[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: uninorm/composition.c:75:22: runtime error
From: |
Bruno Haible |
Subject: |
Re: uninorm/composition.c:75:22: runtime error |
Date: |
Sat, 05 Mar 2022 22:23:33 +0100 |
Simon Josefsson wrote:
> > but this would be adding redundant casts, which - as Paul often remarks -
> > hamper maintainability.
>
> I agree -- it may be a clang UBSAN problem instead.
Actually it is not a problem at all. Converting an 'unsigned char' value to
'char' has a well-known behaviour for ages, and according to ISO C 2018
§ 6.5.16.1.(2) and § 6.3.1.3.(3), it is not "undefined" behaviour, just
"implementation-defined" behaviour.
You need to read the clang documentation [1]:
"-fsanitize=integer: Checks for undefined or suspicious integer behavior
(e.g. unsigned integer overflow). Enables
signed-integer-overflow,
unsigned-integer-overflow,
shift,
integer-divide-by-zero,
implicit-unsigned-integer-truncation,
implicit-signed-integer-truncation,
and implicit-integer-sign-change."
They don't claim that all of this is undefined behaviour. Among these 7
checks, only
signed-integer-overflow
shift
integer-divide-by-zero
are undefined behaviour.
It's like with the GCC options that enforce a specific code style: You are
to free to use them on your own code. But there is no value in reporting
failures of these options on Gnulib code — unless they uncovered real issues.
Bruno
[1]
https://releases.llvm.org/13.0.0/tools/clang/docs/UndefinedBehaviorSanitizer.html#silencing-unsigned-integer-overflow