You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+24-22Lines changed: 24 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -55,9 +55,32 @@ if (*x_00 == '+') {
55
55
As implemented in `src/cmd/compile/internal/ssagen/ssa.go`, we apply a source-location-based filtering for overflow detection. This ensures overflow detection is applied only to user code and target applications (like security audits of external codebases) while excluding standard library and third-party dependencies.
56
56
Each arithmetic operation (`intAdd`, `intSub`, `intMul`, `intDiv`) checks the actual source file location using `n.Pos()` and `base.Ctxt.PosTable.Pos(pos).Filename()`. Operations from files containing `/go-panikint/src/`, `/pkg/mod/`, `/vendor/` are automatically excluded and standard library packages (`runtime`, `sync`, `os`, `syscall`, etc.) / internal packages (`internal/*`) are excluded during compiler build.
57
57
58
+
### Suppressing false positives
59
+
60
+
Add a comment marker on the same line as the operation or the line immediately above to mark a bug as false positive, so that the compiler won't panic on the arithmetic or truncation issue.:
61
+
62
+
- Overflow/underflow: `overflow_false_positive`
63
+
- Truncation: `truncation_false_positive`
64
+
65
+
Example:
66
+
67
+
```go
68
+
// This is an overflow, but it's on purpose so we don't care flagging it
69
+
// overflow_false_positive
70
+
intentional_overflow:= a + b
71
+
72
+
// Same for my buggy truncation
73
+
// truncation_false_positive
74
+
x:=uint8(big)
75
+
76
+
// Also work on the same line
77
+
sum2:= a + b // overflow_false_positive
78
+
x2:=uint8(big) // truncation_false_positive
79
+
```
80
+
58
81
### Testing
59
82
60
-
You can run theÒ test suite in `tests/` with:
83
+
You can run the test suite in `tests/` with:
61
84
62
85
```bash
63
86
cd tests/;
@@ -135,27 +158,6 @@ func main() {
135
158
}
136
159
```
137
160
138
-
### Suppressing false positives
139
-
140
-
Add a comment marker on the same line as the operation or the line immediately above to mark a bug as false positive, so that the compiler won't panic on the arithmetic or truncation issue.:
0 commit comments