From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1958 invoked by alias); 19 Nov 2014 22:42:48 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 1891 invoked by uid 48); 19 Nov 2014 22:42:44 -0000 From: "jakub at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/63956] [5 Regression][UBSAN] ICE segfault in cxx_eval_call_expression ../../gcc/cp/constexpr.c Date: Wed, 19 Nov 2014 22:42:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 5.0 X-Bugzilla-Keywords: ice-on-valid-code X-Bugzilla-Severity: normal X-Bugzilla-Who: jakub at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 5.0 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-11/txt/msg02103.txt.bz2 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63956 --- Comment #7 from Jakub Jelinek --- (In reply to Marek Polacek from comment #6) > Earlier today I tried the following and it seemed to work, but I don't know > constexpr.c, so it may be totally bogus. > > --- gcc/cp/constexpr.c > +++ gcc/cp/constexpr.c > @@ -1149,6 +1149,10 @@ cxx_eval_call_expression (const constexpr_ctx *ctx, > tree t, > constexpr_call *entry; > bool depth_ok; > > + if (fun == NULL_TREE > + && CALL_EXPR_IFN (t) == IFN_UBSAN_NULL) > + return t; > + > if (TREE_CODE (fun) != FUNCTION_DECL) > { > /* Might be a constexpr function pointer. */ The -fsanitize=vptr patch has: if (is_builtin_fn (fun)) - return cxx_eval_builtin_function_call (old_call, t, allow_non_constant, - addr, non_constant_p, overflow_p); + { + /* Ignore -fsanitize=vptr instrumentation. */ + if ((flag_sanitize & SANITIZE_VPTR) + && DECL_BUILT_IN_CLASS (fun) == BUILT_IN_NORMAL + && (DECL_FUNCTION_CODE (fun) + == ((flag_sanitize_recover & SANITIZE_VPTR) + ? BUILT_IN_UBSAN_HANDLE_DYNAMIC_TYPE_CACHE_MISS + : BUILT_IN_UBSAN_HANDLE_DYNAMIC_TYPE_CACHE_MISS_ABORT)) + && call_expr_nargs (t) == 4) + return void_node; + + return cxx_eval_builtin_function_call (old_call, t, allow_non_constant, + addr, non_constant_p, overflow_p); + } hunk in it to ignore __builtin___ubsan_handle_dynamic_type_cache_miss*. For fun == NULL_TREE, guess what you want is a switch on the CALL_EXPR_IFN value and enumerate there all the internal calls and elsewhere builtins that should be ignored.