我应该如何使用消毒剂在?? [英] How I'm supposed to use the sanitizer in clang?
问题描述
对不起,如果这是一个简单的概念,但我很难获得正确的心态,以正确使用由 clang 提供的消毒剂。 / p>
float foo(float f){return(f / 0); }
我用
编译这个小片段clang ++ -fsanitize = float-divide-by-zero -std = c ++ 11 -stdlib = libc ++ -c source.cpp -o osan
我还编译一个正常版本的对象,而不使用sanitizer
clang ++ -std = c ++ 11 -stdlib = libc ++ -c source.cpp -o onorm
我期待一些详细的输出,或者从控制台的一些错误,但当检查文件与
nm我只找到1个差异nm o * --demangle
onorm:
0000000000000000 T foo b
osan:
U __ubsan_handle_divrem_overflow
0000000000000000 T foo(float)
所以在经过消毒的版本中有一个未定义的符号,其名称类似于我在编译时使用的消毒剂;但一切都是真的沉默,没有从铛前端输出。
我应该如何使用消毒剂和什么是正确的工作流?
解决方案未定义的符号是实现消毒剂检查的函数。如果您查看生成的代码:
没有sanitizer:
_Z3foof :#@ _Z3foof
.cfi_startproc
#BB#0:
xorps%xmm1,%xmm1
divss%xmm1,%xmm0
ret
使用sanitizer:
_Z3foof:#@ _Z3foof
.cfi_startproc
.long 1413876459#0x54460aeb
.quad _ZTIFffE
#BB#0:
pushq%rax
.Ltmp1:
.cfi_def_cfa_offset 16
movss%xmm0,4(%rsp)#4字节溢出
movd%xmm0,%esi
movl $ __ unnamed_1,%edi
xorl %edx,%edx
callq __ubsan_handle_divrem_overflow
xorps%xmm1,%xmm1
movss 4(%rsp),%xmm0#4字节重新载入
divss%xmm1,%xmm0
popq%rax
ret
您看到它添加了用于执行检查的代码使用该函数。
编译器应自动链接到相应的清理程序库,然后为我提供以下完整程序:
float foo(float f){return(f / 0); }
int main(){
foo(1.0f);
}
执行时生成以下输出:
main.cpp:1:32:运行时错误:除以零
我使用命令
clang ++ -fsanitize = undefined main.cpp&& ./a.out
如果要进行编译时检查,更多编译器警告或静态分析器。但是似乎没有任何警告或静态分析检查浮点除零错误。
这是一个产生分析器报告的程序:
#include< malloc.h>
int main(){
int * i =(int *)malloc(sizeof(int));
}
编译为
clang ++ -std = c ++ 11 main.cpp它不产生诊断,但使用clang ++ -std = c ++ 11 --analyze main.cpp编译它报告以下内容:main.cpp:4:10:warning:在初始化期间存储到'i'的值从不读取
int * i =(int *)malloc(sizeof(int));
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
main.cpp:5:1:warning:由'i'
}
^
死存储也可以
默认情况下,全分析结果将写入plist文件。您还可以使用以下命令运行分析器:
clang ++ --analyze -Xanalyzer -analyzer-output = text main.cpp
clang ++ --analyze -Xanalyzer -analyzer-output = html -o html-dir main.cpp
要在标准输出上或通过注释源代码的html显示分别获取检测到的问题的详细步骤,而不是在plist中。
分析器检查列出此处。
请注意,以最好地工作,分析器需要分析整个程序,这意味着它需要绑定到构建系统。通常的接口是通过IDE(Xcode)或
scan-build工具与make。 CMake有一些ang功能,例如生成clang JSON编译数据库文件,但我不确定如果CMake有任何内置的支持clang分析器。I'm sorry if this is a uber-easy concept, but I find hard to acquire the right mindset in order to correctly use the sanitizer provided by
clang.float foo(float f) { return (f / 0); }I compile this small snippet with
clang++ -fsanitize=float-divide-by-zero -std=c++11 -stdlib=libc++ -c source.cpp -o osanand I also compile a "normal" version of my object without using the sanitizer
clang++ -std=c++11 -stdlib=libc++ -c source.cpp -o onormI was expecting some verbose output, or some error from the console, but when inspecting the file with
nmI only found 1 differencenm o* --demangle onorm: 0000000000000000 T foo(float) osan: U __ubsan_handle_divrem_overflow 0000000000000000 T foo(float)So in the sanitized version there is an undefined symbol with a name that resembles the sanitizer that I was using when compiling this; but everything is really "silent" with no output at all from the clang frontend .
How I'm supposed to use the sanitizer and what is the right workflow ? What's the point of that undefined symbol ?
解决方案The undefined symbol is a function that implements the sanitizer's check. If you look at generated code:
No sanitizer:
_Z3foof: # @_Z3foof .cfi_startproc # BB#0: xorps %xmm1, %xmm1 divss %xmm1, %xmm0 retWith sanitizer:
_Z3foof: # @_Z3foof .cfi_startproc .long 1413876459 # 0x54460aeb .quad _ZTIFffE # BB#0: pushq %rax .Ltmp1: .cfi_def_cfa_offset 16 movss %xmm0, 4(%rsp) # 4-byte Spill movd %xmm0, %esi movl $__unnamed_1, %edi xorl %edx, %edx callq __ubsan_handle_divrem_overflow xorps %xmm1, %xmm1 movss 4(%rsp), %xmm0 # 4-byte Reload divss %xmm1, %xmm0 popq %rax retYou see it's added the code to do the check using that function.
The compiler should automatically link in the appropriate sanitizer library and then for me the following complete program:
float foo(float f) { return (f / 0); } int main() { foo(1.0f); }Produces the following output when executed:
main.cpp:1:32: runtime error: division by zeroI built and ran using the command
clang++ -fsanitize=undefined main.cpp && ./a.out
If you want compile-time checks you want to either enable more compiler warnings or the static analyzer. However there doesn't seem to be any warning or static analysis check for floating point divide-by-zero errors.
Here's a program that produces an analyzer report:
#include <malloc.h> int main() { int *i = (int*) malloc(sizeof(int)); }Compiled with
clang++ -std=c++11 main.cppit produces no diagnostics, but compiled withclang++ -std=c++11 --analyze main.cppit reports the following:main.cpp:4:10: warning: Value stored to 'i' during its initialization is never read int *i = (int*) malloc(sizeof(int)); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~ main.cpp:5:1: warning: Potential leak of memory pointed to by 'i' } ^The dead store can also be detected with -Weverything [-Wunused-value], but the leak is only detected by the analyzer.
By default full analysis results are written to a plist file. You can also run the analyzer with the commands:
clang++ --analyze -Xanalyzer -analyzer-output=text main.cpp clang++ --analyze -Xanalyzer -analyzer-output=html -o html-dir main.cppTo get detailed walk-throughs of detected issues on the standard output or via html display of annotated source code respectively, instead of in a plist.
Analyzer checks are listed here.
Note that to work best the analyzer needs to analyze whole programs, which means it needs to tie into the build system. The usual interface is via an IDE (Xcode) or the
scan-buildtool with make. CMake has some clang features such as producing clang JSON compilation database files but I'm not sure off hand if CMake has any built in support for the clang analyzer.这篇关于我应该如何使用消毒剂在??的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
