On 12/19/2016 09:51 AM, Jakub Jelinek wrote:
On Mon, Dec 19, 2016 at 09:34:44AM -0700, Martin Sebor wrote:
That would be just weird, have one behavior for selected subset of functions
and another for the rest?  Ugh.

The selected set of the string built-ins are special -- they are
known not to recover from null pointers so I think treating them
differently would be reasonable (and useful) irrespective of
the -Wnonnull warning.  We don't know what any arbitrary user-
defined nonnull function might do when it gets a null pointer so
skipping those may not make as much sense.

The problem is that then -fsanitize=undefined changes behavior of the
program, which wasn't part of the design.  It should either terminate the
program after reporting (and before it happens) the first fatal UB, or
just report UB before they happen and continue working as without the
instrumentation.  If the program segfaults without instrumentation, so be it
even with instrumentation.
Right. I think as a fundamental design decision UB sanitization shouldn't change the behavior of the code. Report and terminate at first UB just remote UBs.

Deviations from that design should be looked at as bugs.

jeff

Reply via email to