GCC`-fsanitize = bounds`奇怪的行为与`std :: array` [英] GCC `-fsanitize=bounds` strange behaviour with `std::array`
问题描述
我试着在代码中使用 -fsanitize = bounds 选项找出超出范围的问题,但我遇到了奇怪的行为:
例如在以下代码中:
#include
#include< array>
int main(int,char **)
{
std :: array< char,1>一个;
const char b = a [X]; // X < - 将索引放在这里!
return EXIT_SUCCESS;
}
使用以下选项编译: $ g ++ -std = c ++ 11 -fsanitize = bounds -O0 main.cpp -o main 。
如果我尝试访问索引大于1的元素,错误报告: 这个例子经过了测试:
/ usr / include / c ++ / 5 / array:53:36:运行时错误:索引2出现类型'char [1]'的限制
- 这是预期的行为,可能是我错过了什么? $ g ++ --version g ++(Ubuntu 5.4.0-6ubuntu1〜16.04.2)5.4.0 20160609 ;
- $ g ++ --version g ++ (Ubuntu 6.2.0-5ubuntu12)6.2.0 20161005 。
$ b UPD
我在GCC 6中试过 -fsanitize = bounds-stric ,结果是一样的。
我无法立即找到这个文档(或者说,真的很强大的文档任何类型的离子),但是这很可能是这个功能的实现细节。获得一个最后的指针是合法的,所以实现不能陷入这个困境。看起来实现通过查看指针来工作,而不是等待这样一个指针被解除引用(如果你考虑如何创建 -fsanitize = bounds
简而言之,这可能只是该工具的一个限制。
在GCC 6中,你可以尝试 -fsanitize = bounds-strict 这会增加工具的强度(包括增加对检测OOB访问灵活类成员数组的支持)。 b
$ b
我不知道这是一个库还是编译器问题,但是无论哪种方式,值得注意的是,同样的问题目前是一个针对clang的开放式错误(#21485 ),并且评论中的推测与我上面的讨论匹配。
第三方网站第二部分关于 ubsa的文章n 也意味着这是最终预期的行为。
I'm trying find out of bounds problems in my code using -fsanitize=bounds option, but I faced with strange behaviour:
For instance in the following code:
#include <cstdlib>
#include <array>
int main (int, char **)
{
std::array <char, 1> a;
const char b = a [X]; // X <--- put index here!
return EXIT_SUCCESS;
}
compiled with options: $ g++ -std=c++11 -fsanitize=bounds -O0 main.cpp -o main.
If I try access to element with index more than 1, errors are reported:
/usr/include/c++/5/array:53:36: runtime error: index 2 out of bounds for type 'char [1]' .
But if I try access to element with index 1 - everything OK and no errors are reported.
Is it expected behaviour and may be I've missed something?
The example is tested on:
- $ g++ --version g++ (Ubuntu 5.4.0-6ubuntu1~16.04.2) 5.4.0 20160609;
- $ g++ --version g++ (Ubuntu 6.2.0-5ubuntu12) 6.2.0 20161005.
UPD
I tried -fsanitize=bounds-stric in GCC 6 and result the same.
I can't immediately find documentation for this (or, really, strong documentation of any kind), but it strikes me as likely that this is an implementation detail for the feature. It is legal to obtain one-past-the-end pointers, so an implementation could not trap on this. It seems the implementation works by looking at the pointer, rather than waiting for such a pointer to be dereferenced (which makes some sense if you think about how you would create -fsanitize=bounds).
In short, this may simply be a limitation of the tool.
In GCC 6, you might try -fsanitize=bounds-strict which increases the strength of the tool (including adding support for detecting OOB access to flexible member-like arrays).
I can't tell whether this is a library or compiler issue, but either way it's worth noting that the same problem is currently an open bug against clang (#21485), and the supposition in comments there matches my ramblings above.
A third-party article on ubsan also implies that this is, ultimately, expected behaviour.
这篇关于GCC`-fsanitize = bounds`奇怪的行为与`std :: array`的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
