[prev in list] [next in list] [prev in thread] [next in thread] 

List:       llvm-bugs
Subject:    [llvm-bugs] [Bug 27581] New: null sanitizer emits too many checks
From:       via llvm-bugs <llvm-bugs () lists ! llvm ! org>
Date:       2016-04-30 0:44:11
Message-ID: bug-27581-206 () http ! llvm ! org/bugs/
[Download RAW message or body]

--1461977052.16e7E1.27223
Date: Fri, 29 Apr 2016 19:44:12 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"

https://llvm.org/bugs/show_bug.cgi?id=27581

            Bug ID: 27581
           Summary: null sanitizer emits too many checks
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs@nondot.org
          Reporter: nlewycky@google.com
                CC: llvm-bugs@lists.llvm.org
    Classification: Unclassified

Testcase for things that should have checks with -fsanitize=null and things
that should not:

struct X {
  void nocheck(X &);
  void method();
  int i;
};
int &getref();
void intasptr(int *);

void check(X *ptr) {
  ptr->method();
  (*ptr).method();
  intasptr(&ptr->i);
  ptr->i++;
}

void X::nocheck(X &ref) {
  ref.method();  // has extra check
  method();  // has extra check
  intasptr(&ref.i);
  intasptr(&i);  // has extra check
  ref.i++;
  i++;  // has extra check

  intasptr(&getref());
}

The checks commented as being extra are ones which would have been caught by
-fsanitize=null when attempting to construct this situation, therefore they
would lead to duplicate error emission. Fixing these is desirable to reduce the
compile time and code size impact of the null sanitizer.

There's one other case I didn't list, "(&ref)->method();" which has an extra
check. That could go either way really, it happens to be impossible to be null
but that could be emitted by the sanitizer and left to the optimizer, or if
clang finds it easy enough to locally show that it's non-null, that works too.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

--1461977052.16e7E1.27223
Date: Fri, 29 Apr 2016 19:44:12 -0500
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"

<html>
    <head>
      <base href="https://llvm.org/bugs/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - null sanitizer emits too many checks"
   href="https://llvm.org/bugs/show_bug.cgi?id=27581">27581</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>null sanitizer emits too many checks
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>clang
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>-New Bugs
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedclangbugs&#64;nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>nlewycky&#64;google.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvm-bugs&#64;lists.llvm.org
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Testcase for things that should have checks with -fsanitize=null and things
that should not:

struct X {
  void nocheck(X &amp;);
  void method();
  int i;
};
int &amp;getref();
void intasptr(int *);

void check(X *ptr) {
  ptr-&gt;method();
  (*ptr).method();
  intasptr(&amp;ptr-&gt;i);
  ptr-&gt;i++;
}

void X::nocheck(X &amp;ref) {
  ref.method();  // has extra check
  method();  // has extra check
  intasptr(&amp;ref.i);
  intasptr(&amp;i);  // has extra check
  ref.i++;
  i++;  // has extra check

  intasptr(&amp;getref());
}

The checks commented as being extra are ones which would have been caught by
-fsanitize=null when attempting to construct this situation, therefore they
would lead to duplicate error emission. Fixing these is desirable to reduce the
compile time and code size impact of the null sanitizer.

There's one other case I didn't list, &quot;(&amp;ref)-&gt;method();&quot; which has an extra
check. That could go either way really, it happens to be impossible to be null
but that could be emitted by the sanitizer and left to the optimizer, or if
clang finds it easy enough to locally show that it's non-null, that works too.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>

--1461977052.16e7E1.27223--

[Attachment #3 (text/plain)]

_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs


[prev in list] [next in list] [prev in thread] [next in thread]