[llvm-dev] [Sanitizer] Sanitizer does not identify violation (original) (raw)

Brian Cain via llvm-dev llvm-dev at lists.llvm.org
Sat Nov 4 12:32:52 PDT 2017

Mahesh,

First, to clarify: the term "sanitizer" refers to a set of dynamic techniques for finding bugs and it does not intersect at all with these statically-detected compiler warnings. The AddressSanitizer would detect out-of-bounds issues like these at runtime and in my experience false negatives and false positives are very rare. Though since the access of b[11] is actually in-bounds, it would not trigger. This behavior is likely by design and not considered a bug.

So, regarding the warnings:

If you had declared the parameter with "static" qualifying the size, and you had passed an array smaller than the size indicated, that would result in another warning from the caller. Note that this is a C99 feature that is not present in C++.

Here's a demo showing the resulting warnings from clang when using that feature: https://godbolt.org/g/48NnME

Absent the "static" qualifier for the size, there's no real restriction from the language regarding the access of b[11] in the thisShallError() func beyond it failing to meet an implicit API.

On Sat, Nov 4, 2017 at 2:01 PM, Mahesh Attarde via llvm-dev < llvm-dev at lists.llvm.org> wrote:

Hello fellas, Recently i was working on bug, which is simplified as follow.

============================================================ ======================================================= Code: #include int thisShallError(int b[10]){ int gaurdTop = 0xF0F0; int c[16] = {0}; int gaurdDown[16]; gaurdDown[0] = 0x0F0F; return c[16] | b[11]; } int main(){ int mb[32]={0}; mb[11] = 0xF0F0; std::cout<<std::hex << thisShallError(mb);_ _return 0;_ _}_ _Warning:_ _4 : :4:9: warning: unused variable 'gaurdTop' [-Wunused-variable] <https://godbolt.org/#> int gaurdTop = 0xF0F0; ^ 8 : :8:12: warning: array index 16 is past the end of the array (which contains 16 elements) [-Warray-bounds] <https://godbolt.org/#> return c[16] | b[11]; ^ ~~ 5 : :5:5: note: array 'c' declared here <https://godbolt.org/#> int c[16] = {0}; ^ 2 warnings generated. Compiler exited with result code 0 ============================================================ =================== Things to note here. 1. variable b's size is know at compile time and i was expecting error just like c [third warning] 2. thisShallError accepts size of array as 10 but it is clearly declared with 32. Should we do something. [Given fact that Array will decay to pointer but sanitizer may warn, if possible] I want to confirm if this is bug or not,sanitizer has no false positive rule scenario??, will happy to patch it myself :) Thanks Mahesh

LLVM Developers mailing list llvm-dev at lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev

-- -Brian -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20171104/4dbae874/attachment.html>

More information about the llvm-dev mailing list