diff options
| author | Roman Lebedev <lebedev.ri@gmail.com> | 2018-10-11 09:09:50 +0000 |
|---|---|---|
| committer | Roman Lebedev <lebedev.ri@gmail.com> | 2018-10-11 09:09:50 +0000 |
| commit | dd403575a2e2068fd278a6165bc199b037759e6b (patch) | |
| tree | 625235fe427cd64b52332081bc1f718ea9e2b005 /clang/docs | |
| parent | 589fff9c71b37ddcf17942b07f61bfc95ae07dd5 (diff) | |
[clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
Summary:
As per IRC disscussion, it seems we really want to have more fine-grained `-fsanitize=implicit-integer-truncation`:
* A check when both of the types are unsigned.
* Another check for the other cases (either one of the types is signed, or both of the types is signed).
This is clang part.
Compiler-rt part is D50902.
Reviewers: rsmith, vsk, Sanitizers
Reviewed by: rsmith
Differential Revision: https://reviews.llvm.org/D50901
llvm-svn: 344230
Diffstat (limited to 'clang/docs')
| -rw-r--r-- | clang/docs/UndefinedBehaviorSanitizer.rst | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/clang/docs/UndefinedBehaviorSanitizer.rst b/clang/docs/UndefinedBehaviorSanitizer.rst index 86d0193a23c2..c971f634d7af 100644 --- a/clang/docs/UndefinedBehaviorSanitizer.rst +++ b/clang/docs/UndefinedBehaviorSanitizer.rst @@ -89,11 +89,16 @@ Available checks are: - ``-fsanitize=function``: Indirect call of a function through a function pointer of the wrong type (Darwin/Linux, C++ and x86/x86_64 only). - - ``-fsanitize=implicit-integer-truncation``: Implicit conversion from + - ``-fsanitize=implicit-unsigned-integer-truncation``, + ``-fsanitize=implicit-signed-integer-truncation``: Implicit conversion from integer of larger bit width to smaller bit width, if that results in data loss. That is, if the demoted value, after casting back to the original width, is not equal to the original value before the downcast. - Issues caught by this sanitizer are not undefined behavior, + The ``-fsanitize=implicit-unsigned-integer-truncation`` handles conversions + between two ``unsigned`` types, while + ``-fsanitize=implicit-signed-integer-truncation`` handles the rest of the + conversions - when either one, or both of the types are signed. + Issues caught by these sanitizers are not undefined behavior, but are often unintentional. - ``-fsanitize=integer-divide-by-zero``: Integer division by zero. - ``-fsanitize=nonnull-attribute``: Passing null pointer as a function @@ -160,6 +165,10 @@ You can also use the following check groups: behavior (e.g. unsigned integer overflow). Enables ``signed-integer-overflow``, ``unsigned-integer-overflow``, ``shift``, ``integer-divide-by-zero``, and ``implicit-integer-truncation``. + - ``fsanitize=implicit-integer-truncation``: Checks for implicit integral + conversions that result in data loss. + Enables ``implicit-unsigned-integer-truncation`` and + ``implicit-signed-integer-truncation``. - ``-fsanitize=implicit-conversion``: Checks for suspicious behaviours of implicit conversions. Currently, only ``-fsanitize=implicit-integer-truncation`` is implemented. |