Re: Unit Test Aborts when building with -ftrapv compiler option

[Thomas Huth]

On 08/02/2024 20.23, Richard Schmitt wrote:
> In an attempt to build qemu with hardened gcc compiler options, we specified 
> the -ftrapv switch rather than the -fwrapv switch.  The switches define the 
> behavior of integer overflows.  -ftrapv causes an abort on integer overflow, 
> -fwrapv causes overflows to simply wrap without any error indication.  
> Wrapping overflows can result in unexpected behavior and therefore, 
> hardenened builds typically recommend trapping overflows.
>
> The abort occurs when running the “test-string-input-verifier” test and 
> begins at line 129 of the source:
>
> v = visitor_input_test_init(data,
>
>                              “-9223372036854775808, 9223372036854775807”);
>
> check_ilist(v, expect3, ARRAY_SIZE(expect3);
>
> Where expect3 is declared as:
>
> int64_t expect3[] = { INT64_MIN, INT64_MAX };
>
> The actual abort occurs in “string-input-visitor.c” line 209:
>
> *obj = siv->rangeNext.i64++;
>
> The test, as coded, will generate an overflow.  Using the -fwrapv compiler 
> option hides the overflow.
>
> My question, is it the intent of the qemu community to rely on the overflow 
> wrap behavior or should this be considered an issue and added as such in 
> gitlab’s issue list?

As far as I understood, QEMU deliberately depends on this behavior - at 
least we require -fWrapv in meson.build:

# We use -fwrapv to tell the compiler that we require a C dialect where
# left shift of signed integers is well defined and has the expected
# 2s-complement style results. (Both clang and gcc agree that it
# provides these semantics.)

 HTH,
  Thomas