Hi Clang folks,
Attached is my student Peng Li's patch to Clang for detecting integer
undefined behaviors. It will complain, for example, about C or C++ code
that evaluates any of:
-INT_MIN
INT_MAX+1
2*INT_MAX
>>-1
x/0
These behaviors are undefined in all modern C/C++ variants.
Additionally, C99 and C++0x make lots of harmless-looking signed
left-shifts into undefined behavior. For example, 1<<31 is undefined
when sizeof(int)==4 because the result cannot be represented as a signed
32-bit quantity. Peng's patch has separate flags for the basic checks
and for the more aggressive C99/C++0x checks.
It also takes a flag for whether to use explicit checks or LLVM's
x.with.overflow intrinsics. The intrinsics (off by default) are faster
but not as well tested.
We'd like to get this integrated into Clang; please let us know if that
might happen and if so, what kind of changes we'll need to make.
Clang's generated code should not change at all if checking is not
requested.
Currently, we require a trap handler object file (source code also
attached) to be placed in /usr/local/lib or similar. We should move this
into LLVM somewhere, obviously, and would appreciate advice about
where/how to do that.
This checker has found problems in many applications including OpenSSL,
Perl, Python, PHP, BIND, and LLVM itself. My guess is that once a Clang
with this checker is released, it will generate a significant number of
new Clang users. We've already had a number of people ask for the tool.
John Regehr
trap_handler_onefile.c (17.6 KB)
clang-standalone-111903.patch (58.6 KB)
README (3.26 KB)