This is an archive of the discontinued LLVM Phabricator instance.

[PDB] Fix unsigned integer overflow
ClosedPublic

Authored by thakis on Feb 26 2021, 8:19 AM.

Details

Summary

When building with -fsanitize=unsigned-integer-overflow, this code
causes a diagnostic like:

../../llvm/lib/DebugInfo/PDB/Native/GSIStreamBuilder.cpp:159:15:
runtime error: unsigned integer overflow:
90 - 229 cannot be represented in type 'unsigned long'

unsigned integer overflow is well defined and it isn't an issue in
practice, but in obscure scenarios (S1.size() small, S2.size over 2GB
on 32-bit systems) it could even be a bug.

So use the usual idiom for implementing cmp functions instead of the
gernally considered buggy idiom :)
See e.g. https://www.gnu.org/software/libc/manual/html_node/Comparison-Functions.html
or https://stackoverflow.com/questions/10996418/efficient-integer-compare-function/10997428#10997428

Diff Detail

Event Timeline

thakis created this revision.Feb 26 2021, 8:19 AM
thakis requested review of this revision.Feb 26 2021, 8:19 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 26 2021, 8:19 AM
hans accepted this revision.Feb 26 2021, 8:23 AM

(I've written and been bit by this bug at least one time that I remember. I wonder if clang could have warning tailored to it..)

This revision is now accepted and ready to land.Feb 26 2021, 8:23 AM
This revision was landed with ongoing or failed builds.Feb 26 2021, 8:27 AM
This revision was automatically updated to reflect the committed changes.

(I've written and been bit by this bug at least one time that I remember. I wonder if clang could have warning tailored to it..)

(I guess you'd pattern-match for if (a_with_some_int_type != b_with_some_int_type) return a_with_some_int_type - b_with_some_int_type; and warn on that and propose a diff like in this patch as fixit? could work!)