public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "jakub at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/99418] sanitizer checks for accessing multidimentional VLA-array Date: Mon, 08 Mar 2021 10:14:00 +0000 [thread overview] Message-ID: <bug-99418-4-NNbKb99Slp@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-99418-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99418 --- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> --- Asan can't by design detect neither #c0 nor #c1, only ubsan can. The reason why ubsan has that off by one stuff is that in C/C++, &mas[n - 1][m] is not undefined behavior, only mas[n - 1][m] is. And with classes, it actually means calling some method with &mas[n - 1][m] argument. For #c1, the big question is what exactly is UB in C++, whether already binding a reference to the object after the end of the array or only actually accessing that reference. If the former, ubsan could treat REFERENCE_TYPE differently, if the latter, then I'm afraid it can't do that, and ubsan by design has to be done early before all the optimizations change the IL so much that it is completely lost what were the user errors in it. For the method calls, there really isn't a reference in the IL either, this argument is a pointer, but .UBSAN_BOUNDS calls are added in the FE and so perhaps it could know it is a method call and treat it as a reference. So, something can be done but we need answers on where the UB in C++ exactly happens.
next prev parent reply other threads:[~2021-03-08 10:14 UTC|newest] Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-03-05 19:11 [Bug sanitizer/99418] New: " vanyacpp at gmail dot com 2021-03-06 22:53 ` [Bug sanitizer/99418] " vanyacpp at gmail dot com 2021-03-07 7:44 ` vanyacpp at gmail dot com 2021-03-08 9:15 ` marxin at gcc dot gnu.org 2021-03-08 10:14 ` jakub at gcc dot gnu.org [this message] 2021-03-08 18:23 ` msebor at gcc dot gnu.org 2021-03-09 8:39 ` vanyacpp at gmail dot com 2021-03-09 8:47 ` vanyacpp at gmail dot com 2021-03-09 8:54 ` vanyacpp at gmail dot com 2021-03-09 15:48 ` [Bug sanitizer/99418] more cases where -fsanitize=bounds can check one-past-the-end accesses msebor at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-99418-4-NNbKb99Slp@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).