pawel k. via llvm-dev
2021-Apr-21 02:55 UTC
[llvm-dev] Noob question from friend of cybersecu guy
Hello, In previous life i knew one cybersecu bounty hunter. As a leftover from then, i was wondering whether it would be useful and feasible to have in clang or clang static analyzer the checks for two classes of awkward types of code. Namely c++'ses 191 undefined behaviours and 52 unspecified behaviours. That could possibly help to automatically pinpoint the nonportable or randomly code working only because of coincidence. Whether wed warn or err on such shall be up for discussion. Sorry if that is super obvious and already implemented or np hard or useless. If interested author of csmith might know something about full list of these as he is author of randome code generator that avoids genning code with such artifacts. Best regards, Pawel Kunio -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20210421/a483f25e/attachment.html>
Victor Campos via llvm-dev
2021-Apr-21 08:21 UTC
[llvm-dev] Noob question from friend of cybersecu guy
clang -fsanitize=undefined might be what you're looking for. https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html Cheers, Victor. On Wed, 21 Apr 2021, at 03:55, pawel k. via llvm-dev wrote:> Hello, > In previous life i knew one cybersecu bounty hunter. As a leftover from > then, i was wondering whether it would be useful and feasible to have > in clang or clang static analyzer the checks for two classes of awkward > types of code. Namely c++'ses 191 undefined behaviours and 52 > unspecified behaviours. That could possibly help to automatically > pinpoint the nonportable or randomly code working only because of > coincidence. Whether wed warn or err on such shall be up for discussion. > > Sorry if that is super obvious and already implemented or np hard or useless. > > If interested author of csmith might know something about full list of > these as he is author of randome code generator that avoids genning > code with such artifacts. > > Best regards, > Pawel Kunio > > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org <mailto:llvm-dev%40lists.llvm.org> > https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev >