On Mon, Nov 18, 2013 at 04:58:36PM +0000, Joseph S. Myers wrote:
> On Mon, 18 Nov 2013, Marek Polacek wrote:
>
> > +@item @option{-fsanitize=shift}
> > +
> > +This option enables checking that the result of a shift operation is
> > +not undefined. Note that what exactly is considered undefined differs
> > +slightly between C and C++, as well as between ANSI C and C99, etc.
>
> We generally refer to ISO C90, not ANSI C.
Fixed.
> > +Detect integer division by zero as well as @code{INT_MIN / -1} division.
> > +Note that the latter is only made undefined from C99 onwards.
>
> INT_MIN / -1 is unambiguously undefined in C90 - it's a signed arithmetic
> overflow (result not within the range of its type). It's INT_MIN % -1
> where there's more ambiguity, but I consider the wording changes in C11 as
> a defect correction that should be applied back to C90. (A comment on
> what the semantics should be, not on whether the documentation accurately
> reflects the code.)
I removed that sentence to not confuse readers. (We issue runtime
error for INT_MIN % -1 for all c90, c99, c11 modes.) Thanks.
Ok now?
2013-11-18 Marek Polacek <pola...@redhat.com>
* doc/invoke.texi: Extend -fsanitize=undefined documentation.
--- gcc/doc/invoke.texi.mp3 2013-11-18 15:57:47.104103101 +0100
+++ gcc/doc/invoke.texi 2013-11-18 18:55:00.178009402 +0100
@@ -5260,9 +5260,44 @@ data race bugs.
See @uref{http://code.google.com/p/data-race-test/wiki/ThreadSanitizer} for
more details.
@item -fsanitize=undefined
-Enable UndefinedBehaviorSanitizer, a fast undefined behavior detector
+Enable UndefinedBehaviorSanitizer, a fast undefined behavior detector.
Various computations will be instrumented to detect undefined behavior
-at runtime, e.g.@: division by zero or various overflows.
+at runtime. Current suboptions are:
+
+@itemize @bullet
+
+@item @option{-fsanitize=shift}
+
+This option enables checking that the result of a shift operation is
+not undefined. Note that what exactly is considered undefined differs
+slightly between C and C++, as well as between ISO C90 and C99, etc.
+
+@item @option{-fsanitize=integer-divide-by-zero}
+
+Detect integer division by zero as well as @code{INT_MIN / -1} division.
+
+@item @option{-fsanitize=unreachable}
+
+With this option, the compiler will turn the @code{__builtin_unreachable}
+call into a diagnostics message call instead. When reaching the
+@code{__builtin_unreachable} call, the behavior is undefined.
+
+@item @option{-fsanitize=vla-bound}
+
+This option instructs the compiler to check that the size of a variable
+length array is positive. This option does not have any effect in
+@option{-std=c++1y} mode, as the standard requires the exception be thrown
+instead.
+
+@item @option{-fsanitize=null}
+
+This option enables pointer checking. Particularly, the application
+built with this option turned on will issue an error message when it
+tries to dereference a NULL pointer, or if a reference (possibly an
+rvalue reference) is bound to a NULL pointer.
+
+@end itemize
+
While @option{-ftrapv} causes traps for signed overflows to be emitted,
@option{-fsanitize=undefined} gives a diagnostic message.
This currently works only for the C family of languages.
Marek
