public inbox for gcc-cvs@sourceware.org help / color / mirror / Atom feed
From: Jakub Jelinek <jakub@gcc.gnu.org> To: gcc-cvs@gcc.gnu.org Subject: [gcc r12-8433] asan: Fix up instrumentation of assignments which are both loads and stores [PR105714] Date: Mon, 30 May 2022 03:36:48 +0000 (GMT) [thread overview] Message-ID: <20220530033648.A7839383B783@sourceware.org> (raw) https://gcc.gnu.org/g:120d99a3ec3f13766e13b40e48b0614242447fea commit r12-8433-g120d99a3ec3f13766e13b40e48b0614242447fea Author: Jakub Jelinek <jakub@redhat.com> Date: Wed May 25 12:05:08 2022 +0200 asan: Fix up instrumentation of assignments which are both loads and stores [PR105714] On the following testcase with -Os asan pass sees: <bb 6> [local count: 354334800]: # h_21 = PHI <h_15(6), 0(5)> *c.3_5 = *d.2_4; h_15 = h_21 + 1; if (h_15 != 3) goto <bb 6>; [75.00%] else goto <bb 7>; [25.00%] <bb 7> [local count: 118111600]: *c.3_5 = MEM[(struct a *)&b + 12B]; _13 = c.3_5->x; return _13; It instruments the *c.3_5 = *d.2_4; assignment by adding .ASAN_CHECK (7, c.3_5, 4, 4); .ASAN_CHECK (6, d.2_4, 4, 4); before it (which later lowers to checking the corresponding shadow memory). But when considering instrumentation of *c.3_5 = MEM[(struct a *)&b + 12B]; it doesn't instrument anything, because it sees that *c.3_5 store is already instrumented in a dominating block and so there is no need to instrument *c.3_5 store again (i.e. add another .ASAN_CHECK (7, c.3_5, 4, 4); ). That is true, but misses the fact that we still want to instrument the MEM[(struct a *)&b + 12B] load. The following patch fixes that by changing has_stmt_been_instrumented_p to consider both store and load in the assignment if it does both (returning true iff both have been instrumented). That matches how we handle e.g. builtin calls, where we also perform AND of all the memory locs involved in the call. I've verified that we still don't add the redundant .ASAN_CHECK (7, c.3_5, 4, 4); call but just add _18 = &MEM[(struct a *)&b + 12B]; .ASAN_CHECK (6, _18, 4, 4); to instrument the load. 2022-05-25 Jakub Jelinek <jakub@redhat.com> PR sanitizer/105714 * asan.cc (has_stmt_been_instrumented_p): For assignments which are both stores and loads, return true only if both destination and source have been instrumented. * gcc.dg/asan/pr105714.c: New test. (cherry picked from commit af02daff557a0abbf5521c143f1cdda406848a9b) Diff: --- gcc/asan.cc | 15 ++++++++++++++- gcc/testsuite/gcc.dg/asan/pr105714.c | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 1 deletion(-) diff --git a/gcc/asan.cc b/gcc/asan.cc index ef59b77ebc2..bacf890af18 100644 --- a/gcc/asan.cc +++ b/gcc/asan.cc @@ -1285,7 +1285,20 @@ has_stmt_been_instrumented_p (gimple *stmt) if (get_mem_ref_of_assignment (as_a <gassign *> (stmt), &r, &r_is_store)) - return has_mem_ref_been_instrumented (&r); + { + if (!has_mem_ref_been_instrumented (&r)) + return false; + if (r_is_store && gimple_assign_load_p (stmt)) + { + asan_mem_ref src; + asan_mem_ref_init (&src, NULL, 1); + src.start = gimple_assign_rhs1 (stmt); + src.access_size = int_size_in_bytes (TREE_TYPE (src.start)); + if (!has_mem_ref_been_instrumented (&src)) + return false; + } + return true; + } } else if (gimple_call_builtin_p (stmt, BUILT_IN_NORMAL)) { diff --git a/gcc/testsuite/gcc.dg/asan/pr105714.c b/gcc/testsuite/gcc.dg/asan/pr105714.c new file mode 100644 index 00000000000..d378b8ab0c4 --- /dev/null +++ b/gcc/testsuite/gcc.dg/asan/pr105714.c @@ -0,0 +1,33 @@ +/* PR sanitizer/105714 */ +/* { dg-do run } */ +/* { dg-skip-if "" { *-*-* } { "*" } { "-Os" } } */ +/* { dg-shouldfail "asan" } */ + +struct A { int x; }; +struct A b[2]; +struct A *c = b, *d = b; +int e; + +int +foo () +{ + for (e = 0; e < 1; e++) + { + int i[1]; + i; + } + for (int h = 0; h < 3; h++) + *c = *d; + *c = *(b + 3); + return c->x; +} + +int +main () +{ + foo (); + return 0; +} + +/* { dg-output "ERROR: AddressSanitizer: global-buffer-overflow on address.*(\n|\r\n|\r)" } */ +/* { dg-output "READ of size.*" } */
reply other threads:[~2022-05-30 3:36 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220530033648.A7839383B783@sourceware.org \ --to=jakub@gcc.gnu.org \ --cc=gcc-cvs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).