检测未定义行为的C ++实现? [英] A C++ implementation that detects undefined behavior?
问题描述
大量的C ++操作会导致未定义的行为,在该规范中,程序的行为应完全静音,并允许发生任何事情。因此,在各种情况下,人们拥有的代码都是在调试模式下编译的,而不是发布模式的,或者直到进行似乎无关的更改才起作用,或者只能在一台机器上工作,而不能在另一台机器上工作,等等。
A huge number of operations in C++ result in undefined behavior, where the spec is completely mute about what the program's behavior ought to be and allows for anything to happen. Because of this, there are all sorts of cases where people have code that compiles in debug but not release mode, or that works until a seemingly unrelated change is made, or that works on one machine but not another, etc.
我的问题是是否有一个实用程序可以查看C ++代码的执行情况并标记程序调用未定义行为的所有实例。虽然很高兴我们拥有valgrind和Check STL实现之类的工具,但这些功能不如我所考虑的强大-例如,如果您浪费了仍分配的内存并检查了STL实现,则valgrind可能具有假阴性结果
My question is whether there is a utility that looks at the execution of C++ code and flags all instances where the program invokes undefined behavior. While it's nice that we have tools like valgrind and checked STL implementations, these aren't as strong as what I'm thinking about - valgrind can have false negatives if you trash memory that you still have allocated, for example, and checked STL implementations won't catch deleting through a base class pointer.
此工具是否存在?还是完全放开它还是有用的?
Does this tool exist? Or would it even be useful to have it lying around at all?
编辑:我知道一般来说,静态检查是不确定的C ++程序是否可能执行具有未定义行为的内容。但是,可以确定C ++的特定执行是否产生未定义的行为。一种实现方法是使C ++解释器根据规范中列出的定义逐步遍历代码,并在每个点确定代码是否具有未定义的行为。这不会检测到在特定程序执行时不会发生的未定义行为,但是会发现实际上在程序中表现出来的任何未定义行为。这与图灵可辨性的关系有关,即确定一个TM是否接受某些输入,即使它仍然不确定,也是如此。
EDIT: I am aware that in general it is undecidable to statically check whether a C++ program may ever execute something that has undefined behavior. However, it is possible to determine whether a specific execution of a C++ produced undefined behavior. One way to do this would be to make a C++ interpreter that steps through the code according to the definitions set out in the spec, at each point determining whether or not the code has undefined behavior. This won't detect undefined behavior that doesn't occur on a particular program execution, but it will find any undefined behavior that actually manifests itself in the program. This is related to how it is Turing-recognizable to determine if a TM accepts some input, even if it's still undecidable in general.
谢谢!
推荐答案
John Regehr 在通过查找无效代码查找未定义的行为错误指出了一个名为堆栈,我从网站上引用(强调我的):
John Regehr in Finding Undefined Behavior Bugs by Finding Dead Code points out a tool called STACK and I quote from the site (emphasis mine):
优化不稳定代码(简称不稳定代码)是一类新兴的软件错误:由于程序中未定义的行为而被编译器优化意外消除的代码。不稳定代码在许多系统中都存在,包括Linux内核和Postgres数据库服务器。不稳定代码的后果包括功能不正确到缺少安全检查。
Optimization-unstable code (unstable code for short) is an emerging class of software bugs: code that is unexpectedly eliminated by compiler optimizations due to undefined behavior in the program. Unstable code is present in many systems, including the Linux kernel and the Postgres database server. The consequences of unstable code range from incorrect functionality to missing security checks.
STACK是静态检查器,可以检测C / C ++程序中的不稳定代码。将STACK应用于广泛使用的系统已发现160个已确认并由开发人员修复的错误。
STACK is a static checker that detects unstable code in C/C++ programs. Applying STACK to widely used systems has uncovered 160 new bugs that have been confirmed and fixed by developers.
> C ++ 11 用于 constexpr 变量和函数未定义行为 在编译时应该被捕获。
我们也有 gcc ubsan :
GCC最近(版本4.9)获得了Undefined Behavior Sanitizer
(ubsan),它是C和C ++语言的运行时检查器。为了使
与ubsan一起检查程序,请使用
-fsanitize = undefined选项编译并链接该程序。必须执行此类检测二进制文件;如果ubsan检测到任何问题,则会输出运行时错误:
消息,并且在大多数情况下会继续执行程序。
GCC recently (version 4.9) gained Undefined Behavior Sanitizer (ubsan), a run-time checker for the C and C++ languages. In order to check your program with ubsan, compile and link the program with -fsanitize=undefined option. Such instrumented binaries have to be executed; if ubsan detects any problem, it outputs a "runtime error:" message, and in most cases continues executing the program.
和<一个href = http://clang-analyzer.llvm.org/index.html rel = noreferrer> Clang静态分析器,其中包括多次检查是否存在未定义的行为。例如 clangs - fsanitize 检查包括 -fsanitize = undefined :
and Clang Static Analyzer which includes many checks for undefined behavior. For example clangs -fsanitize checks which includes -fsanitize=undefined:
-fsanitize = undefined:快速和兼容的未定义行为检查器。启用未定义的行为检查,该检查具有较小的运行时成本,并且
对地址空间布局或ABI没有影响。除了未签名整数溢出外,这还包括下面列出的所有
支票。
-fsanitize=undefined: Fast and compatible undefined behavior checker. Enables the undefined behavior checks that have small runtime cost and no impact on address space layout or ABI. This includes all of the checks listed below other than unsigned-integer-overflow.
,对于 C 可以看一下他的文章现在是认真对待利用未定义行为的时候了,其中说:
and for C we can look at his article It’s Time to Get Serious About Exploiting Undefined Behavior which says:
[..]我承认个人没有通过最好的动态未定义行为检查器(KCC和Frama-C 。[...]
这是链接到kcc ,然后引用:
[...]如果尝试运行未定义的程序(或缺少语义的语言),该程序将被卡住。该消息应告诉您它在哪里卡住,并可能提示原因。如果您需要帮助解密输出或理解为什么未定义程序,请将您的.kdump文件发送给我们。[...]
[...]If you try to run a program that is undefined (or one for which we are missing semantics), the program will get stuck. The message should tell you where it got stuck and may give a hint as to why. If you want help deciphering the output, or help understanding why the program is undefined, please send your .kdump file to us.[...]
这是链接到Frama-C 的链接,这是文章,其中描述了Frama-C作为C解释器的首次使用以及附录。
and here are a link to Frama-C, an article where the first use of Frama-C as a C interpreter is described and an addendum to the article.
这篇关于检测未定义行为的C ++实现?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
