On Tue, Feb 28, 2023 at 07:19:40PM +0000, Qing Zhao wrote:
> Understood.
> So, your patch fixed this bug, and then [0] arrays are instrumented by
> default with this patch.
>
> > Well, it would complain about
> > struct S { int a; int b[0]; int c; } s;
> > ... &s.b[1] ...
> > for C++, but not for C.
>
> A little confused here: [0] arrays were instrumented by default for C++ if
> it’s not a trailing array, but not for C?
Given say
struct S { int a; int b[0]; int c; } s;
int
main ()
{
int *volatile p = &s.b[0];
p = &s.b[1];
int volatile q = s.b[0];
}
both -fsanitize=bounds and -fsanitize=bounds-strict behaved the same way,
in C nothing was reported, in C++ the p = &s.b[1]; statement.
The reasons for s.b[0] not being reported in C++ was that for
!ignore_off_by_one, bounds was ~(size_t)0, and so index > ~(size_t)0
is always false. While with the committed patch it is
index >= (~(size_t)0)+1 and so always true. And in C additionally, we
punted early because TYPE_MAX_VALUE (domain) was NULL.
Jakub
