Re: [RFC][Draft patch] Introduce IntegerSanitizer in GCC.

On 11/07/16 19:28, Jeff Law wrote: On 07/11/2016 10:08 AM, Maxim Ostapenko wrote: On 11/07/16 18:05, Jakub Jelinek wrote: On Tue, Jul 05, 2016 at 10:31:31AM +0300, Maxim Ostapenko wrote: CC'ing Jakub, Marek and Kostya, sanitizer maintainers in GCC. Jakub, thanks for your summary. I'm not c

Re: [RFC][Draft patch] Introduce IntegerSanitizer in GCC.

On Tue, Jul 12, 2016 at 9:48 AM, Maxim Ostapenko wrote: > On 11/07/16 19:28, Jeff Law wrote: >> >> On 07/11/2016 10:08 AM, Maxim Ostapenko wrote: >>> >>> On 11/07/16 18:05, Jakub Jelinek wrote: On Tue, Jul 05, 2016 at 10:31:31AM +0300, Maxim Ostapenko wrote: > > CC'ing Jakub, Mar

Re: [RFC][Draft patch] Introduce IntegerSanitizer in GCC.

On Tue, Jul 12, 2016 at 10:20:55AM +0100, Yuri Gribov wrote: > There are people who would tolerate FPs if the tool indeed helps to > find vulnerabilities. Especially if there is easy way to suppress > checks in set of functions/files who intentionally rely on unsigned But what is the easy way to s

Re: [RFC][Draft patch] Introduce IntegerSanitizer in GCC.

On Tue, Jul 12, 2016 at 10:34 AM, Jakub Jelinek wrote: > On Tue, Jul 12, 2016 at 10:20:55AM +0100, Yuri Gribov wrote: >> There are people who would tolerate FPs if the tool indeed helps to >> find vulnerabilities. Especially if there is easy way to suppress >> checks in set of functions/files who

Re: [RFC][Draft patch] Introduce IntegerSanitizer in GCC.

On 12/07/16 12:20, Yuri Gribov wrote: On Tue, Jul 12, 2016 at 9:48 AM, Maxim Ostapenko wrote: On 11/07/16 19:28, Jeff Law wrote: On 07/11/2016 10:08 AM, Maxim Ostapenko wrote: On 11/07/16 18:05, Jakub Jelinek wrote: On Tue, Jul 05, 2016 at 10:31:31AM +0300, Maxim Ostapenko wrote: CC'ing Jak

Re: [RFC][Draft patch] Introduce IntegerSanitizer in GCC.

Cc John. On Tue, Jul 12, 2016 at 10:49 AM, Maxim Ostapenko wrote: > On 12/07/16 12:20, Yuri Gribov wrote: >> >> On Tue, Jul 12, 2016 at 9:48 AM, Maxim Ostapenko >> wrote: >>> >>> On 11/07/16 19:28, Jeff Law wrote: On 07/11/2016 10:08 AM, Maxim Ostapenko wrote: > > On 11/07/16 1

Re: [RFC][Draft patch] Introduce IntegerSanitizer in GCC.

On 07/12/2016 02:48 AM, Maxim Ostapenko wrote: void foo (unsigned len) { ... void *p = malloc (len); } void bar () { ... unsigned len = a + b; foo (len); } Inlining & lto can help here as could a symbolic execution engine. This is precisely t

gcc-5-20160712 is now available

Snapshot gcc-5-20160712 is now available on ftp://gcc.gnu.org/pub/gcc/snapshots/5-20160712/ and on various mirrors, see http://gcc.gnu.org/mirrors.html for details. This snapshot has been generated from the GCC 5 SVN branch with the following options: svn://gcc.gnu.org/svn/gcc/branches/gcc-5