From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 79748 invoked by alias); 2 Mar 2015 16:37:03 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 79735 invoked by uid 89); 2 Mar 2015 16:37:02 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Mon, 02 Mar 2015 16:37:01 +0000 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t22GavHa006542 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 2 Mar 2015 11:36:58 -0500 Received: from redhat.com ([10.40.204.49]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t22Garnv016760 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Mon, 2 Mar 2015 11:36:56 -0500 Date: Mon, 02 Mar 2015 16:37:00 -0000 From: Marek Polacek To: Martin Uecker Cc: gcc Mailing List , Jakub Jelinek , Jeff Law Subject: Re: [PATCH] ubsan: improve bounds checking, add -fsanitize=bounds-strict Message-ID: <20150302163652.GA11480@redhat.com> References: <20150227115314.77a3e8ba@lemur> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150227115314.77a3e8ba@lemur> User-Agent: Mutt/1.5.23 (2014-03-12) X-SW-Source: 2015-03/txt/msg00070.txt.bz2 On Fri, Feb 27, 2015 at 11:53:14AM -0800, Martin Uecker wrote: > > I tested Marek's proposed change and it works correctly, > i.e. arrays which are not part of a struct are now > instrumented when accessed through a pointer. This also > means that the following case is diagnosed (correctly) > as undefined behaviour as pointed out by Richard: > > int > main (void) > { > int *t = (int *) __builtin_malloc (sizeof (int) * 9); > int (*a)[3][3] = (int (*)[3][3])t; > (*a)[0][9] = 1; > } > > > I also wanted arrays which are the last elements of a > struct which are not flexible-array members instrumented > correctly. So I added -fsantitize=bounds-strict which does > this. It seems to do instrumentation similar to clang > with -fsanitize=bounds. > > Comments? Thanks for working on it. So I think we should split this patch in two; one part is a bug fix (I've opened ) that could go into gcc 5 - that is, apply my fix along with test cases covering the new cases, and the second part is an addition of a new option for strict bounds checking - I'm afraid this part has to wait for gcc 6. I can take care of the first part and let you do the second part, which I could review. Does that sound ok to you? Jeff, would you agree with this approach? The fix is sort of obvious and my understanding is that Jakub's ok with it too. Marek