tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

detecting integer overflow (was: Re: databases/sqlite on powerpc)

Am 24.06.2022 um 13:33 schrieb Taylor R Campbell:
On powerpc, char is unsigned, so the code

     char *stddt;
     int hash;
     hash = 0;
     for(j=0; stddt[j]; j++){
       hash = hash*53 + stddt[j];

computes sums and products of nonnegative quantities in (signed) int
arithmetic, in which overflow is undefined behaviour.  gcc may deduce
that the value of hash must lie in the interval [0, INT_MAX] = [0,
0x7fffffff], under which premise the expression `hash & 0x7fffffff'
can be correctly replaced by `hash'.

I reproduced it on Godbolt's Compiler Explorer, thanks for the explanation.

I briefly thought about adding a check for this case to NetBSD's lint.
Since 2022-05-26, lint tracks the possible values of integer
expressions, and this integer overflow would be a perfect fit for it.
But then I noticed that lint only tracks the possible values in a single
expression, it does not track them through a whole function. Adding that
would be possible but non-trivial.

Which other static analysis tool can detect this kind of bug? Running
GCC with -Woverflow doesn't print anything.

Home | Main Index | Thread Index | Old Index