[Bug middle-end/99370] New: calling a virtual function in insufficient space silently folded to __builtin_unreachable

[Bug middle-end/99370] New: calling a virtual function in insufficient space silently folded to __builtin_unreachable

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99370

            Bug ID: 99370
           Summary: calling a virtual function in insufficient space
                    silently folded to __builtin_unreachable
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

Related to pr99367, GCC recognizes as invalid calls to virtual functions on a
object stored in a space that's less than the size of its type and folds those
calls to __builtin_unreachable.  That's reasonable, but it should not do that
silently.  The invalid call should also be diagnosed.

$ cat u.C && gcc -O2 -S -Wall -fdump-tree-ccp1=/dev/stdout -fanalyzer u.C
struct A { virtual void f (); int i; };

char a[sizeof (A) + 1];

void f1 ()
{
  A *q = (A*)(a + 1);
  q->f ();     // okay
}

void f2 ()
{
  A *q = (A*)(a + 2);
  q->f ();     // silently folded to __builtin_unreachable (should also warn)
}

;; Function f1 (_Z2f1v, funcdef_no=0, decl_uid=2364, cgraph_uid=1,
symbol_order=1)

void f1 ()
{
  struct A * q;
  int (*) () * _1;
  int (*) () _2;

  <bb 2> :
  _1 = MEM[(struct A *)&a + 1B]._vptr.A;
  _2 = *_1;
  OBJ_TYPE_REF(_2;(struct A)&MEM <char[17]> [(void *)&a + 1B]->0) (&MEM
<char[17]> [(void *)&a + 1B]);
  return;

}



;; Function f2 (_Z2f2v, funcdef_no=1, decl_uid=2367, cgraph_uid=2,
symbol_order=2)

Removing basic block 3
void f2 ()
{
  struct A * q;
  int (*) () * _1;
  int (*) () _2;

  <bb 2> :
  _1 = MEM[(struct A *)&a + 2B]._vptr.A;
  _2 = *_1;
  __builtin_unreachable ();

}

[Bug middle-end/99370] calling a virtual function in insufficient space silently folded to __builtin_unreachable

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99370

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
The problem is since this transformation is done during optimization, it could
be done on a path that is not executed at all.  This is why
-fsanitize=undefined/-fsanitize=unreachable should be used if you want to
detect it at runtime.

[Bug middle-end/99370] calling a virtual function in insufficient space silently folded to __builtin_unreachable

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99370

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|normal                      |enhancement