From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id DA9D83985444; Tue, 3 Nov 2020 12:37:15 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DA9D83985444 From: "matmal01 at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/97696] New: ICE since ASAN_MARK does not handle poly_int sized varibales Date: Tue, 03 Nov 2020 12:37:15 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 11.0 X-Bugzilla-Keywords: ice-checking X-Bugzilla-Severity: normal X-Bugzilla-Who: matmal01 at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status keywords bug_severity priority component assigned_to reporter cc target_milestone cf_gcctarget Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Nov 2020 12:37:16 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D97696 Bug ID: 97696 Summary: ICE since ASAN_MARK does not handle poly_int sized varibales Product: gcc Version: 11.0 Status: UNCONFIRMED Keywords: ice-checking Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: matmal01 at gcc dot gnu.org CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxi= n at gcc dot gnu.org Target Milestone: --- Target: aarch64 asan_expand_mark_ifn asserts that the length to check is a SHWI. (i.e. it uses `gcc_assert (tree_fits_shwi_p (len))` ). It attempts to ensure this by avoiding VLA's in `gimplify_decl_expr`. poly_int sized decls were added, and they were not treated as VLA's since commit 22b62991 (SVN r275870). Since then, poly_int sized variables can have ASAN_MARK called on them, whi= ch means the `len` parameter of ASAN_MARK can be a poly_int causing an ICE in asan_expand_mark_ifn (n.b. in order to emit an ASAN_CHECK on a poly_int si= zed variable so that the ASAN_MARK is not removed in the sanopt pass we need to pass the poly_int sized variable to a builtin memory function). An example (modified from gcc/testsuite/c-c++-common/asan/pr80308.c): (v3) work-lin:gcc [Tue 12:25:10] % cat ~/asan-ice.c #include __attribute__((noinline, noclone)) int foo (char *a) { int i, j =3D 0; asm volatile ("" : "+r" (a) : : "memory"); for (i =3D 0; i < 12; i++) j +=3D a[i]; return j; } int main () { int i, j =3D 0; for (i =3D 0; i < 4; i++) { char a[12]; __SVInt8_t freq; __builtin_bcmp (&freq, a, 10); __builtin_memset (a, 0, sizeof (a)); j +=3D foo (a); } return j; } (v3) work-lin:gcc [Tue 12:31:53] % /installdir/aarch64-none-linux-gnu/bin/aarch64-none-linux-gnu-gcc -march=3Darmv8.6-a+sve -fsanitize=3Daddress -fsanitize-address-use-after-sc= ope ~/asan-ice.c -S -o /dev/null during GIMPLE pass: sanopt /home/matmal01/asan-ice.c: In function =E2=80=98main=E2=80=99: /home/matmal01/asan-ice.c:14:1: internal compiler error: in asan_expand_mark_ifn, at asan.c:3235 14 | main () | ^~~~ 0xdde454 asan_expand_mark_ifn(gimple_stmt_iterator*) /builddir/src/gcc/gcc/asan.c:3235 0xdf6b7a execute /builddir/src/gcc/gcc/sanopt.c:1341 Please submit a full bug report, with preprocessed source if appropriate. Please include the complete backtrace with any bug report. See for instructions.=