c++ - gcc-4.9 未定义行为清理器

Question

在 gcc-4.9 changes它说:

UndefinedBehaviorSanitizer (ubsan), a fast undefined behavior detector, has been added and can be enabled via -fsanitize=undefined. Various computations will be instrumented to detect undefined behavior at runtime. UndefinedBehaviorSanitizer is currently available for the C and C++ languages.

我查看了这个问题 (A C++ implementation that detects undefined behavior?)，但它似乎已经过时了。

这个链接 (http://gcc.gnu.org/ml/gcc-patches/2013-06/msg00264.html) 有一些关于它的信息，但它是几个月前的。

This is an attempt to add the Undefined Behavior Sanitizer to GCC. Note that it's very alpha version; so far it doesn't do that much, at the moment it should handle division by zero cases, INT_MIN / -1, and various shift cases (shifting by a negative value, shifting when second operand is >= than TYPE_PRECISION (first_operand) and suchlike. (On integer types, so far.)

据我所知，它正在从 LLVM 移植到 gcc。

我用 (5/0) 试过了，唯一的区别似乎是这个输出:

main.cpp:5:19: runtime error: division by zero

有没有人有更多关于它的信息或者它有什么特点？

Answer 1

这更像是一个添加此类检查的框架，而不是尝试检测所有形式的未定义行为(这在“停止问题”意义上几乎肯定是不可能的)。

GCC documentation将这些列为当前支持的检查:

-fsanitize=undefined Enable UndefinedBehaviorSanitizer, a fast undefined behavior detector. Various computations will be instrumented to detect undefined behavior at runtime. Current suboptions are:

-fsanitize=shift This option enables checking that the result of a shift operation is not undefined. Note that what exactly is considered undefined differs slightly between C and C++, as well as between ISO C90 and C99, etc.

-fsanitize=integer-divide-by-zero Detect integer division by zero as well as INT_MIN / -1 division.

-fsanitize=unreachable With this option, the compiler will turn the __builtin_unreachable call into a diagnostics message call instead. When reaching the __builtin_unreachable call, the behavior is undefined.

-fsanitize=vla-bound This option instructs the compiler to check that the size of a variable length array is positive. This option does not have any effect in -std=c++1y mode, as the standard requires the exception be thrown instead.

-fsanitize=null This option enables pointer checking. Particularly, the application built with this option turned on will issue an error message when it tries to dereference a NULL pointer, or if a reference (possibly an rvalue reference) is bound to a NULL pointer.

-fsanitize=return This option enables return statement checking. Programs built with this option turned on will issue an error message when the end of a non-void function is reached without actually returning a value. This option works in C++ only.

-fsanitize=signed-integer-overflow This option enables signed integer overflow checking. We check that the result of +, *, and both unary and binary - does not overflow in the signed arithmetics. Note, integer promotion rules must be taken into account. That is, the following is not an overflow:

signed char a = SCHAR_MAX;
a++;

While -ftrapv causes traps for signed overflows to be emitted, -fsanitize=undefined gives a diagnostic message. This currently works only for the C family of languages.