Home » HACKER-TECH » New issues in clang land (5.zero.zero)

New issues in clang land (5.zero.zero)

LLVM 5.zero.zero became already released abet in September, but I unexcited would desire to point to some attention-grabbing issues I encountered while the usage of clang 5. This might no longer duvet all the new issues there are, please verify the free up notes of the respective LLVM parts for that.

More aggressive optimizations

I would perchance perchance perchance no longer obtain a degree to of this within the free up notes, but clang will now do away with assessments for null pointers in more cases. Within the instance below, this design outputs i is no longer nullptr, even supposing that is clearly no longer the case.


Here is what happens when clang generates the code for f()int* i is dereferenced in line 10. By definition, a nullptr would perchance perchance perchance no longer be dereferenced (undefined behavior!), so clang infers that i != nullptr. In consequence, the mark within the next line would perchance perchance perchance additionally be removed, and only the code for the “correct” branch wants to be generated. No topic the real argument handed, the similar message will likely be printed.

You might perchance perchance surprise why the dereferencing of i for the characteristic name would no longer lead to a atomize at runtime. The motive is that this would no longer generate any code that would perchance perchance perchance atomize; only accessing int& i in f_unused_parameter() would cease that. Alternatively, UndefinedBehaviorSanitizer does whinge:

The optimization that removes the verify happens at -O1 and above. It didn’t happen with clang 4 even at -O3.

AddressSanitizer: stack-employ-after-scope

Variables located on the stack occupy a defined lifetime, or scope. When declared in a characteristic physique, the scope ends at the kill of the characteristic. The identical is correct in a scope manually defined by braces. The usage of a variable past the kill of the lifetime, as an illustration by handing out a pointer to it, is undefined behavior.

AddressSanitizer now assessments for this coding error by default. The characteristic has been there for somewhat a while, but now it appears ready for prime time. Reminiscence usage appears to be decrease than as soon as I final tested it about 1/2 a three hundred and sixty five days ago. The verify finds just a few attention-grabbing issues, listed below are two examples:

Can you situation the error? AddressSanitizer absolutely can:

It sounds as if a stack variable is accessed after its scope has already ended. The variable known as ref.tmp. We cease no longer occupy a variable by that name in this design, so it must occupy been generated by the compiler. AddressSanitizer can narrow this down extra as soon as we are constructing with -g1 or above. This might generate debug recordsdata, and the 2nd portion of the characterize will then conception enjoy this:

Good ample, so we know we only occupy to study line 30:

There are only two objects right here, the TraceGuard object with a scope except the kill of main(), and the momentary Recordsdata object which works out of scope at the kill of the assertion, but is unexcited referenced by tg! So we occupy now found the agonize, and right here’s a imaginable fix:

recordsdata is now assured to outlive tg.

Here’s a much less evident model of the similar agonize:

This might design off the similar characterize as above. Even the static_cast produces a momentary right here, and AddressSanitizer keenly tracks its lifetime and reports our error.

These coding errors are slightly benign, and would perchance perchance perchance no longer even lead to concerns. But they’re undefined behavior, and the compiler is free to re-employ the stack build the build the momentary resides, which would perchance perchance perhaps lead to subtle and arduous-to-obtain bugs. There is a gcc technique to alter reuse of stack variables:


This selection controls stack build reuse for client declared local/auto variables and compiler generated temporaries. reuse_level would perchance perchance perchance additionally be ‘all’, ‘named_vars’, or ‘none’.

When you happen to suspect such concerns in a tremendous codebase that you can’t instantly fix, this will likely be a precious momentary workaround.

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *