* [PATCH] handle sanitizer built-ins in -Wuninitialized (PR 101300)
@ 2021-07-02 19:21 Martin Sebor
2021-07-03 10:13 ` Bernhard Reutner-Fischer
2021-07-12 18:06 ` PING " Martin Sebor
0 siblings, 2 replies; 7+ messages in thread
From: Martin Sebor @ 2021-07-02 19:21 UTC (permalink / raw)
To: gcc-patches
[-- Attachment #1: Type: text/plain, Size: 489 bytes --]
To avoid a class of false negatives for sanitized code
-Wuninitialized recognizes the ASAN_MARK internal function
doesn't modify its argument. But the warning code doesn't do
the same for any sanitizer built-ins even though they don't
modify user-supplied arguments either. This leaves another
class of false negatives unresolved.
The attached fix enhances the warning logic to recognize all
sanitizer built-ins as well and treat them as non-modifying.
Tested on x86_64-linux.
Martin
[-- Attachment #2: gcc-101300.diff --]
[-- Type: text/x-patch, Size: 2987 bytes --]
PR middle-end/101300 - -fsanitize=undefined suppresses -Wuninitialized for a VLA read at -O0
gcc/ChangeLog:
* tree-ssa-uninit.c (check_defs): Handle UBSAN built-ins.
gcc/testsuite/ChangeLog:
* gcc.dg/uninit-pr101300.c: New test.
diff --git a/gcc/tree-ssa-uninit.c b/gcc/tree-ssa-uninit.c
index 99442d7f975..dfcb7aba7c1 100644
--- a/gcc/tree-ssa-uninit.c
+++ b/gcc/tree-ssa-uninit.c
@@ -228,9 +228,26 @@ check_defs (ao_ref *ref, tree vdef, void *data_)
gimple *def_stmt = SSA_NAME_DEF_STMT (vdef);
/* The ASAN_MARK intrinsic doesn't modify the variable. */
- if (is_gimple_call (def_stmt)
- && gimple_call_internal_p (def_stmt, IFN_ASAN_MARK))
- return false;
+ if (is_gimple_call (def_stmt))
+ {
+ if (gimple_call_internal_p (def_stmt)
+ && gimple_call_internal_fn (def_stmt) == IFN_ASAN_MARK)
+ return false;
+
+ if (tree fndecl = gimple_call_fndecl (def_stmt))
+ {
+ /* Some sanitizer calls pass integer arguments to built-ins
+ that expect pointets. Avoid using gimple_call_builtin_p()
+ which fails for such calls. */
+ if (DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL)
+ {
+ built_in_function fncode = DECL_FUNCTION_CODE (fndecl);
+ if (fncode > BEGIN_SANITIZER_BUILTINS
+ && fncode < END_SANITIZER_BUILTINS)
+ return false;
+ }
+ }
+ }
/* End of VLA scope is not a kill. */
if (gimple_call_builtin_p (def_stmt, BUILT_IN_STACK_RESTORE))
diff --git a/gcc/testsuite/gcc.dg/uninit-pr101300.c b/gcc/testsuite/gcc.dg/uninit-pr101300.c
new file mode 100644
index 00000000000..4392e8bae4f
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/uninit-pr101300.c
@@ -0,0 +1,53 @@
+/* PR middle-end/101300 - -fsanitize=undefined suppresses -Wuninitialized
+ for a VLA read at -O0
+ { dg-do compile }
+ { dg-options "-O0 -Wall -fsanitize=undefined" } */
+
+int warn_vla_rd0 (int n)
+{
+ char a[n];
+ return a[0]; // { dg-warning "\\\[-Wuninitialized]" }
+}
+
+int warn_vla_rd1 (int n)
+{
+ char a[n];
+ return a[1]; // { dg-warning "\\\[-Wuninitialized]" }
+}
+
+int warn_vla_rdi (int n, int i)
+{
+ char a[n];
+ return a[i]; // { dg-warning "\\\[-Wuninitialized]" }
+}
+
+
+int warn_vla_wr0_rd2_1_0 (int n)
+{
+ char a[n];
+ a[0] = __LINE__;
+ int x = a[2]; // { dg-warning "\\\[-Wuninitialized]" }
+ int y = a[1]; // { dg-warning "\\\[-Wuninitialized]" }
+ int z = a[0];
+ return x + y + z;
+}
+
+int warn_vla_wr1_rd2_1_0 (int n)
+{
+ char a[n];
+ a[1] = __LINE__;
+ int x = a[2]; // { dg-warning "\\\[-Wuninitialized]" }
+ int y = a[1];
+ int z = a[0]; // { dg-warning "\\\[-Wuninitialized]" }
+ return x + y + z;
+}
+
+int warn_vla_wr2_rd2_1_0 (int n)
+{
+ char a[n];
+ a[2] = __LINE__;
+ int x = a[2];
+ int y = a[1]; // { dg-warning "\\\[-Wuninitialized]" }
+ int z = a[0]; // { dg-warning "\\\[-Wuninitialized]" }
+ return x + y + z;
+}
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] handle sanitizer built-ins in -Wuninitialized (PR 101300)
2021-07-02 19:21 [PATCH] handle sanitizer built-ins in -Wuninitialized (PR 101300) Martin Sebor
@ 2021-07-03 10:13 ` Bernhard Reutner-Fischer
2021-07-06 15:41 ` Martin Sebor
2021-07-12 18:06 ` PING " Martin Sebor
1 sibling, 1 reply; 7+ messages in thread
From: Bernhard Reutner-Fischer @ 2021-07-03 10:13 UTC (permalink / raw)
To: Martin Sebor via Gcc-patches
On Fri, 2 Jul 2021 13:21:10 -0600
Martin Sebor via Gcc-patches <gcc-patches@gcc.gnu.org> wrote:
> --- a/gcc/tree-ssa-uninit.c
> +++ b/gcc/tree-ssa-uninit.c
> @@ -228,9 +228,26 @@ check_defs (ao_ref *ref, tree vdef, void *data_)
> gimple *def_stmt = SSA_NAME_DEF_STMT (vdef);
>
> /* The ASAN_MARK intrinsic doesn't modify the variable. */
> - if (is_gimple_call (def_stmt)
> - && gimple_call_internal_p (def_stmt, IFN_ASAN_MARK))
> - return false;
> + if (is_gimple_call (def_stmt))
> + {
> + if (gimple_call_internal_p (def_stmt)
> + && gimple_call_internal_fn (def_stmt) == IFN_ASAN_MARK)
> + return false;
> +
> + if (tree fndecl = gimple_call_fndecl (def_stmt))
> + {
> + /* Some sanitizer calls pass integer arguments to built-ins
> + that expect pointets. Avoid using gimple_call_builtin_p()
pointers
What happened to the suspicion that the fnspec attribs are
allegedly not correct (
https://gcc.gnu.org/legacy-ml/gcc-patches/2018-02/msg00541.html )?
Wouldn't that deal with this issue transparently if additionally the
args were passed in correctly?
Didn't follow *san closely though.
thanks,
> + which fails for such calls. */
> + if (DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL)
> + {
> + built_in_function fncode = DECL_FUNCTION_CODE (fndecl);
> + if (fncode > BEGIN_SANITIZER_BUILTINS
> + && fncode < END_SANITIZER_BUILTINS)
> + return false;
> + }
> + }
> + }
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] handle sanitizer built-ins in -Wuninitialized (PR 101300)
2021-07-03 10:13 ` Bernhard Reutner-Fischer
@ 2021-07-06 15:41 ` Martin Sebor
0 siblings, 0 replies; 7+ messages in thread
From: Martin Sebor @ 2021-07-06 15:41 UTC (permalink / raw)
To: Bernhard Reutner-Fischer, Martin Sebor via Gcc-patches
On 7/3/21 4:13 AM, Bernhard Reutner-Fischer wrote:
> On Fri, 2 Jul 2021 13:21:10 -0600
> Martin Sebor via Gcc-patches <gcc-patches@gcc.gnu.org> wrote:
>
>> --- a/gcc/tree-ssa-uninit.c
>> +++ b/gcc/tree-ssa-uninit.c
>> @@ -228,9 +228,26 @@ check_defs (ao_ref *ref, tree vdef, void *data_)
>> gimple *def_stmt = SSA_NAME_DEF_STMT (vdef);
>>
>> /* The ASAN_MARK intrinsic doesn't modify the variable. */
>> - if (is_gimple_call (def_stmt)
>> - && gimple_call_internal_p (def_stmt, IFN_ASAN_MARK))
>> - return false;
>> + if (is_gimple_call (def_stmt))
>> + {
>> + if (gimple_call_internal_p (def_stmt)
>> + && gimple_call_internal_fn (def_stmt) == IFN_ASAN_MARK)
>> + return false;
>> +
>> + if (tree fndecl = gimple_call_fndecl (def_stmt))
>> + {
>> + /* Some sanitizer calls pass integer arguments to built-ins
>> + that expect pointets. Avoid using gimple_call_builtin_p()
>
> pointers
>
> What happened to the suspicion that the fnspec attribs are
> allegedly not correct (
> https://gcc.gnu.org/legacy-ml/gcc-patches/2018-02/msg00541.html )?
>
> Wouldn't that deal with this issue transparently if additionally the
> args were passed in correctly?
> Didn't follow *san closely though.
I didn't follow the 2018 thread either but the attribute changes
to ASAN_MARK discussed in the patch above ended up reverted in
r257625. In general, the fnspec (and other similar) attributes
need to capture even the side-effects of the sanitizer functions
that aren't observable by a program. Warnings only care about
the strictly observable subset of those, so there isn't always
a 1-to-1 correspondence.
Martin
>
> thanks,
>
>> + which fails for such calls. */
>> + if (DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL)
>> + {
>> + built_in_function fncode = DECL_FUNCTION_CODE (fndecl);
>> + if (fncode > BEGIN_SANITIZER_BUILTINS
>> + && fncode < END_SANITIZER_BUILTINS)
>> + return false;
>> + }
>> + }
>> + }
>>
^ permalink raw reply [flat|nested] 7+ messages in thread
* PING [PATCH] handle sanitizer built-ins in -Wuninitialized (PR 101300)
2021-07-02 19:21 [PATCH] handle sanitizer built-ins in -Wuninitialized (PR 101300) Martin Sebor
2021-07-03 10:13 ` Bernhard Reutner-Fischer
@ 2021-07-12 18:06 ` Martin Sebor
2021-07-20 0:01 ` PING 2 " Martin Sebor
1 sibling, 1 reply; 7+ messages in thread
From: Martin Sebor @ 2021-07-12 18:06 UTC (permalink / raw)
To: gcc-patches
Ping: https://gcc.gnu.org/pipermail/gcc-patches/2021-July/574385.html
On 7/2/21 1:21 PM, Martin Sebor wrote:
> To avoid a class of false negatives for sanitized code
> -Wuninitialized recognizes the ASAN_MARK internal function
> doesn't modify its argument. But the warning code doesn't do
> the same for any sanitizer built-ins even though they don't
> modify user-supplied arguments either. This leaves another
> class of false negatives unresolved.
>
> The attached fix enhances the warning logic to recognize all
> sanitizer built-ins as well and treat them as non-modifying.
>
> Tested on x86_64-linux.
>
> Martin
^ permalink raw reply [flat|nested] 7+ messages in thread
* PING 2 [PATCH] handle sanitizer built-ins in -Wuninitialized (PR 101300)
2021-07-12 18:06 ` PING " Martin Sebor
@ 2021-07-20 0:01 ` Martin Sebor
2021-07-20 10:48 ` Jeff Law
0 siblings, 1 reply; 7+ messages in thread
From: Martin Sebor @ 2021-07-20 0:01 UTC (permalink / raw)
To: gcc-patches
Ping: https://gcc.gnu.org/pipermail/gcc-patches/2021-July/574385.html
On 7/12/21 12:06 PM, Martin Sebor wrote:
> Ping: https://gcc.gnu.org/pipermail/gcc-patches/2021-July/574385.html
>
> On 7/2/21 1:21 PM, Martin Sebor wrote:
>> To avoid a class of false negatives for sanitized code
>> -Wuninitialized recognizes the ASAN_MARK internal function
>> doesn't modify its argument. But the warning code doesn't do
>> the same for any sanitizer built-ins even though they don't
>> modify user-supplied arguments either. This leaves another
>> class of false negatives unresolved.
>>
>> The attached fix enhances the warning logic to recognize all
>> sanitizer built-ins as well and treat them as non-modifying.
>>
>> Tested on x86_64-linux.
>>
>> Martin
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: PING 2 [PATCH] handle sanitizer built-ins in -Wuninitialized (PR 101300)
2021-07-20 0:01 ` PING 2 " Martin Sebor
@ 2021-07-20 10:48 ` Jeff Law
2021-07-20 19:12 ` Martin Sebor
0 siblings, 1 reply; 7+ messages in thread
From: Jeff Law @ 2021-07-20 10:48 UTC (permalink / raw)
To: Martin Sebor, gcc-patches
On 7/19/2021 6:01 PM, Martin Sebor via Gcc-patches wrote:
> Ping: https://gcc.gnu.org/pipermail/gcc-patches/2021-July/574385.html
>
> On 7/12/21 12:06 PM, Martin Sebor wrote:
>> Ping: https://gcc.gnu.org/pipermail/gcc-patches/2021-July/574385.html
>>
>> On 7/2/21 1:21 PM, Martin Sebor wrote:
>>> To avoid a class of false negatives for sanitized code
>>> -Wuninitialized recognizes the ASAN_MARK internal function
>>> doesn't modify its argument. But the warning code doesn't do
>>> the same for any sanitizer built-ins even though they don't
>>> modify user-supplied arguments either. This leaves another
>>> class of false negatives unresolved.
>>>
>>> The attached fix enhances the warning logic to recognize all
>>> sanitizer built-ins as well and treat them as non-modifying.
>>>
>>> Tested on x86_64-linux.
OK after fixing the "pointets" -> "pointers" typo.
Jeff
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: PING 2 [PATCH] handle sanitizer built-ins in -Wuninitialized (PR 101300)
2021-07-20 10:48 ` Jeff Law
@ 2021-07-20 19:12 ` Martin Sebor
0 siblings, 0 replies; 7+ messages in thread
From: Martin Sebor @ 2021-07-20 19:12 UTC (permalink / raw)
To: Jeff Law, gcc-patches
On 7/20/21 4:48 AM, Jeff Law wrote:
>
>
> On 7/19/2021 6:01 PM, Martin Sebor via Gcc-patches wrote:
>> Ping: https://gcc.gnu.org/pipermail/gcc-patches/2021-July/574385.html
>>
>> On 7/12/21 12:06 PM, Martin Sebor wrote:
>>> Ping: https://gcc.gnu.org/pipermail/gcc-patches/2021-July/574385.html
>>>
>>> On 7/2/21 1:21 PM, Martin Sebor wrote:
>>>> To avoid a class of false negatives for sanitized code
>>>> -Wuninitialized recognizes the ASAN_MARK internal function
>>>> doesn't modify its argument. But the warning code doesn't do
>>>> the same for any sanitizer built-ins even though they don't
>>>> modify user-supplied arguments either. This leaves another
>>>> class of false negatives unresolved.
>>>>
>>>> The attached fix enhances the warning logic to recognize all
>>>> sanitizer built-ins as well and treat them as non-modifying.
>>>>
>>>> Tested on x86_64-linux.
> OK after fixing the "pointets" -> "pointers" typo.
Done and pushed in r12-2420.
Martin
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-07-20 19:12 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-02 19:21 [PATCH] handle sanitizer built-ins in -Wuninitialized (PR 101300) Martin Sebor
2021-07-03 10:13 ` Bernhard Reutner-Fischer
2021-07-06 15:41 ` Martin Sebor
2021-07-12 18:06 ` PING " Martin Sebor
2021-07-20 0:01 ` PING 2 " Martin Sebor
2021-07-20 10:48 ` Jeff Law
2021-07-20 19:12 ` Martin Sebor
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).