On Jan 5, 2015, at 21:04 , Jeffrey Walton <[email protected]> wrote: >> Or do I need an extra tool to employ -fsanitize=undefined? > No, its built into Clang.
:-( > Attached is my recipe to build Clang from sources. It looks like it > needs to be updated for Clang 3.5.0. Ah, this flag is Clang-3.5 and later, correct? > I've never had a problem with it (well, except on OS X). And I don’t have a use for it except on OS X :-) It is my main development platform, especially since Ubuntu 14.02 LTS became irreversibly dead after that silly Nvidia security patch that killed by Linux VM. :-( > On Mon, Jan 5, 2015 at 8:41 PM, Mobile Mouse <[email protected]> wrote: >> On Jan 5, 2015, at 14:48 , Jeffrey Walton <[email protected]> wrote: >>>> CXXFLAGS += -fsanitize=undefined >>>> >>>> Hmm… Do we need this? >>> >>> On occasion. >>> >>> When Whirlpool was failing its self tests under Intel's compiler (ICPC >>> and ICC), I used Clang and its undefined behavior sanitizer to locate >>> the offending code. >> >> Well, even the latest release of Apple clang does not support this flag. >> And since I’ve had unpleasant experience of having compiled code running >> correctly when built by Xcode clang, but crashing with SEGV when built by >> clang installed via Macports - I chose to stay away from Macports clang (and >> from Macports gcc-4.9, which cannot produce a working CryptoPP). >> >> Or do I need an extra tool to employ -fsanitize=undefined? >> >>> That's where this mess came from (from misc.h): >>> >>> template <class T> inline T rotrMod(T x, unsigned int y) >>> { >>> y %= sizeof(T)*8; >>> return T((x>>y) | (x<<(sizeof(T)*8-y))); >>> } >>> >>> The modular reduction side stepped the undefined behavior by keeping >>> the shift amount less than or equal to a register size. >>> >>> I also use -fsanitize=undefined and -fsanitize=address on my patches >>> to ensure they are not introducing undefined behavior or memory >>> errors. (In addition to -Wall -Wextra). >>> >>> Clang's Asan (Address Sanitizer) is a good tool. It performs dynamic >>> analysis, all its positives are real hits, and does not emulate some >>> instructions like Valgrind. > <Missing-Makefile><clang-3.4.2-recipe.sh> -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
