public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/114956] New: Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled
@ 2024-05-06 3:37 iamanonymous.cs at gmail dot com
2024-05-06 7:21 ` [Bug sanitizer/114956] [11/12/13/14/15 regression] " sjames at gcc dot gnu.org
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: iamanonymous.cs at gmail dot com @ 2024-05-06 3:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114956
Bug ID: 114956
Summary: Segmentation fault with -fsanitize=address
-fsanitize=null -O2 when attribute no_sanitize_address
is enabled
Product: gcc
Version: 15.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: iamanonymous.cs at gmail dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Compiler Explorer: https://godbolt.org/z/33rbWdf49
*******************************************************************************
gcc version:
$ gcc -v
Using built-in specs.
COLLECT_GCC=/home/gcc_set/gcc-trunk/bin/gcc
COLLECT_LTO_WRAPPER=/home/gcc_set/gcc-trunk/libexec/gcc/aarch64-unknown-linux-gnu/15.0.0/lto-wrapper
Target: aarch64-unknown-linux-gnu
Configured with: ../gcc/configure --prefix=/home/gcc_set/gcc-trunk
--with-gmp=/home/build_essential --with-mpfr=/home/build_essential
--with-mpc=/home/build_essential --enable-languages=c,c++ --disable-multilib
--with-sanitizer=address,undefined,thread,leakcd CC=gcc CXX=g++
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 15.0.0 20240430 (experimental) (GCC)
git version: 22b20ac6c6aead2d3f36c413a77dd0b80adfec39
*******************************************************************************
Program:
$ cat mutant.c
int **a;
__attribute__((always_inline)) int *c() {
int b[1];
b;
}
__attribute__((no_sanitize_address)) static char d() { *a = c(); }
void e() { d(); }
*******************************************************************************
Command Lines:
$ gcc -fsanitize=address -fsanitize=null -O2 -c mutant.c
mutant.c:2:37: warning: 'always_inline' function might not be inlinable unless
also declared 'inline' [-Wattributes]
2 | __attribute__((always_inline)) int *c() {
| ^
during GIMPLE pass: sanopt
mutant.c: In function 'd.isra':
mutant.c:6:50: internal compiler error: Segmentation fault
6 | __attribute__((no_sanitize_address)) static char d() { *a = c(); }
| ^
0xf2d49b crash_signal
../../gcc/gcc/toplev.cc:319
0xf3fcfc contains_struct_check(tree_node*, tree_node_structure_enum, char
const*, int, char const*)
../../gcc/gcc/tree.h:3769
0xf3fcfc build_shadow_mem_access
../../gcc/gcc/asan.cc:2552
0xf4b90f asan_expand_mark_ifn(gimple_stmt_iterator*)
../../gcc/gcc/asan.cc:3854
0xf5f6bf execute
../../gcc/gcc/sanopt.cc:1379
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114956] [11/12/13/14/15 regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled
2024-05-06 3:37 [Bug sanitizer/114956] New: Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled iamanonymous.cs at gmail dot com
@ 2024-05-06 7:21 ` sjames at gcc dot gnu.org
2024-05-06 8:04 ` [Bug sanitizer/114956] [11/12/13/14/15 Regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled since r9-5742 jakub at gcc dot gnu.org
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: sjames at gcc dot gnu.org @ 2024-05-06 7:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114956
Sam James <sjames at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Segmentation fault with |[11/12/13/14/15 regression]
|-fsanitize=address |Segmentation fault with
|-fsanitize=null -O2 when |-fsanitize=address
|attribute |-fsanitize=null -O2 when
|no_sanitize_address is |attribute
|enabled |no_sanitize_address is
| |enabled
--- Comment #1 from Sam James <sjames at gcc dot gnu.org> ---
testing on godbolt gives..
gcc 8.2:
```
<source>:2:37: warning: always_inline function might not be inlinable
[-Wattributes]
__attribute__((always_inline)) int *c() {
^
<source>: In function 'd':
<source>:2:37: error: inlining failed in call to always_inline 'c': function
attribute mismatch
<source>:6:61: note: called from here
__attribute__((no_sanitize_address)) static char d() { *a = c(); }
^~~
Compiler returned: 1
```
gcc 8.3:
```
<source>:2:37: warning: always_inline function might not be inlinable
[-Wattributes]
__attribute__((always_inline)) int *c() {
^
during GIMPLE pass: sanopt
<source>: In function 'd':
<source>:6:50: internal compiler error: Segmentation fault
__attribute__((no_sanitize_address)) static char d() { *a = c(); }
^
Please submit a full bug report,
with preprocessed source if appropriate.
See <https://gcc.gnu.org/bugs/> for instructions.
Compiler returned: 1
```
so a regression in that we ICE.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114956] [11/12/13/14/15 Regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled since r9-5742
2024-05-06 3:37 [Bug sanitizer/114956] New: Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled iamanonymous.cs at gmail dot com
2024-05-06 7:21 ` [Bug sanitizer/114956] [11/12/13/14/15 regression] " sjames at gcc dot gnu.org
@ 2024-05-06 8:04 ` jakub at gcc dot gnu.org
2024-05-06 8:58 ` jakub at gcc dot gnu.org
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-05-06 8:04 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114956
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2024-05-06
Summary|[11/12/13/14/15 regression] |[11/12/13/14/15 Regression]
|Segmentation fault with |Segmentation fault with
|-fsanitize=address |-fsanitize=address
|-fsanitize=null -O2 when |-fsanitize=null -O2 when
|attribute |attribute
|no_sanitize_address is |no_sanitize_address is
|enabled |enabled since r9-5742
Ever confirmed|0 |1
Target Milestone|--- |11.5
Status|UNCONFIRMED |NEW
Priority|P3 |P2
--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Started with my r9-5742-g6206a883fe7a741dbb9e09d88255a170a75950f5
-O2 -fsanitize=address,null
int **a;
__attribute__((always_inline)) int *
foo (void)
{
int b[1];
(void) b;
}
__attribute__((no_sanitize_address)) static char
bar (void)
{
*a = foo ();
}
void
baz (void)
{
bar ();
}
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114956] [11/12/13/14/15 Regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled since r9-5742
2024-05-06 3:37 [Bug sanitizer/114956] New: Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled iamanonymous.cs at gmail dot com
2024-05-06 7:21 ` [Bug sanitizer/114956] [11/12/13/14/15 regression] " sjames at gcc dot gnu.org
2024-05-06 8:04 ` [Bug sanitizer/114956] [11/12/13/14/15 Regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled since r9-5742 jakub at gcc dot gnu.org
@ 2024-05-06 8:58 ` jakub at gcc dot gnu.org
2024-05-07 19:29 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-05-06 8:58 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114956
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |jakub at gcc dot gnu.org
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Created attachment 58106
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=58106&action=edit
gcc15-pr114956.patch
Untested fix.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114956] [11/12/13/14/15 Regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled since r9-5742
2024-05-06 3:37 [Bug sanitizer/114956] New: Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled iamanonymous.cs at gmail dot com
` (2 preceding siblings ...)
2024-05-06 8:58 ` jakub at gcc dot gnu.org
@ 2024-05-07 19:29 ` cvs-commit at gcc dot gnu.org
2024-05-07 19:31 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-05-07 19:29 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114956
--- Comment #4 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jakub Jelinek <jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:d4e25cf4f7c1f51a8824cc62bbb85a81a41b829a
commit r15-302-gd4e25cf4f7c1f51a8824cc62bbb85a81a41b829a
Author: Jakub Jelinek <jakub@redhat.com>
Date: Tue May 7 21:29:14 2024 +0200
tree-inline: Remove .ASAN_MARK calls when inlining functions into
no_sanitize callers [PR114956]
In r9-5742 we've started allowing to inline always_inline functions into
functions which have disabled e.g. address sanitization even when the
always_inline function is implicitly from command line options sanitized.
This mostly works fine because most of the asan instrumentation is done
only
late after ipa, but as the following testcase the .ASAN_MARK ifn calls
gimplifier adds can result in ICEs.
Fixed by dropping those during inlining, similarly to how we drop
.TSAN_FUNC_EXIT calls.
2024-05-07 Jakub Jelinek <jakub@redhat.com>
PR sanitizer/114956
* tree-inline.cc: Include asan.h.
(copy_bb): Remove also .ASAN_MARK calls if id->dst_fn has
asan/hwasan
sanitization disabled.
* gcc.dg/asan/pr114956.c: New test.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114956] [11/12/13/14/15 Regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled since r9-5742
2024-05-06 3:37 [Bug sanitizer/114956] New: Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled iamanonymous.cs at gmail dot com
` (3 preceding siblings ...)
2024-05-07 19:29 ` cvs-commit at gcc dot gnu.org
@ 2024-05-07 19:31 ` cvs-commit at gcc dot gnu.org
2024-05-07 19:32 ` [Bug sanitizer/114956] [11/12/13 " jakub at gcc dot gnu.org
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-05-07 19:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114956
--- Comment #5 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-14 branch has been updated by Jakub Jelinek
<jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:aca573ea64ccfd54d4447e9a3200acd7a9157082
commit r14-10180-gaca573ea64ccfd54d4447e9a3200acd7a9157082
Author: Jakub Jelinek <jakub@redhat.com>
Date: Tue May 7 21:29:14 2024 +0200
tree-inline: Remove .ASAN_MARK calls when inlining functions into
no_sanitize callers [PR114956]
In r9-5742 we've started allowing to inline always_inline functions into
functions which have disabled e.g. address sanitization even when the
always_inline function is implicitly from command line options sanitized.
This mostly works fine because most of the asan instrumentation is done
only
late after ipa, but as the following testcase the .ASAN_MARK ifn calls
gimplifier adds can result in ICEs.
Fixed by dropping those during inlining, similarly to how we drop
.TSAN_FUNC_EXIT calls.
2024-05-07 Jakub Jelinek <jakub@redhat.com>
PR sanitizer/114956
* tree-inline.cc: Include asan.h.
(copy_bb): Remove also .ASAN_MARK calls if id->dst_fn has
asan/hwasan
sanitization disabled.
* gcc.dg/asan/pr114956.c: New test.
(cherry picked from commit d4e25cf4f7c1f51a8824cc62bbb85a81a41b829a)
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114956] [11/12/13 Regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled since r9-5742
2024-05-06 3:37 [Bug sanitizer/114956] New: Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled iamanonymous.cs at gmail dot com
` (4 preceding siblings ...)
2024-05-07 19:31 ` cvs-commit at gcc dot gnu.org
@ 2024-05-07 19:32 ` jakub at gcc dot gnu.org
2024-05-09 4:26 ` cvs-commit at gcc dot gnu.org
2024-05-09 8:18 ` [Bug sanitizer/114956] [11/12 " jakub at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-05-07 19:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114956
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[11/12/13/14/15 Regression] |[11/12/13 Regression]
|Segmentation fault with |Segmentation fault with
|-fsanitize=address |-fsanitize=address
|-fsanitize=null -O2 when |-fsanitize=null -O2 when
|attribute |attribute
|no_sanitize_address is |no_sanitize_address is
|enabled since r9-5742 |enabled since r9-5742
--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed for 14.2 and later for now.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114956] [11/12/13 Regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled since r9-5742
2024-05-06 3:37 [Bug sanitizer/114956] New: Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled iamanonymous.cs at gmail dot com
` (5 preceding siblings ...)
2024-05-07 19:32 ` [Bug sanitizer/114956] [11/12/13 " jakub at gcc dot gnu.org
@ 2024-05-09 4:26 ` cvs-commit at gcc dot gnu.org
2024-05-09 8:18 ` [Bug sanitizer/114956] [11/12 " jakub at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-05-09 4:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114956
--- Comment #7 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-13 branch has been updated by Jakub Jelinek
<jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:d1ec7bc9cb0639a212422710ba647dc1aaea6eaa
commit r13-8733-gd1ec7bc9cb0639a212422710ba647dc1aaea6eaa
Author: Jakub Jelinek <jakub@redhat.com>
Date: Tue May 7 21:29:14 2024 +0200
tree-inline: Remove .ASAN_MARK calls when inlining functions into
no_sanitize callers [PR114956]
In r9-5742 we've started allowing to inline always_inline functions into
functions which have disabled e.g. address sanitization even when the
always_inline function is implicitly from command line options sanitized.
This mostly works fine because most of the asan instrumentation is done
only
late after ipa, but as the following testcase the .ASAN_MARK ifn calls
gimplifier adds can result in ICEs.
Fixed by dropping those during inlining, similarly to how we drop
.TSAN_FUNC_EXIT calls.
2024-05-07 Jakub Jelinek <jakub@redhat.com>
PR sanitizer/114956
* tree-inline.cc: Include asan.h.
(copy_bb): Remove also .ASAN_MARK calls if id->dst_fn has
asan/hwasan
sanitization disabled.
* gcc.dg/asan/pr114956.c: New test.
(cherry picked from commit d4e25cf4f7c1f51a8824cc62bbb85a81a41b829a)
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114956] [11/12 Regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled since r9-5742
2024-05-06 3:37 [Bug sanitizer/114956] New: Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled iamanonymous.cs at gmail dot com
` (6 preceding siblings ...)
2024-05-09 4:26 ` cvs-commit at gcc dot gnu.org
@ 2024-05-09 8:18 ` jakub at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-05-09 8:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114956
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[11/12/13 Regression] |[11/12 Regression]
|Segmentation fault with |Segmentation fault with
|-fsanitize=address |-fsanitize=address
|-fsanitize=null -O2 when |-fsanitize=null -O2 when
|attribute |attribute
|no_sanitize_address is |no_sanitize_address is
|enabled since r9-5742 |enabled since r9-5742
--- Comment #8 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed also for 13.3.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2024-05-09 8:18 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-05-06 3:37 [Bug sanitizer/114956] New: Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled iamanonymous.cs at gmail dot com
2024-05-06 7:21 ` [Bug sanitizer/114956] [11/12/13/14/15 regression] " sjames at gcc dot gnu.org
2024-05-06 8:04 ` [Bug sanitizer/114956] [11/12/13/14/15 Regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled since r9-5742 jakub at gcc dot gnu.org
2024-05-06 8:58 ` jakub at gcc dot gnu.org
2024-05-07 19:29 ` cvs-commit at gcc dot gnu.org
2024-05-07 19:31 ` cvs-commit at gcc dot gnu.org
2024-05-07 19:32 ` [Bug sanitizer/114956] [11/12/13 " jakub at gcc dot gnu.org
2024-05-09 4:26 ` cvs-commit at gcc dot gnu.org
2024-05-09 8:18 ` [Bug sanitizer/114956] [11/12 " jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).