https://llvm.org/bugs/show_bug.cgi?id=25706
Bug ID: 25706
Summary: Annotate libc++ with attribute
no_sanitize("unsigned-integer-overflow")
Product: libc++
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: All Bugs
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected]
Classification: Unclassified
Unsigned integer overflow is defined behavior, but that doesn't make unsigned
integer arithmetic easy.
The UndefinedBehaviorSanitizer (UBSan) has an unsigned-integer-overflow check
that has found lots of bugs in my application related to corner cases of
unsigned integer arithmetic.
There are very few libc++ functions (mostly only the hash functions) that
use/rely on unsigned integer overflow.
It would be nice if these functions could be marked with the
[[no_sanitize("unsigned-integer-overflow")]] attribute, so that UBSan doesn't
complain on them when run using the "unsigned-integer-overflow" check. The test
suit could be then upgraded to run with this check.
The advantage would be that users could run the "unsigned-integer-overflow"
check on their own programs without getting false positives from libc++.
The fast way to do this is to just run the test suite with the sanitizer check,
and mark all the functions that produce a false positive with the attribute
(with current trunk no real positives are found).
The "fine grained" way of doing this is to define a function:
template<typename T>
using uncvref_t = std::remove_reference_t<std::remove_cv_t<T>>;
template<typename T, class =
std::enable_if_t<std::is_unsigned<uncvref_t<T>>{}>>
[[no_sanitize("unsigned-integer-overflow")]]
T wrapping_add(T&& a, T&& b) { return a + b; }
and use it when overflow semantics is intended, which helps with documentation.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
llvm-bugs mailing list
[email protected]
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
