public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "jakub at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug sanitizer/99418] sanitizer checks for accessing multidimentional VLA-array
Date: Mon, 08 Mar 2021 10:14:00 +0000 [thread overview]
Message-ID: <bug-99418-4-NNbKb99Slp@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-99418-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99418
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Asan can't by design detect neither #c0 nor #c1, only ubsan can.
The reason why ubsan has that off by one stuff is that in C/C++,
&mas[n - 1][m] is not undefined behavior, only mas[n - 1][m] is.
And with classes, it actually means calling some method with &mas[n - 1][m]
argument.
For #c1, the big question is what exactly is UB in C++, whether already binding
a reference to the object after the end of the array or only actually accessing
that reference. If the former, ubsan could treat REFERENCE_TYPE differently,
if the latter, then I'm afraid it can't do that, and ubsan by design has to be
done early before all the optimizations change the IL so much that it is
completely lost what were the user errors in it.
For the method calls, there really isn't a reference in the IL either, this
argument is a pointer, but .UBSAN_BOUNDS calls are added in the FE and so
perhaps it could know it is a method call and treat it as a reference.
So, something can be done but we need answers on where the UB in C++ exactly
happens.
next prev parent reply other threads:[~2021-03-08 10:14 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-05 19:11 [Bug sanitizer/99418] New: " vanyacpp at gmail dot com
2021-03-06 22:53 ` [Bug sanitizer/99418] " vanyacpp at gmail dot com
2021-03-07 7:44 ` vanyacpp at gmail dot com
2021-03-08 9:15 ` marxin at gcc dot gnu.org
2021-03-08 10:14 ` jakub at gcc dot gnu.org [this message]
2021-03-08 18:23 ` msebor at gcc dot gnu.org
2021-03-09 8:39 ` vanyacpp at gmail dot com
2021-03-09 8:47 ` vanyacpp at gmail dot com
2021-03-09 8:54 ` vanyacpp at gmail dot com
2021-03-09 15:48 ` [Bug sanitizer/99418] more cases where -fsanitize=bounds can check one-past-the-end accesses msebor at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-99418-4-NNbKb99Slp@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).