diff options
Diffstat (limited to 'devdocs/c/language%2Fanalyzability.html')
| -rw-r--r-- | devdocs/c/language%2Fanalyzability.html | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/devdocs/c/language%2Fanalyzability.html b/devdocs/c/language%2Fanalyzability.html new file mode 100644 index 00000000..5a8213a0 --- /dev/null +++ b/devdocs/c/language%2Fanalyzability.html @@ -0,0 +1,49 @@ + <h1 id="firstHeading" class="firstHeading">Analyzability</h1> <p>This optional extension to the C language limits the potential results of executing some forms of undefined behavior, which improves the effectiveness of static analysis of such programs. Analyzability is only guaranteed to be enabled if the <a href="../preprocessor/replace" title="c/preprocessor/replace">predefined macro constant</a> <code>__STDC_ANALYZABLE__</code><span class="t-mark-rev t-since-c11">(C11)</span> is defined by the compiler.</p> +<p>If the compiler supports analyzability, any language or library construct whose behavior is undefined is further classified between <i>critical</i> and <i>bounded</i> undefined behavior, and the behavior of all bounded UB cases is limited as specified below.</p> +<h3 id="Critical_undefined_behavior"> Critical undefined behavior</h3> <p>Critical UB is undefined behavior that might perform a memory write or a volatile memory read out of bounds of any object. A program that has critical undefined behavior may be susceptible to security exploits.</p> +<p>Only the following undefined behaviors are critical:</p> +<ul> +<li> access to an object outside of its <a href="lifetime" title="c/language/lifetime">lifetime</a> (e.g. through a dangling pointer) </li> +<li> write to an object whose declarations are not <a href="type#Compatible_types" title="c/language/type">compatible</a> </li> +<li> function call through a function pointer whose type is not <a href="type#Compatible_types" title="c/language/type">compatible</a> with the type of the function it points to </li> +<li> <a href="value_category" title="c/language/value category">lvalue expression</a> is evaluated, but does not designate an object </li> +<li> attempted modification of a <a href="string_literal" title="c/language/string literal">string literal</a> </li> +<li> <a href="operator_member_access" title="c/language/operator member access">dereferencing</a> an invalid (null, indeterminate, etc) or <a href="operator_arithmetic" title="c/language/operator arithmetic">past-the-end</a> pointer </li> +<li> modification of a <a href="const" title="c/language/const">const object</a> through a non-const pointer </li> +<li> call to a standard library function or macro with an invalid argument </li> +<li> call to a variadic standard library function with unexpected argument type (e.g. call to <code><a href="../io/fprintf" title="c/io/fprintf">printf</a></code> with an argument of the type that doesn't match its conversion specifier) </li> +<li> <code><a href="../program/longjmp" title="c/program/longjmp">longjmp</a></code> where there is no <code><a href="../program/setjmp" title="c/program/setjmp">setjmp</a></code> up the calling scope, across threads, or from within the scope of a VM type. </li> +<li> any use of the pointer that was deallocated by <code><a href="../memory/free" title="c/memory/free">free</a></code> or <code><a href="../memory/realloc" title="c/memory/realloc">realloc</a></code> </li> +<li> any <a href="../string/byte" title="c/string/byte">string</a> or <a href="../string/wide" title="c/string/wide">wide string</a> library function accesses an array out of bounds </li> +</ul> <h3 id="Bounded_undefined_behavior"> Bounded undefined behavior</h3> <p>Bounded UB is undefined behavior that cannot perform an illegal memory write, although it may trap and may produce or store indeterminate values.</p> +<ul> +<li> All undefined behavior not listed as critical is bounded, including </li> +<ul> +<li> multithreaded data races </li> +<li> use of a <a href="initialization" title="c/language/initialization">indeterminate values</a> with automatic storage duration </li> +<li> <a href="object#Strict_aliasing" title="c/language/object">strict aliasing</a> violations </li> +<li> <a href="object#alignment" title="c/language/object">misaligned</a> object access </li> +<li> signed integer overflow </li> +<li> <a href="eval_order" title="c/language/eval order">unsequenced side-effects</a> modify the same scalar or modify and read the same scalar </li> +<li> floating-to-integer or pointer-to-integer <a href="conversion" title="c/language/conversion">conversion</a> overflow </li> +<li> <a href="operator_arithmetic" title="c/language/operator arithmetic">bitwise shift</a> by a negative or too large bit count </li> +<li> <a href="operator_arithmetic" title="c/language/operator arithmetic">integer division</a> by zero </li> +<li> use of a void expression </li> +<li> direct <a href="operator_assignment" title="c/language/operator assignment">assignment</a> or <code><a href="../string/byte/memcpy" title="c/string/byte/memcpy">memcpy</a></code> of inexactly-overlapped objects </li> +<li> <a href="restrict" title="c/language/restrict">restrict</a> violations </li> +<li> etc.. ALL undefined behavior that's not in the critical list. </li> +</ul> +</ul> <h3 id="Notes"> Notes</h3> <p>Bounded undefined behavior disables certain optimizations: compilation with analyzability enabled preserves source-code causality, which <a href="as_if" title="c/language/as if">may be violated</a> by undefined behavior otherwise.</p> +<p>Analyzability extension permits, as a form of implementation-defined behavior, for the <a href="../error/set_constraint_handler_s" title="c/error/set constraint handler s">runtime constraint handler</a> to be invoked when a trap occurs.</p> +<h3 id="References"> References</h3> <ul> +<li> C11 standard (ISO/IEC 9899:2011): </li> +<ul> +<li> 6.10.8.3/1 Conditional feature macros (p: 177) </li> +<li> Annex L Analyzability (p: 652-653) </li> +</ul> +</ul> <div class="_attribution"> + <p class="_attribution-p"> + © cppreference.com<br>Licensed under the Creative Commons Attribution-ShareAlike Unported License v3.0.<br> + <a href="https://en.cppreference.com/w/c/language/analyzability" class="_attribution-link">https://en.cppreference.com/w/c/language/analyzability</a> + </p> +</div> |