Re: [PATCH] Implement -fsanitize=null + new sanopt pass

Mon, 18 Nov 2013 08:17:44 -0800 

On Mon, Nov 18, 2013 at 02:52:34PM +0100, Jakub Jelinek wrote:
> Oh, one more thing, please update gcc/doc/, the -fsanitize= description is
> far from up to date there.

Ok, the following (incremental) hopefully improves the docs.  Joseph, would
you mind having a look at this?  Thanks,

2013-11-18  Marek Polacek  <pola...@redhat.com>

        * doc/invoke.texi: Extend -fsanitize=undefined documentation.

--- gcc/doc/invoke.texi.mp3     2013-11-18 15:57:47.104103101 +0100
+++ gcc/doc/invoke.texi 2013-11-18 17:08:51.305594441 +0100
@@ -5260,9 +5260,45 @@ data race bugs.
 See @uref{http://code.google.com/p/data-race-test/wiki/ThreadSanitizer} for 
more details.
 
 @item -fsanitize=undefined
-Enable UndefinedBehaviorSanitizer, a fast undefined behavior detector
+Enable UndefinedBehaviorSanitizer, a fast undefined behavior detector.
 Various computations will be instrumented to detect undefined behavior
-at runtime, e.g.@: division by zero or various overflows.
+at runtime.  Current suboptions are:
+
+@itemize @bullet
+
+@item @option{-fsanitize=shift}
+
+This option enables checking that the result of a shift operation is
+not undefined.  Note that what exactly is considered undefined differs
+slightly between C and C++, as well as between ANSI C and C99, etc.
+
+@item @option{-fsanitize=integer-divide-by-zero}
+
+Detect integer division by zero as well as @code{INT_MIN / -1} division.
+Note that the latter is only made undefined from C99 onwards.
+
+@item @option{-fsanitize=unreachable}
+
+With this option, the compiler will turn the @code{__builtin_unreachable}
+call into a diagnostics message call instead.  When reaching the
+@code{__builtin_unreachable} call, the behavior is undefined.
+
+@item @option{-fsanitize=vla-bound}
+
+This option instructs the compiler to check that the size of a variable
+length array is positive.  This option does not have any effect in
+@option{-std=c++1y} mode, as the standard requires the exception be thrown
+instead.
+
+@item @option{-fsanitize=null}
+
+This option enables pointer checking.  Particularly, the application
+built with this option turned on will issue an error message when it
+tries to dereference a NULL pointer, or if a reference (possibly an
+rvalue reference) is bound to a NULL pointer.
+
+@end itemize
+
 While @option{-ftrapv} causes traps for signed overflows to be emitted,
 @option{-fsanitize=undefined} gives a diagnostic message.
 This currently works only for the C family of languages.

        Marek

Reply via email to