> Am 15.09.2023 um 17:37 schrieb Qing Zhao <qing.z...@oracle.com>: > > > >>> On Sep 15, 2023, at 11:29 AM, Richard Biener <richard.guent...@gmail.com> >>> wrote: >>> >>> >>> >>>> Am 15.09.2023 um 17:25 schrieb Qing Zhao <qing.z...@oracle.com>: >>> >>> >>> >>>> On Sep 15, 2023, at 8:41 AM, Arsen Arsenović <ar...@aarsen.me> wrote: >>>> >>>> >>>> Qing Zhao <qing.z...@oracle.com> writes: >>>> >>>>> Even though unsigned integer overflow is well defined, it might be >>>>> unintentional, shall we warn user about this? >>>> >>>> This would be better addressed by providing operators or functions that >>>> do overflow checking in the language, so that they can be explicitly >>>> used where overflow is unexpected. >>> >>> Yes, that will be very helpful to prevent unexpected overflow in the >>> program in general. >>> However, this will mainly benefit new codes. >>> >>> For the existing C codes, especially large applications, we still need to >>> identify all the places >>> Where the overflow is unexpected, and fix them. >>> >>> One good example is linux kernel. >>> >>>> One could easily imagine a scenario >>>> where overflow is not expected in some region of code but is in the >>>> larger application. >>> >>> Yes, that’s exactly the same situation Linux kernel faces now, the >>> unexpected Overflow and >>> expected wrap-around are mixed together inside one module. >>> It’s hard to detect the unexpected overflow under such situation based on >>> the current GCC. >> >> But that’s hardly GCCs fault nor can GCC fix that in any way. Only the >> programmer can distinguish both cases. > > Right, compiler cannot fix this. > But can provide some tools to help the user to detect this more conveniently. > > Right now, GCC provides two set of options for different types: > > A. Turn the overflow to expected wrap-around (remove UB); > B. Detect overflow; > > A B > remove UB -fsanitize=… > signed -fwrapv signed-integer-overflow > pointer -fwrapv-pointer pointer-overflow (broken in Clang) > > However, Options in A and B excluded with each other. They cannot mix > together for a single file. > > What’s requested from Kernel is: > > compiler needs to provide a functionality that can mix these two together for > a file. > > i.e, apply A (convert UB to defined behavior WRAP-AROUND) only to part of the > program. And then add -fsnaitize=*overflow to detect all other > Unexpected overflows in the program. > > This is currently missing from GCC, I guess? How can GCC know which part of the program wants wrapping and which sanitizing? Richard > Qing > > > > > >> >> Richard >> >>> Thanks. >>> >>> Qing >>>> -- >>>> Arsen Arsenović >
Re: Question on -fwrapv and -fwrapv-pointer
Richard Biener via Gcc-patches Fri, 15 Sep 2023 10:27:19 -0700
- Re: Question on -fwrapv and -fwrapv-point... Xi Ruoyao via Gcc-patches
- Re: Question on -fwrapv and -fwrapv-point... Qing Zhao via Gcc-patches
- Re: Question on -fwrapv and -fwrapv-point... Andrew Pinski via Gcc-patches
- Re: Question on -fwrapv and -fwrapv-point... Kees Cook via Gcc-patches
- Re: Question on -fwrapv and -fwrapv-point... Arsen Arsenović via Gcc-patches
- Re: Question on -fwrapv and -fwrapv-point... Qing Zhao via Gcc-patches
- Re: Question on -fwrapv and -fwrapv-point... Richard Biener via Gcc-patches
- Re: Question on -fwrapv and -fwrapv-point... Qing Zhao via Gcc-patches
- Re: Question on -fwrapv and -fwrapv-point... Xi Ruoyao via Gcc-patches
- Re: Question on -fwrapv and -fwrapv-point... Qing Zhao via Gcc-patches
- Re: Question on -fwrapv and -fwrapv-point... Richard Biener via Gcc-patches
- Re: Question on -fwrapv and -fwrapv-point... Qing Zhao via Gcc-patches
- Re: Question on -fwrapv and -fwrapv-point... Kees Cook via Gcc-patches
- Re: Question on -fwrapv and -fwrapv-point... Kees Cook via Gcc-patches
