From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-patches-return-467865-listarch-gcc-patches=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 101997 invoked by alias); 24 Nov 2017 14:16:32 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Received: (qmail 101973 invoked by uid 89); 24 Nov 2017 14:16:31 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-11.7 required=5.0 tests=BAYES_00,FREEMAIL_FROM,GIT_PATCH_2,GIT_PATCH_3,KB_WAM_FROM_NAME_SINGLEWORD,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=
X-HELO: mail-oi0-f43.google.com
Received: from mail-oi0-f43.google.com (HELO mail-oi0-f43.google.com) (209.85.218.43) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 24 Nov 2017 14:16:29 +0000
Received: by mail-oi0-f43.google.com with SMTP id p23so12060018oie.9        for <gcc-patches@gcc.gnu.org>; Fri, 24 Nov 2017 06:16:29 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20161025;        h=x-gm-message-state:mime-version:in-reply-to:references:from:date         :message-id:subject:to:cc;        bh=h7uUKYypu+FtfYGmtvlHRsrrZhukXow8a4RyyKzWjqw=;        b=ZHhOcbHR1aXyK6TrLaqJ2JctjndngJ59JdFpg1JcEkaMU9KCtkZTc+JsrwkIaPvVjD         ddPpTS4WyEgLURngZ66cNvGB4t4HtS+LlfVCI4UbBZ1BEzykHPRWctZJmarjSqfg+CyR         BWxS1wc0F6GhoJWYaHybAJX3RV7KyczDHTv4PkTp7vUxdc/Z+XGWrSOlvdNESuGoOYIo         6O+VOe7300bbxnf5Xo8oJbM1mW2Wtyuf6L3JpSu7eRNUB8wu1xj2u+/jj2BeBvib53ie         2cPvXTF6wKpYam93c8KA0IAEuxhYp7nOFls1wwniXauHrP/k3bnpl728L6X8Ghbs8tQi         I3zw==
X-Gm-Message-State: AJaThX5vf7NKX1IqfkyBrN2uIeuKnBPTD90id9sT+qBC8XhD/l9O/ncu	Vs5eNPNA1lp73zJEKCSuBrj3Wo7GK5Kto8mIoMg=
X-Google-Smtp-Source: AGs4zMYTH5zkHrJWxsjrwCceXNPNBr+RabZvpK/x/a/CZP3NmnGN3UoccVTar2Cac8SvXtfNbYXTeNLy5xnD96p4kcc=
X-Received: by 10.202.179.213 with SMTP id c204mr9330838oif.336.1511532988121; Fri, 24 Nov 2017 06:16:28 -0800 (PST)
MIME-Version: 1.0
Received: by 10.74.137.182 with HTTP; Fri, 24 Nov 2017 06:16:27 -0800 (PST)
In-Reply-To: <20170323203705.GX11094@tucnak>
References: <20170323203705.GX11094@tucnak>
From: Maxim Kuvyrkov <maxim.kuvyrkov@gmail.com>
Date: Fri, 24 Nov 2017 14:52:00 -0000
Message-ID: <CAFrzLAqi1RJ5gBRqX+ejuV9ScWAXbaxQhXJ+pqD6x=hOtv7K8Q@mail.gmail.com>
Subject: Re: [C++ PATCH] Fix -fsanitize={null,alignment} of references (PR c++/79572)
To: Jakub Jelinek <jakub@redhat.com>
Cc: GCC Patches <gcc-patches@gcc.gnu.org>
Content-Type: text/plain; charset="UTF-8"
X-IsSubscribed: yes
X-SW-Source: 2017-11/txt/msg02208.txt.bz2

On Thu, Mar 23, 2017 at 11:37 PM, Jakub Jelinek <jakub@redhat.com> wrote:
> Hi!
>
> Since late C++ folding has been committed, we don't sanitize some reference
> bindings to NULL.  Earlier we had always NOP_EXPR to REFERENCE_TYPE say from
> INTEGER_CST or whatever else, but cp_fold can now turn that right into
> INTEGER_CST with REFERENCE_TYPE.  The following patch sanitizes even those.
>
> Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?
>
> 2017-03-23  Jakub Jelinek  <jakub@redhat.com>
>
>         PR c++/79572
>         * c-ubsan.h (ubsan_maybe_instrument_reference): Change argument to
>         tree *.
>         * c-ubsan.c (ubsan_maybe_instrument_reference): Likewise.  Handle
>         not just NOP_EXPR to REFERENCE_TYPE, but also INTEGER_CST with
>         REFERENCE_TYPE.
>
>         * cp-gimplify.c (cp_genericize_r): Sanitize INTEGER_CSTs with
>         REFERENCE_TYPE.  Adjust ubsan_maybe_instrument_reference caller
>         for NOP_EXPR to REFERENCE_TYPE.
>
>         * g++.dg/ubsan/null-8.C: New test.
>
...
> --- gcc/testsuite/g++.dg/ubsan/null-8.C.jj      2017-03-23 09:42:31.664696676 +0100
> +++ gcc/testsuite/g++.dg/ubsan/null-8.C 2017-03-23 09:43:31.501908802 +0100
> @@ -0,0 +1,19 @@
> +// PR c++/79572
> +// { dg-do run }
> +// { dg-options "-fsanitize=null -std=c++14" }
> +// { dg-output "reference binding to null pointer of type 'const int'" }
> +
> +void
> +foo (const int &iref)
> +{
> +  if (&iref)
> +    __builtin_printf ("iref %d\n", iref);
> +  else
> +    __builtin_printf ("iref is NULL\n");

Hi Jakub,

Using __builtin_printf causes this test to fail sporadically when
cross-testing.  Stdout and stderr output can get mixed in
cross-testing, so dejagnu might see
==
g++.dg/ubsan/null-8.C:18:7: runtime error: reference binding to null
pointer of type iref is NULL
'const int'
==
instead of
==
g++.dg/ubsan/null-8.C:18:7: runtime error: reference binding to null
pointer of type 'const int'
iref is NULL
==

Is it essential for this testcase to use __builtin_printf or simple
"fprintf (stderr, ...)" would do just fine?

> +}
> +
> +int
> +main ()
> +{
> +  foo (*((int*) __null));
> +}

Regards,

-- 
Maxim Kuvyrkov