Victor Campos via llvm-dev
2021-Apr-21 08:21 UTC
[llvm-dev] Noob question from friend of cybersecu guy
clang -fsanitize=undefined might be what you're looking for. https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html Cheers, Victor. On Wed, 21 Apr 2021, at 03:55, pawel k. via llvm-dev wrote:> Hello, > In previous life i knew one cybersecu bounty hunter. As a leftover from > then, i was wondering whether it would be useful and feasible to have > in clang or clang static analyzer the checks for two classes of awkward > types of code. Namely c++'ses 191 undefined behaviours and 52 > unspecified behaviours. That could possibly help to automatically > pinpoint the nonportable or randomly code working only because of > coincidence. Whether wed warn or err on such shall be up for discussion. > > Sorry if that is super obvious and already implemented or np hard or useless. > > If interested author of csmith might know something about full list of > these as he is author of randome code generator that avoids genning > code with such artifacts. > > Best regards, > Pawel Kunio > > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org <mailto:llvm-dev%40lists.llvm.org> > https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev >
pawel k. via llvm-dev
2021-Apr-21 08:36 UTC
[llvm-dev] Noob question from friend of cybersecu guy
Hello, Oh thank You. Thats what i was looking for. I hope it includes unspecifieds too. Best regards, Pawel Kunio śr., 21.04.2021, 10:21 użytkownik Victor Campos <victor at victorcampos.me> napisał:> clang -fsanitize=undefined might be what you're looking for. > > https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html > > Cheers, > Victor. > > On Wed, 21 Apr 2021, at 03:55, pawel k. via llvm-dev wrote: > > Hello, > > In previous life i knew one cybersecu bounty hunter. As a leftover from > > then, i was wondering whether it would be useful and feasible to have > > in clang or clang static analyzer the checks for two classes of awkward > > types of code. Namely c++'ses 191 undefined behaviours and 52 > > unspecified behaviours. That could possibly help to automatically > > pinpoint the nonportable or randomly code working only because of > > coincidence. Whether wed warn or err on such shall be up for discussion. > > > > Sorry if that is super obvious and already implemented or np hard or > useless. > > > > If interested author of csmith might know something about full list of > > these as he is author of randome code generator that avoids genning > > code with such artifacts. > > > > Best regards, > > Pawel Kunio > > > > > > _______________________________________________ > > LLVM Developers mailing list > > llvm-dev at lists.llvm.org <mailto:llvm-dev%40lists.llvm.org> > > https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev > > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20210421/dff5a15e/attachment.html>
pawel k. via llvm-dev
2021-Apr-21 12:19 UTC
[llvm-dev] Noob question from friend of cybersecu guy
Hello, Oh i found out its mostly or only runtime. I was thinking of something similar but mostly or only compile-time. Its great base for my solution though. Best regards, Pawel Kunio śr., 21.04.2021, 10:21 użytkownik Victor Campos <victor at victorcampos.me> napisał:> clang -fsanitize=undefined might be what you're looking for. > > https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html > > Cheers, > Victor. > > On Wed, 21 Apr 2021, at 03:55, pawel k. via llvm-dev wrote: > > Hello, > > In previous life i knew one cybersecu bounty hunter. As a leftover from > > then, i was wondering whether it would be useful and feasible to have > > in clang or clang static analyzer the checks for two classes of awkward > > types of code. Namely c++'ses 191 undefined behaviours and 52 > > unspecified behaviours. That could possibly help to automatically > > pinpoint the nonportable or randomly code working only because of > > coincidence. Whether wed warn or err on such shall be up for discussion. > > > > Sorry if that is super obvious and already implemented or np hard or > useless. > > > > If interested author of csmith might know something about full list of > > these as he is author of randome code generator that avoids genning > > code with such artifacts. > > > > Best regards, > > Pawel Kunio > > > > > > _______________________________________________ > > LLVM Developers mailing list > > llvm-dev at lists.llvm.org <mailto:llvm-dev%40lists.llvm.org> > > https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev > > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20210421/03031ffc/attachment.html>