Patchwork Implement -fsanitize=bounds and internal calls in FEs

login
register
mail settings
Submitter Marek Polacek
Date July 3, 2014, 10:41 a.m.
Message ID <20140703104145.GM20427@redhat.com>
Download mbox | patch
Permalink /patch/366826/
State New
Headers show

Comments

Marek Polacek - July 3, 2014, 10:41 a.m.
On Sat, Jun 28, 2014 at 06:52:00PM +0200, Gerald Pfeifer wrote:
> On Fri, 20 Jun 2014, Marek Polacek wrote:
> +@item -fsanitize=bounds
> +@opindex fsanitize=bounds
> +
> +This option enables instrumentation of array bounds.  Various out of bounds
> +accesses are detected.  Flexible array members are not instrumented, as well
> +as initializers of variables with static storage.
> 
> Can you make this "Flexible array members and initializers..." (or
> "...as well as...")?  The current wording confused me a bit at first.
> 
> And I believe there should be no empty line after @opindex.

Thanks, I'll fix both with the following.  Also
-fsanitize=float-divide-by-zero and -fsanitize=float-cast-overflow
descriptions were at a wrong place, so moved a little bit above.

Applying to trunk as obvious.

2014-07-03  Marek Polacek  <polacek@redhat.com>

	* doc/invoke.texi (-fsanitize=bounds): Tweak wording.
	(-fsanitize=float-divide-by-zero): Move to the table with
	-fsanitize=undefined suboptions.
	(-fsanitize=float-cast-overflow): Likewise.


	Marek
Jakub Jelinek - July 3, 2014, 10:46 a.m.
On Thu, Jul 03, 2014 at 12:41:46PM +0200, Marek Polacek wrote:
> On Sat, Jun 28, 2014 at 06:52:00PM +0200, Gerald Pfeifer wrote:
> > On Fri, 20 Jun 2014, Marek Polacek wrote:
> > +@item -fsanitize=bounds
> > +@opindex fsanitize=bounds
> > +
> > +This option enables instrumentation of array bounds.  Various out of bounds
> > +accesses are detected.  Flexible array members are not instrumented, as well
> > +as initializers of variables with static storage.
> > 
> > Can you make this "Flexible array members and initializers..." (or
> > "...as well as...")?  The current wording confused me a bit at first.
> > 
> > And I believe there should be no empty line after @opindex.
> 
> Thanks, I'll fix both with the following.  Also
> -fsanitize=float-divide-by-zero and -fsanitize=float-cast-overflow
> descriptions were at a wrong place, so moved a little bit above.
> 
> Applying to trunk as obvious.
> 
> 2014-07-03  Marek Polacek  <polacek@redhat.com>
> 
> 	* doc/invoke.texi (-fsanitize=bounds): Tweak wording.
> 	(-fsanitize=float-divide-by-zero): Move to the table with
> 	-fsanitize=undefined suboptions.
> 	(-fsanitize=float-cast-overflow): Likewise.

Those two aren't -fsanitize=undefined suboptions, so shouldn't be included
in there.

	Jakub
Marek Polacek - July 3, 2014, 10:55 a.m.
On Thu, Jul 03, 2014 at 12:46:35PM +0200, Jakub Jelinek wrote:
> On Thu, Jul 03, 2014 at 12:41:46PM +0200, Marek Polacek wrote:
> > On Sat, Jun 28, 2014 at 06:52:00PM +0200, Gerald Pfeifer wrote:
> > > On Fri, 20 Jun 2014, Marek Polacek wrote:
> > > +@item -fsanitize=bounds
> > > +@opindex fsanitize=bounds
> > > +
> > > +This option enables instrumentation of array bounds.  Various out of bounds
> > > +accesses are detected.  Flexible array members are not instrumented, as well
> > > +as initializers of variables with static storage.
> > > 
> > > Can you make this "Flexible array members and initializers..." (or
> > > "...as well as...")?  The current wording confused me a bit at first.
> > > 
> > > And I believe there should be no empty line after @opindex.
> > 
> > Thanks, I'll fix both with the following.  Also
> > -fsanitize=float-divide-by-zero and -fsanitize=float-cast-overflow
> > descriptions were at a wrong place, so moved a little bit above.
> > 
> > Applying to trunk as obvious.
> > 
> > 2014-07-03  Marek Polacek  <polacek@redhat.com>
> > 
> > 	* doc/invoke.texi (-fsanitize=bounds): Tweak wording.
> > 	(-fsanitize=float-divide-by-zero): Move to the table with
> > 	-fsanitize=undefined suboptions.
> > 	(-fsanitize=float-cast-overflow): Likewise.
> 
> Those two aren't -fsanitize=undefined suboptions, so shouldn't be included
> in there.

But they're parts of ubsan and at least
-fsanitize=float-divide-by-zero says it is not enabled by
-fsanitize=undefined.  Dunno, I can move it back if you want.

	Marek

Patch

diff --git gcc/doc/invoke.texi gcc/doc/invoke.texi
index b1f6f4b..046ea58 100644
--- gcc/doc/invoke.texi
+++ gcc/doc/invoke.texi
@@ -5400,26 +5400,22 @@  at runtime.  Current suboptions are:
 
 @item -fsanitize=shift
 @opindex fsanitize=shift
-
 This option enables checking that the result of a shift operation is
 not undefined.  Note that what exactly is considered undefined differs
 slightly between C and C++, as well as between ISO C90 and C99, etc.
 
 @item -fsanitize=integer-divide-by-zero
 @opindex fsanitize=integer-divide-by-zero
-
 Detect integer division by zero as well as @code{INT_MIN / -1} division.
 
 @item -fsanitize=unreachable
 @opindex fsanitize=unreachable
-
 With this option, the compiler will turn the @code{__builtin_unreachable}
 call into a diagnostics message call instead.  When reaching the
 @code{__builtin_unreachable} call, the behavior is undefined.
 
 @item -fsanitize=vla-bound
 @opindex fsanitize=vla-bound
-
 This option instructs the compiler to check that the size of a variable
 length array is positive.  This option does not have any effect in
 @option{-std=c++1y} mode, as the standard requires the exception be thrown
@@ -5427,7 +5423,6 @@  instead.
 
 @item -fsanitize=null
 @opindex fsanitize=null
-
 This option enables pointer checking.  Particularly, the application
 built with this option turned on will issue an error message when it
 tries to dereference a NULL pointer, or if a reference (possibly an
@@ -5435,7 +5430,6 @@  rvalue reference) is bound to a NULL pointer.
 
 @item -fsanitize=return
 @opindex fsanitize=return
-
 This option enables return statement checking.  Programs
 built with this option turned on will issue an error message
 when the end of a non-void function is reached without actually
@@ -5443,7 +5437,6 @@  returning a value.  This option works in C++ only.
 
 @item -fsanitize=signed-integer-overflow
 @opindex fsanitize=signed-integer-overflow
-
 This option enables signed integer overflow checking.  We check that
 the result of @code{+}, @code{*}, and both unary and binary @code{-}
 does not overflow in the signed arithmetics.  Note, integer promotion
@@ -5456,20 +5449,12 @@  a++;
 
 @item -fsanitize=bounds
 @opindex fsanitize=bounds
-
 This option enables instrumentation of array bounds.  Various out of bounds
-accesses are detected.  Flexible array members are not instrumented, as well
-as initializers of variables with static storage.
-
-@end table
-
-While @option{-ftrapv} causes traps for signed overflows to be emitted,
-@option{-fsanitize=undefined} gives a diagnostic message.
-This currently works only for the C family of languages.
+accesses are detected.  Flexible array members and initializers of variables
+with static storage are not instrumented.
 
 @item -fsanitize=float-divide-by-zero
 @opindex fsanitize=float-divide-by-zero
-
 Detect floating-point division by zero.  Unlike other similar options,
 @option{-fsanitize=float-divide-by-zero} is not enabled by
 @option{-fsanitize=undefined}, since floating-point division by zero can
@@ -5477,11 +5462,16 @@  be a legitimate way of obtaining infinities and NaNs.
 
 @item -fsanitize=float-cast-overflow
 @opindex fsanitize=float-cast-overflow
-
 This option enables floating-point type to integer conversion checking.
 We check that the result of the conversion does not overflow.
 This option does not work well with @code{FE_INVALID} exceptions enabled.
 
+@end table
+
+While @option{-ftrapv} causes traps for signed overflows to be emitted,
+@option{-fsanitize=undefined} gives a diagnostic message.
+This currently works only for the C family of languages.
+
 @item -fsanitize-recover
 @opindex fsanitize-recover
 By default @option{-fsanitize=undefined} sanitization (and its suboptions