gcc-4.9 Undefined Behavior Sanitizer

风格不统一 提交于 2019-11-28 17:13:54
Nemo

This is more a framework for adding such checks than an attempt to detect all forms of undefined behavior (which is almost certainly impossible in the "halting problem" sense).

The GCC documentation lists these as the currently supported checks:

-fsanitize=undefined Enable UndefinedBehaviorSanitizer, a fast undefined behavior detector. Various computations will be instrumented to detect undefined behavior at runtime. Current suboptions are:

-fsanitize=shift This option enables checking that the result of a shift operation is not undefined. Note that what exactly is considered undefined differs slightly between C and C++, as well as between ISO C90 and C99, etc.

-fsanitize=integer-divide-by-zero Detect integer division by zero as well as INT_MIN / -1 division.

-fsanitize=unreachable With this option, the compiler will turn the __builtin_unreachable call into a diagnostics message call instead. When reaching the __builtin_unreachable call, the behavior is undefined.

-fsanitize=vla-bound This option instructs the compiler to check that the size of a variable length array is positive. This option does not have any effect in -std=c++1y mode, as the standard requires the exception be thrown instead.

-fsanitize=null This option enables pointer checking. Particularly, the application built with this option turned on will issue an error message when it tries to dereference a NULL pointer, or if a reference (possibly an rvalue reference) is bound to a NULL pointer.

-fsanitize=return This option enables return statement checking. Programs built with this option turned on will issue an error message when the end of a non-void function is reached without actually returning a value. This option works in C++ only.

-fsanitize=signed-integer-overflow This option enables signed integer overflow checking. We check that the result of +, *, and both unary and binary - does not overflow in the signed arithmetics. Note, integer promotion rules must be taken into account. That is, the following is not an overflow:

signed char a = SCHAR_MAX;
a++;

While -ftrapv causes traps for signed overflows to be emitted, -fsanitize=undefined gives a diagnostic message. This currently works only for the C family of languages.

Complete list of options listed in UndefinedBehaviorSanitizer

Latest GCC 5.0 additions extracted from GCC 5 Release Series : Changes, New Features, and Fixes listed below;

UndefinedBehaviorSanitizer gained a few new sanitization options:

-fsanitize=float-divide-by-zero: detect floating-point division by zero;
-fsanitize=float-cast-overflow: check that the result of floating-point type to integer conversions do not overflow;
-fsanitize=bounds: enable instrumentation of array bounds and detect out-of-bounds accesses;
-fsanitize=alignment: enable alignment checking, detect various misaligned objects;
-fsanitize=object-size: enable object size checking, detect various out-of-bounds accesses.
-fsanitize=vptr: enable checking of C++ member function calls, member accesses and some conversions between pointers to base and derived classes, detect if the referenced object does not have the correct dynamic type.
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!