diff mbox

Implement -fsanitize=null + new sanopt pass

Message ID 20131118175755.GE30062@redhat.com
State New
Headers show

Commit Message

Marek Polacek Nov. 18, 2013, 5:57 p.m. UTC 
On Mon, Nov 18, 2013 at 04:58:36PM +0000, Joseph S. Myers wrote:
> On Mon, 18 Nov 2013, Marek Polacek wrote:
> 
> > +@item @option{-fsanitize=shift}
> > +
> > +This option enables checking that the result of a shift operation is
> > +not undefined.  Note that what exactly is considered undefined differs
> > +slightly between C and C++, as well as between ANSI C and C99, etc.
> 
> We generally refer to ISO C90, not ANSI C.

Fixed.
 
> > +Detect integer division by zero as well as @code{INT_MIN / -1} division.
> > +Note that the latter is only made undefined from C99 onwards.
> 
> INT_MIN / -1 is unambiguously undefined in C90 - it's a signed arithmetic 
> overflow (result not within the range of its type).  It's INT_MIN % -1 
> where there's more ambiguity, but I consider the wording changes in C11 as 
> a defect correction that should be applied back to C90.  (A comment on 
> what the semantics should be, not on whether the documentation accurately 
> reflects the code.)

I removed that sentence to not confuse readers.  (We issue runtime
error for INT_MIN % -1 for all c90, c99, c11 modes.)  Thanks.

Ok now?

2013-11-18  Marek Polacek  <polacek@redhat.com>

	* doc/invoke.texi: Extend -fsanitize=undefined documentation.


	Marek

Comments

Joseph Myers Nov. 18, 2013, 7:01 p.m. UTC | #1 
On Mon, 18 Nov 2013, Marek Polacek wrote:

> 2013-11-18  Marek Polacek  <polacek@redhat.com>
> 
> 	* doc/invoke.texi: Extend -fsanitize=undefined documentation.

OK.
diff mbox

Patch

--- gcc/doc/invoke.texi.mp3	2013-11-18 15:57:47.104103101 +0100
+++ gcc/doc/invoke.texi	2013-11-18 18:55:00.178009402 +0100
@@ -5260,9 +5260,44 @@  data race bugs.
 See @uref{http://code.google.com/p/data-race-test/wiki/ThreadSanitizer} for more details.
 
 @item -fsanitize=undefined
-Enable UndefinedBehaviorSanitizer, a fast undefined behavior detector
+Enable UndefinedBehaviorSanitizer, a fast undefined behavior detector.
 Various computations will be instrumented to detect undefined behavior
-at runtime, e.g.@: division by zero or various overflows.
+at runtime.  Current suboptions are:
+
+@itemize @bullet
+
+@item @option{-fsanitize=shift}
+
+This option enables checking that the result of a shift operation is
+not undefined.  Note that what exactly is considered undefined differs
+slightly between C and C++, as well as between ISO C90 and C99, etc.
+
+@item @option{-fsanitize=integer-divide-by-zero}
+
+Detect integer division by zero as well as @code{INT_MIN / -1} division.
+
+@item @option{-fsanitize=unreachable}
+
+With this option, the compiler will turn the @code{__builtin_unreachable}
+call into a diagnostics message call instead.  When reaching the
+@code{__builtin_unreachable} call, the behavior is undefined.
+
+@item @option{-fsanitize=vla-bound}
+
+This option instructs the compiler to check that the size of a variable
+length array is positive.  This option does not have any effect in
+@option{-std=c++1y} mode, as the standard requires the exception be thrown
+instead.
+
+@item @option{-fsanitize=null}
+
+This option enables pointer checking.  Particularly, the application
+built with this option turned on will issue an error message when it
+tries to dereference a NULL pointer, or if a reference (possibly an
+rvalue reference) is bound to a NULL pointer.
+
+@end itemize
+
 While @option{-ftrapv} causes traps for signed overflows to be emitted,
 @option{-fsanitize=undefined} gives a diagnostic message.
 This currently works only for the C family of languages.