How I'm supposed to use the sanitizer in clang?

无人久伴 提交于 2019-11-27 23:34:28

The undefined symbol is a function that implements the sanitizer's check. If you look at generated code:

No sanitizer:

_Z3foof:                                # @_Z3foof
    .cfi_startproc
# BB#0:
    xorps   %xmm1, %xmm1
    divss   %xmm1, %xmm0
    ret

With sanitizer:

_Z3foof:                                # @_Z3foof
    .cfi_startproc
    .long   1413876459              # 0x54460aeb
    .quad   _ZTIFffE
# BB#0:
    pushq   %rax
.Ltmp1:
    .cfi_def_cfa_offset 16
    movss   %xmm0, 4(%rsp)          # 4-byte Spill
    movd    %xmm0, %esi
    movl    $__unnamed_1, %edi
    xorl    %edx, %edx
    callq   __ubsan_handle_divrem_overflow
    xorps   %xmm1, %xmm1
    movss   4(%rsp), %xmm0          # 4-byte Reload
    divss   %xmm1, %xmm0
    popq    %rax
    ret

You see it's added the code to do the check using that function.

The compiler should automatically link in the appropriate sanitizer library and then for me the following complete program:

float foo(float f) { return (f / 0); }
int main() {
    foo(1.0f);
}

Produces the following output when executed:

main.cpp:1:32: runtime error: division by zero

I built and ran using the command clang++ -fsanitize=undefined main.cpp && ./a.out


If you want compile-time checks you want to either enable more compiler warnings or the static analyzer. However there doesn't seem to be any warning or static analysis check for floating point divide-by-zero errors.

Here's a program that produces an analyzer report:

#include <malloc.h>

int main() {
    int *i = (int*) malloc(sizeof(int));
}

Compiled with clang++ -std=c++11 main.cpp it produces no diagnostics, but compiled with clang++ -std=c++11 --analyze main.cpp it reports the following:

main.cpp:4:10: warning: Value stored to 'i' during its initialization is never read
    int *i = (int*) malloc(sizeof(int));
         ^   ~~~~~~~~~~~~~~~~~~~~~~~~~~
main.cpp:5:1: warning: Potential leak of memory pointed to by 'i'
}
^

The dead store can also be detected with -Weverything [-Wunused-value], but the leak is only detected by the analyzer.

By default full analysis results are written to a plist file. You can also run the analyzer with the commands:

clang++ --analyze -Xanalyzer -analyzer-output=text main.cpp
clang++ --analyze -Xanalyzer -analyzer-output=html -o html-dir main.cpp

To get detailed walk-throughs of detected issues on the standard output or via html display of annotated source code respectively, instead of in a plist.

Analyzer checks are listed here.

Note that to work best the analyzer needs to analyze whole programs, which means it needs to tie into the build system. The usual interface is via an IDE (Xcode) or the scan-build tool with make. CMake has some clang features such as producing clang JSON compilation database files but I'm not sure off hand if CMake has any built in support for the clang analyzer.

Shafik Yaghmour

So if we look at the documentation in the the Controlling Code Generation it says (emphasis mine):

Turn on runtime checks for various forms of undefined or suspicious behavior.

This option controls whether Clang adds runtime checks for various forms of undefined or suspicious behavior, and is disabled by default. If a check fails, a diagnostic message is produced at runtime explaining the problem.

so these are runtime checks not compile time checks. So if you used foo in your code then you would see the following output:

runtime error: division by zero

See this example live using -fsanitize=undefined:

float foo(float f) { return (f / 0); }

int main()
{
    int x = 1 << 100 ;
    foo( 2.0f ) ;
}

it generates two run-time messages:

main.cpp:6:19: runtime error: shift exponent 100 is too large for 32-bit type 'int'

main.cpp:2:36: runtime error: division by zero

Update

With respect to static checkers, in my answer to A C++ implementation that detects undefined behavior? I mention several tools: STACK, kcc and of course Frama-C.

Apparently clang allows you to use --analyze to run it's static checker but it seems like it may be disabled eventually and the the correct way to run it would be through scan-build.

Also in my self-answered question Why do constant expressions have an exclusion for undefined behavior? I show how constexprs can be used to catch undefined behavior at compile time.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!