachable code is crazy. And the notion of thinking that "UD means unreachable" is so incredibly insane that any compiler person that thinks it is reasonable should have his head examined. Linus
