Author: Nikita Popov Date: 2025-01-13T11:24:02+01:00 New Revision: c2979c58d49bf3c7dc892ed9fb49cdca389130ee
URL: https://github.com/llvm/llvm-project/commit/c2979c58d49bf3c7dc892ed9fb49cdca389130ee DIFF: https://github.com/llvm/llvm-project/commit/c2979c58d49bf3c7dc892ed9fb49cdca389130ee.diff LOG: [Clang] Add release note for pointer overflow optimization change (#122462) Add a release note for optimization change related to pointer overflow checks. I've put this in the breaking changes section to give it the best chance of being seen. Added: Modified: clang/docs/ReleaseNotes.rst Removed: ################################################################################ diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index a14fb189c8e132..8f4adbcd705181 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -58,6 +58,29 @@ code bases. containing strict-aliasing violations. The new default behavior can be disabled using ``-fno-pointer-tbaa``. +- Clang will now more aggressively use undefined behavior on pointer addition + overflow for optimization purposes. For example, a check like + ``ptr + unsigned_offset < ptr`` will now optimize to ``false``, because + ``ptr + unsigned_offset`` will cause undefined behavior if it overflows (or + advances past the end of the object). + + Previously, ``ptr + unsigned_offset < ptr`` was optimized (by both Clang and + GCC) to ``(ssize_t)unsigned_offset < 0``. This also results in an incorrect + overflow check, but in a way that is less apparent when only testing with + pointers in the low half of the address space. + + To avoid pointer addition overflow, it is necessary to perform the addition + on integers, for example using + ``(uintptr_t)ptr + unsigned_offset < (uintptr_t)ptr``. Sometimes, it is also + possible to rewrite checks by only comparing the offset. For example, + ``ptr + offset < end_ptr && ptr + offset >= ptr`` can be written as + ``offset < (uintptr_t)(end_ptr - ptr)``. + + Undefined behavior due to pointer addition overflow can be reliably detected + using ``-fsanitize=pointer-overflow``. It is also possible to use + ``-fno-strict-overflow`` to opt-in to a language dialect where signed integer + and pointer overflow are well-defined. + C/C++ Language Potentially Breaking Changes ------------------------------------------- _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
