[Bug sanitizer/113151] New: Need for a TBAA / strict aliasing sanitizer (TySan)

[Bug sanitizer/113151] New: Need for a TBAA / strict aliasing sanitizer (TySan)

[sjames at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113151

            Bug ID: 113151
           Summary: Need for a TBAA / strict aliasing sanitizer (TySan)
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: sjames at gcc dot gnu.org
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org,
                    marxin at gcc dot gnu.org, xry111 at gcc dot gnu.org
  Target Milestone: ---

It's well-known that -Wstrict-aliasing in GCC has false negatives and is also
easy to confuse/bypass. Aliasing is a common footgun and it's hard because this
is one of the few things that compilers optimise on which UBsan and friends are
no help for.

Ultimately, that's not really the fault of the warning, the fact is some of
this stuff can only really be done at runtime.

LLVM has had stalled and stop-start attempts at this a bunch of times, although
I noticed earlier today that some new PRs got opened for it. They plan on
calling it Type Sanitizer (TySan) with -fsanitize=type. See linked PRs.

(I feel like we must have a bug for this somewhere but I couldn't find it.)

[Bug sanitizer/113151] Need for a TBAA / strict aliasing sanitizer (TySan)

[xry111 at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113151

Xi Ruoyao <xry111 at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
           Severity|normal                      |enhancement
   Last reconfirmed|                            |2023-12-26
             Status|UNCONFIRMED                 |NEW

--- Comment #1 from Xi Ruoyao <xry111 at gcc dot gnu.org> ---
Confirm as I like this idea very much.  At least it would prevent many invalid
bug reports :).

[Bug sanitizer/113151] Need for a TBAA / strict aliasing sanitizer (TySan)

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113151

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |rguenth at gcc dot gnu.org

--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
IIRC Jakub tried to implement something at some point.

Note what's needed is runtime tracking of the effective dynamic type of
objects (memory) and enforcing access rules.  Language frontend rules
are not 1:1 compatible and the middle-end implements something common.

It's going to be difficult when not the whole program including runtime
is instrumented.

[Bug sanitizer/113151] Need for a TBAA / strict aliasing sanitizer (TySan)

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113151

--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
I was just contemplating its implementation (and/or hoping somebody else would
handle it), never actually implemented anything.