在 clang/gcc 中是否有未定义的行为可以逃脱 fsanitize?
[英]Are there undefined behaviors that escape fsanitize in clang/gcc?
问题描述
Question about undefined behavior in C/C++: if I compile a program, say, file.c , with:
关于 C/C++ 中未定义行为的问题:如果我编译一个程序,比如file.c ,其中:
clang/gcc -g -fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=all file.c
And the program runs and terminates normally, can I assume that this program did not incur in any undefined behavior during that execution?并且程序正常运行和终止,我可以假设该程序在执行期间没有发生任何未定义的行为吗? If that is not the case, and an undefined behavior is still possible, could you give me a counter example?如果不是这种情况,并且仍然可能出现未定义的行为,您能给我举个反例吗? And, is there a way to catch this undefined behavior?而且,有没有办法捕捉这种未定义的行为? Perhaps using RV-Match ?也许使用RV-Match ?
2 个解决方案
解决方案1
1 2022-07-19 22:28:57
Are there undefined behaviors that escape fsanitize in clang/gcc?
Yes, of course.是的当然。
can I assume that this program did not incur in any undefined behavior during that execution?
No.不。
If that is not the case, and an undefined behavior is still possible, could you give me a counter example?
There are many, many, many, many such examples.这样的例子有很多很多很多很多。 Dunno, for example this idea:不知道,例如这个想法:
int __; int main() { return 0; }
Compiles cleanly on gcc12.1 and clang14.0 with -fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=all --pedantic -Wall -Wextra -ansi .使用-fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=all --pedantic -Wall -Wextra -ansi在 gcc12.1 和 clang14.0 上干净地编译。 Yet, contains an identifier that starts with two underscores, which is undefined behavior.然而,包含一个以两个下划线开头的标识符,这是未定义的行为。
is there a way to catch this undefined behavior?
I would say it is not proven if it is possible or not to catch all possible undefined behaviors.我想说的是,是否有可能捕获所有可能的未定义行为并没有得到证明。
解决方案2
0 2022-07-19 22:43:31
The Standard was never written to unambiguously partition all program executions into those which exhibit Undefined Behavior and those which do not.从来没有编写标准来明确地将所有程序执行划分为表现出未定义行为的那些和不表现出未定义行为的那些。 No tool could possibly identify all of the program executions that an implementation might conceivably process nonsensically, without also flagging many program executions which all practical implementations would in fact process consistently.没有任何工具可以识别出一个实现可能会毫无意义地处理的所有程序执行,而不会标记所有实际实现实际上会一致处理的许多程序执行。
This is especially true many situations involving restrict .在许多涉及restrict的情况下尤其如此。 Whether constructs have defined behavior or not will often depend upon whether changing some pointer Q so it points to a copy of the same data would change the value produced by evaluating some other pointer expression P. While there are times when this definition will sensibly recognize some pointer P as being unambiguously based upon Q, and there are times when it will sensibly recognize some pointer P as unambiguously not based upon Q, there are times when it does neither.构造是否具有定义的行为通常取决于更改某个指针 Q 使其指向相同数据的副本是否会更改通过评估某个其他指针表达式 P 产生的值。虽然有时这个定义会明智地识别一些指针 P 明确地基于 Q,并且有时它会明智地识别出某个指针 P 明确地不基于 Q,有时它两者都不是。 The question of whether a program's behavior is defined in such circumstances may be essentially unanswerable, and thus an implementation could not plausibly be expected to answer it.在这种情况下是否定义了程序的行为的问题可能基本上是无法回答的,因此无法合理地期望实现来回答它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.