On Tue, Jul 12, 2016 at 10:34 AM, Jakub Jelinek <ja...@redhat.com> wrote: > On Tue, Jul 12, 2016 at 10:20:55AM +0100, Yuri Gribov wrote: >> There are people who would tolerate FPs if the tool indeed helps to >> find vulnerabilities. Especially if there is easy way to suppress >> checks in set of functions/files who intentionally rely on unsigned > > But what is the easy way to suppress it? > For say unsigned int x, y, z; > ... > x = y + z; > one can surely suppress it with > (void) __builtin_add_overflow (y, z, &x); > or as Segher mentioned on IRC, portably with: > x = ((y&((~0U/2))+(z&((~0U/2)))^((y^z)&~((~0U/2)); > If there is a wider type, one can also compute in the wider type and > then mask. > Still, none of this look like easy way.
I was actually talking about brute-force __attribute__((no_sanitize_unsigned)). Clang goes even further by storing these annotations to dedicated config files (presumably to allow easier integration to large codebases). -Y
